Converting old slapd.conf file to cn=config format

From Notes_Wiki

Home > CentOS > CentOS 6.x > LDAP servers > OpenLDAP > cn=config format

Converting configuration

To convert slapd.conf file to new format start slapd once using '-F' option with an empty directory such as:

service slapd stop
mv /etc/openldap/slapd.d /etc/openldap/slapd2.d
mkdir /etc/openldap/slapd.d
chown -R ldap:ldap /etc/openldap/slapd.d
chown -R ldap:ldap /var/lib/ldap
slapd -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d -h 'ldap:// ldaps://' -u ldap
service slapd restart

Later all slapd related commands can be run using '-F /etc/openldap/slapd.d' without requiring '-f /etc/openldap/slapd.conf' option. This also implies that 'service slapd start' command can be used to start slapd as intended.

Debugging issues with converted configuration

If conversion from config file to directory is performed using slaptest instead of slapd, then following changes may be required in converted configuration to make it work:

  • Update all TLS related lines. slaptest does not seem to convert TLS lines properly
  • Go to subfolder 'cn=config' and delete any unwanted olcDatabase ldif file. For example if there is additional config file for dc=example,dc=com then delete it.
  • Go to subfolder 'cn=config/cn=schema' within destination config dir and delete duplicate schema files

To test initially start slapd with '-d 1' for debug info. Example line is:

slapd -F /etc/openldap/slapd.d -u ldap -h 'ldap:// ldaps://'

Home > CentOS > CentOS 6.x > LDAP servers > OpenLDAP > cn=config format