Besides the wonderful Oracle LDAP servers OUD and OID, there is the open source LDAP server OpenLDAP. For a project that lacked the money to pay for the Oracle beauties, I had to install and configure OpenLDAP on Linux.
I’m not much into Open Source so I’d have to do with Google…
Installing the software and creating an initial LDAP server is fairly straightforward:
- yum install openldap-server
- service slapd start
And I have a running LDAP server on port 389.
Making sure the server will restart on reboot of the server:
- chkconfig –levels 235 slapd on
Then comes the hard part. I want to define my domain (dc=xx,dc=local) and I want to use a tool like ldapadmin (on Windows…) to connect to my server, so I need a user account and password.
No problem (according to some folks on the internet). Just edit the file /etc/openldap/slapd.d/cn=config and add/edit some values. But wait…. what’s on top in the file?
# AUTO-GENERATED FILE – DO NOT EDIT!! Use ldapmodify.
# CRC32 5061e392
which at least suggests that we can not edit this file by hand. But as the documents suggested, I still did and changed the domain and added a password (generated with slappaswd)
This works but: I get logs with checksum errors!
Advise: DO NOT EDIT THE FILE!!!! Use ldapadd/ldapmodify!!!
Next article: HOW do we use ldapadd/ldapmodify?