Building an LDAP Server on Linux, Part 2 - Page 3

 By Carla Schroder
Page 3 of 4   |  Back to Page 1
Print Article

Configuring slapd.conf

This is the main config file for our shiny new OpenLDAP server. It can be in any number of imaginative locations — I personally like to run updatedb after installing software, so I can find things quickly. On my Libranet system, it's /etc/ldap/slapd.conf.

Guard this file carefully. Find yours and make a backup copy. The original contains useful defaults. For security reasons the default permissions are 600 (only root can read or write to this file).

slapd.conf defines three categories of information: global settings, settings pertinent to a specific backend, and settings pertinent to a specific database. This bit is important, and will save you many a headache if you get it correct now: backend and database directives can override global settings, and database directives can override backend directives.

Blank lines and comments are ignored. A line that begins with white space is a continuation of the previous line — this little nugget alone is responsible for much premature hair loss.

More white-space gotchas: directives can take arguments, and even multiple arguments. These are separated by white spaces. An argument with white space must be enclosed in double quotes: "loud argument." Arguments containing double-quotes or backslashes must be escaped with backslashes: "really \"loud\" argument," for example.

With our wee, simple setup here there is not much to configure in slapd.conf. The following should be enough to get the ball rolling. If your slapd.conf does not contain headings like "Global Directives" and "Backend Directives," you can add them. The important thing is to have three sections, in this order: global, backend, and database.

Under 'Global Directives,' add a logging level directive:

loglevel      256

Under 'Backend Directives' for bdb:

backend       bdb

Under 'Database Directives':

database bdb
suffix "dc=carlasworld,dc=net"
rootdn "cn=Manager,dc=carlasworld,dc=net"
rootpw secret
directory "/var/lib/ldap"

I think you can figure out the bits that need to be changed to fit your system. Note how the domain, carlasworld.net, is broken into two type/value pairs. This is planning for the future, in case either value ever needs to be changed or merged with another directory.

Page 4: Type/Value Pairs

This article was originally published on Oct 20, 2003
Get the Latest Scoop with Networking Update Newsletter