Converting old slapd.conf file to cn=config format

From Notes_Wiki
Revision as of 12:25, 19 November 2013 by Saurabh (talk | contribs)

<yambe:breadcrumb self="cn=config format">OpenLDAP server configuration|OpenLDAP</yambe:breadcrumb>

Converting old slapd.conf file to cn=config format

To convert slapd.conf file to new format start slapd once using '-F' option with an empty directory such as:

mv /etc/openldap/slapd.d /etc/openldap/slapd2.d
mkdir /etc/openldap/slapd.d
chown -R ldap:ldap /etc/openldap/slapd.d
chown -R ldap:ldap /var/lib/ldap
slapd -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d -h 'ldap:// ldaps://' -u ldap

Later all slapd related commands can be run using '-F /etc/openldap/slapd.d' without requiring '-f /etc/openldap/slapd.conf' option. This also implies that 'service slapd start' command can be used to start slapd as intended.


Debugging issues with converted configuration

If conversion from config file to directory is performed using slaptest instead of slapd, then following changes may be required in converted configuration to make it work:

  • Update all TLS related lines. slaptest does not seem to convert TLS lines properly
  • Go to subfolder 'cn=config' and delete any unwanted olcDatabase ldif file. For example if there is additional config file for dc=example,dc=com then delete it.
  • Go to subfolder 'cn=config/cn=schema' within destination config dir and delete duplicate schema files

To test initially start slapd with '-d 1' for debug info. Example line is:

slapd -F /etc/openldap/slapd.d -u ldap -h 'ldap:// ldaps://'