Hi All:
I am attempting to setup OpenLDAP on c CentOS 6.3 platform. I have been able to locate numerous online how to documents but none seem to work correctly on CentOS 6.3. I believe that the reason is the new dynamic configuration (AKA cn=config).
Can someone provide me with a pointer or two in the right direction I would greatly appreciated it. I have been fighting with this off and on for the couple of weeks and it is driving me up the wall!
TIA
Regards, Hugh
On 10/17/2012 02:51 AM, Hugh E Cruickshank wrote:
Hi All:
I am attempting to setup OpenLDAP on c CentOS 6.3 platform. I have been able to locate numerous online how to documents but none seem to work correctly on CentOS 6.3. I believe that the reason is the new dynamic configuration (AKA cn=config).
Can someone provide me with a pointer or two in the right direction I would greatly appreciated it. I have been fighting with this off and on for the couple of weeks and it is driving me up the wall!
The Admin Guide on the OpenLDAP website has a lot of information about the new cn=config backend and how to set it up.
On the mailing list it was recommended by several subscribers to upgrade to the latest openldap release (2.4.33) due to the many fixes in the dynamic config backend and the logic that can transform an slapd.conf into a cn=config version. With a few changes (replace systemd stuff with the original CentOS openldap init scripts) the F17 openldap SRPM should build ok on CentOS 6.3.
Regards, Patrick
On 2012-10-17, Patrick Lists centos-list@puzzled.xs4all.nl wrote:
On the mailing list it was recommended by several subscribers to upgrade to the latest openldap release (2.4.33) due to the many fixes in the dynamic config backend and the logic that can transform an slapd.conf into a cn=config version.
I could be wrong, but I think this logic already exists in the latest OpenLDAP package in CentOS 6.3. At least, I tried it myself last week-- it's basically -f /path/to/old/slapd.conf -F /etc/openldap/slapd.d/ or something like that. It seemed to work (though I've done only basic testing on it so far).
--keith
From: Keith Keller Sent: October 16, 2012 22:33
On 2012-10-17, Patrick Lists centos-list@puzzled.xs4all.nl wrote:
On the mailing list it was recommended by several subscribers to upgrade to the latest openldap release (2.4.33) due to the many fixes in the dynamic config backend and the logic that can transform an slapd.conf into a cn=config version.
I could be wrong, but I think this logic already exists in the latest OpenLDAP package in CentOS 6.3. At least, I tried it myself last week-- it's basically -f /path/to/old/slapd.conf -F /etc/openldap/slapd.d/ or something like that. It seemed to work (though I've done only basic testing on it so far).
Thank you but without having a working slapd.conf (or for that mater any slapd.conf) file I will not be able to take advantage of this.
Regards, Hugh
On 10/19/2012 11:28 AM, Hugh E Cruickshank wrote:
From: Keith Keller Sent: October 16, 2012 22:33
On 2012-10-17, Patrick Listscentos-list@puzzled.xs4all.nl wrote:
On the mailing list it was recommended by several subscribers to upgrade to the latest openldap release (2.4.33) due to the many fixes in the dynamic config backend and the logic that can transform an slapd.conf into a cn=config version.
I could be wrong, but I think this logic already exists in the latest OpenLDAP package in CentOS 6.3. At least, I tried it myself last week-- it's basically -f /path/to/old/slapd.conf -F /etc/openldap/slapd.d/ or something like that. It seemed to work (though I've done only basic testing on it so far).
Thank you but without having a working slapd.conf (or for that mater any slapd.conf) file I will not be able to take advantage of this.
I started with the slapd.conf in:
/usr/share/openldap-servers/slapd.conf.obsolete
and it works fine.
-Greg
From: Greg Bailey Sent: October 19, 2012 12:15
On 10/19/2012 11:28 AM, Hugh E Cruickshank wrote:
Thank you but without having a working slapd.conf (or for that mater any slapd.conf) file I will not be able to take advantage of this.
I started with the slapd.conf in:
/usr/share/openldap-servers/slapd.conf.obsolete
and it works fine.
Hi Greg:
Good call! That one I got and away I go!
Thanks a bunch!
Regards, Hugh
On 10/19/2012 08:28 PM, Hugh E Cruickshank wrote:
From: Keith Keller Sent: October 16, 2012 22:33
On 2012-10-17, Patrick Lists centos-list@puzzled.xs4all.nl wrote:
On the mailing list it was recommended by several subscribers to upgrade to the latest openldap release (2.4.33) due to the many fixes in the dynamic config backend and the logic that can transform an slapd.conf into a cn=config version.
I could be wrong, but I think this logic already exists in the latest OpenLDAP package in CentOS 6.3. At least, I tried it myself last week--
According to the OpenLDAP devs there are quite a few bugs in that release so YMMV.
it's basically -f /path/to/old/slapd.conf -F /etc/openldap/slapd.d/ or something like that. It seemed to work (though I've done only basic testing on it so far).
Thank you but without having a working slapd.conf (or for that mater any slapd.conf) file I will not be able to take advantage of this.
You need to create the slapd.conf yourself tailored to your needs. However there is an example in /usr/share/openldap-servers/. Also have a look in the openldap RPM in the %post section where you can see the steps it does when creating the dynamic backend config (you can easily open an RPM with mc). Since you would migrate a slapd.conf into a cn=config version you might as well start with a slapd-config type of config which is aimed at cn=config setups. Both the man pages and the Admin Guide have all the info. Iirc there are also some examples in the openldap sources so you may want to get those and check it out.
Hang in there. I found all this cn=config stuff completely confusing but eventually figured out a basic setup with the help of the man pages, Admin Guide, Google and sheer luck no doubt :)
Regards, Patrick
From: Patrick Lists Sent: October 16, 2012 22:11
On 10/17/2012 02:51 AM, Hugh E Cruickshank wrote:
I am attempting to setup OpenLDAP on c CentOS 6.3 platform. I have been able to locate numerous online how to documents but none seem to work correctly on CentOS 6.3. I believe that the reason is the new dynamic configuration (AKA cn=config).
The Admin Guide on the OpenLDAP website has a lot of information about the new cn=config backend and how to set it up.
I did attempt to use the Quick Start section of the 2.4 Administration Guide. Since I have a binary install as part of CentOS I bypassed steps 1-7 which cover the source download, configuration, build and install. Step 8 (Edit the configuration file) references a slapd.conf file that is not present on my system. I found it rather hard to proceed any further.
On the mailing list it was recommended by several subscribers to upgrade to the latest openldap release (2.4.33) due to the many fixes in the dynamic config backend and the logic that can transform an slapd.conf into a cn=config version. With a few changes (replace systemd stuff with the original CentOS openldap init scripts) the F17 openldap SRPM should build ok on CentOS 6.3.
At this point I am very hesitant to do any major changes to the software without some specific reason for it. All I am attempting to do at this point is just to get a simple working configuration that I an learn and build on.
Thanks for your suggestions.
Regards, Hugh
-
Greg Bailey -
Hugh E Cruickshank -
Keith Keller -
Patrick Lists