[CentOS] OpenLDAP setup and bootstraping in CentOS 6

Thu Aug 18 02:05:34 UTC 2011
Craig White <craigwhite at azapple.com>

On Wed, 2011-08-17 at 15:10 -0400, Scott Robbins wrote:
> On Wed, Aug 17, 2011 at 07:03:28PM +0000, Mitch Patenaude wrote:
> > I'm having trouble getting openldap through its initial setup.
> > 
> > I created a /etc/openldap/slap.conf file with a default rootdn and rootpw, and
> > they didn't seem to take effect.  After much wailing and gnashing of teeth I
> > found that if there is a config directory at /etc/openldap/slapd.d, it will
> > ignore slapd.conf.  I can't figure out how to translate slapd.conf into the
> > (new?) standard of slapd.d because all the examples I can find still use
> > slapd.conf.  
> > 
> > Am I better off just deleting (or renaming) slapd.d?  Does anybody know the
> > proper format for slapd.d entries?
> > 
> 
> I might as well spam my own page (where I suggest deleting it) for LDAP.
> 
> http://home.roadrunner.com/~computertaijutsu/ldap.html
> 
> 
> I don't know of anyone who got it working with that slap.d, nor have I
> seen any documentation on it--on the other hand, I didn't look very
> hard.  I would almost guarantee it adds no new advantages. 
----
I can't say that I see any advantages to dynamic configuration but
perhaps in time, they will dawn on me.

In the meantime, if upstream and thus CentOS 6 are using dynamic
configuration (and I assume that is what it is by reference to slapd.d
directory), then your page is rather outdated and useful only for
earlier releases.

The last time you pimped your page, I noted that it wasn't bad but it
completely had everything wrong on the topic of TLS. Your page talks
about using TLS but TLS doesn't use port 636. LDAP SSL uses port 636.
LDAP SSL is costly in terms of computing power, deprecated and not
recommended which is why it ships 'off'. If you can turn off LDAP SSL
(and port 636) and connect to port 389 and use -ZZ option, then you will
know that you are using TLS.

example...
ldapsearch -ZZ -h srv2 '(uid=craig)' -D
'uid=craig,ou=people,dc=azapple,dc=com' -W uid, cn -b
'ou=people,dc=azapple,dc=com'

Enter LDAP Password: 
# extended LDIF
# 
# LDAPv3
# base <ou=people,dc=azapple,dc=com> with scope subtree
# filter: (uid=craig)
# requesting: uid, cn
#

# craig, people, azapple.com
dn: uid=craig,ou=people,dc=azapple,dc=com
cn: Craig White

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.