Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

26.4. Configure the /etc/ldap/slapd.conf file

The /etc/openldap/slapd.conf file is the main configuration file for the stand-alone LDAP daemon. Options like: permission, password, database type, database location and so on can be configured in this file and will apply to the slapd daemon as a whole. In the example below we configure the slapd.conf file for an LDBM backend database.

Edit the slapd.conf file, vi /etc/openldap/slapd.conf and add/adjust the following information:
                 #
                 # See slapd.conf(5) for details on configuration options.
                 # This file should NOT be world readable.
                 #
                 include	/etc/openldap/slapd.at.conf
                 include	/etc/openldap/slapd.oc.conf
                 schemacheck	off
                 #referral	ldap://ldap.itd.umich.edu
                 pidfile	/var/run/slapd.pid
                 argsfile	/var/run/slapd.args
                 #######################################################################
                 # ldbm database definitions
                 #######################################################################
                 database	ldbm
                 suffix	"o=openna, c=com"
                 directory	/var/ldap
                 rootdn	"cn=admin, o=openna, c=com"
                 rootpw	secret
                 # cleartext passwords, especially for the rootdn, should
                 # be avoid.  See slapd.conf(5) for details.
                 # ldbm indexed attribute definitions
                 index cn,sn,uid
                 index objectclass pres,eq
                 index default none
                 # ldbm access control definitions
                 defaultaccess read
                 access to attr=userpassword
                 by self write
                 by dn="cn=admin, o=openna, c=com" write
                 by * compare
               

You should be sure to set the following options in your slapd.conf file above before starting the slapd daemon program:

suffix o=openna, c=com

This option specifies the DN of the root of the sub tree you are trying to create. In other words, it indicates what entries are to be held by this database.

directory /var/ldap

This option specifies the directory where the database and associated indexes files of LDAP should reside. We must set this to /var/ldap because we created this directory earlier in the installation stage specifically to handle the backend database of LDAP.

rootdn cn=admin, o=openna, c=com

This option specifies the DN of an entry allowed to do anything on the LDAP directory. The name entered here can be one that doesn't actually exist in your password file /etc/passwd.

rootpw secret

This option specifies the password that can be used to authenticate the super-user entry of the database. This is the password for the rootdn option above. Its important to not use clear text passwords here and to use a crypto password instead.

index cn,sn,uid | index objectclass pres,eq | index default none

These options specify the index definitions you want to build and maintain in the database definition. The options we specifies in our slapd.conf file example above, cause all indexes to be maintained for the cn, sn, and uid attributes; -index cn,sn,uid, presence and an equality indexes for the objectclass attribute -index objectclass pres,eq, and no indexes for all remaining attributes -index default none. See your user manual for more information.

The last options in the file slapd.conf relate to access control in LDAP directory.
                 defaultaccess read
                 access to attr=userpassword
                 by self write
                 by dn="cn=admin, o=openna, c=com" write
                 by * compare
               
This example applies to entries in the o=openna, c=com sub tree. Read access is granted to everyone, and the entry itself can write all attributes, except for userpassword. The userpassword attribute is writable only by the specified cn entry; admin, and comparable by everybody else. See your user manual for more information.

 
 
  Published under the terms of the Open Publication License Design by Interspire