install openldap2.2 | zuhdi.org

Install OpenLDAP cn=config

Environment

  • Debian 10.0 x64
  • slapd 2.4.44 (May 16 2018 09:55:53)

Log 2019 / 11

1.1. Installation

root@athos:~# apt-get update && apt-get -y upgrade && apt-get -y dist-upgrade

root@athos:~# apt-get -y --no-install-recommends install slapd ldap-utils

root@athos:~# slapd -VVV
@(#) $OpenLDAP: slapd  (Aug 10 2019 18:58:18) $
        Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>

Included static backends:
    config
    ldif

1.2. cn=config

-F /etc/ldap/slapd.d configuration path

root@athos:~# ps -ef | grep slapd
openldap 11935     1  0 Mar23 ?   00:00:00 /usr/sbin/slapd -h ldap:/// ldapi:/// 
  -g openldap -u openldap -F /etc/ldap/slapd.d

1.2.1 Using dpkg-reconfigure slapd

Omit OpenLDAP server configuration? No
DNS domain name: athos.local
Organization name: athos
Administrator password: ***
Confirm password: ***
Database backend to use: MDB
Do you want the database to be removed when slapd is purged? Yes (WARNING)
Move old database? Yes (WARNING)

root@athos:~# dpkg-reconfigure slapd
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.47+dfsg-3+deb10u1... done.
  Moving old database directory to /var/backups:
  - directory unknown... done.
  Creating initial configuration... done.
  Creating LDAP directory... done.

root@athos:~# ls -lF /var/backups
total 8
drwx------ 3 root root 4096 Nov  3 15:13 slapd-2.4.47+dfsg-3+deb10u1/
drwxr-xr-x 2 root root 4096 Nov  3 15:13 unknown-2.4.47+dfsg-3+deb10u1.ldapdb/

1.2.2 Using ldapmodify

root@athos:~# rm -rf /var/lib/ldap/*

root@athos:~# slappasswd -h {SSHA} -s p@ssw0rd
{SSHA}GJOvr2qVgZIxoHsU3P8m63VeoGYh3k2V

root@athos:~# ldapmodify -Y EXTERNAL -H ldapi:// <<EOF
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=athos,dc=local

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=admin,dc=athos,dc=local

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}GJOvr2qVgZIxoHsU3P8m63VeoGYh3k2V

dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: any
EOF

root@athos:~# systemctl restart slapd

Hugo. Malte Kiefer & Zuhdi Najib.