Installing OpenLDAP Software


Code Block
slapdconf set-server-prop olcTLSCACertificateFile:/etc/ldap/tls/cacert.pem
slapdconf set-server-prop olcTLSCertificateFile:/etc/ldap/tls/
slapdconf set-server-prop olcTLSCertificateKeyFile:/etc/ldap/tls/
slapdconf set-server-prop olcTLSCipherSuite:NORMAL


Initializing OpenLDAP

The database and suffix might have been created during software installation. To check if that is the case use the following command:


Code Block
 SLAPD_SERVICES="ldap:// ldapi:///"


Symas OpenLDAP has the specification of ports in /opt/symas/etc/openldap/symas-openldap.conf

Code Block


Creating the Database and Suffix


This command creates a directory for the new database and sets correct permissions. The last line creates the database and suffix in the server.

You may need to set maximum database size:

Code Block
$ slapdconf set-suffix-prop dc=example,dc=com olcDbMaxSize:100000000

Setting up Overlays

Code Block
slapdconf add-module sssvlv
slapdconf add-overlay dc=example,dc=com sssvlv


Code Block
slapdconf add-module refint
slapdconf  add-overlay dc=example,dc=com refint olcRefintConfig 'olcRefintAttribute:memberof member manager owner'


Populating the Suffix

When the suffix is created it is completely empty. Not even the base object is there. The following command creates the basic objects of the suffix:



Make sure that the empty line is really empty and that it does not contains spaces or any white characters.


Use the following command (as root):


Code Block
slapdconf edit-suffix-acis dc=example,dc=com


Setting Up Limits

Code Block
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcLimits
olcLimits: dn.exact="cn=idm,ou=Administrators,dc=example,dc=com" size.prtotal=unlimited


Code Block
slapdconf set-suffix-prop dc=example,dc=com 'olcLimits:dn.exact="cn=idm,ou=Administrators,dc=example,dc=com" size.prtotal=unlimited'


Setting up password policy


Code Block
ldapadd -Y EXTERNAL -H ldapi:/// -f pwpolicy.ldif
slapdconf set-overlay-prop dc=example,dc=com ppolicy olcPPolicyDefault:cn=pwpolicy,dc=example,dc=com


How to install both Ubuntu OpenLDAP and Symas OpenLDAP