Installing Openldap 2.4 on Redhat

Besides the wonderful Oracle LDAP servers OUD and OID, there is the open source LDAP server OpenLDAP.  For a project that lacked the money to pay for the Oracle beauties, I had to install and configure OpenLDAP on Linux.

I’m not much into Open Source so I’d have to do with Google…

Installing the software and creating an initial LDAP server is fairly straightforward:

  • yum install openldap-server
  • service slapd start

And I have a running LDAP server on port 389.

Making sure the server will restart on reboot of the server:

  • chkconfig –levels 235 slapd on

Then comes the hard part.  I want to define my domain (dc=xx,dc=local) and I want to use a tool like ldapadmin (on Windows…) to connect to my server, so I need a user account and password.

No problem (according to some folks on the internet). Just edit the file /etc/openldap/slapd.d/cn=config and add/edit some values. But wait…. what’s on top in the file?

# AUTO-GENERATED FILE – DO NOT EDIT!! Use ldapmodify.
# CRC32 5061e392

which at least suggests that we can not edit this file by hand. But as the documents suggested, I still did and changed the domain and added a password (generated with slappaswd)

olcSuffix: dc=xx,dc=local
olcRootDN: cn=Manager,dc=xx,dc=local
olcRootPW: {SSHA}R+r/c9gbudNXUa01AbpjvQtGX0DB9IPM

This works but: I get logs with checksum errors!

Advise: DO NOT EDIT THE FILE!!!! Use ldapadd/ldapmodify!!!

Next article: HOW do we use ldapadd/ldapmodify?