OpenLDAP 2.4 cn=config
OpenLDAP uses a cn=config DIT to configure the server since version
2.4. I’m always into new stuff, but I must admit that I rather liked
editing /etc/ldap/slapd.conf to configure the server. Anyhow being
able to store ACLs in the tree is a big plus, but for configuring minor
stuff (like indexes) it makes live more difficult.
The following site was an excellent tool in helping me configure OpenLDAP. For a list of current attributes names, see for instance here
Configuring an index⌗
In OpenLDAP you can configure a index by using the following in
slapd.conf
index cn,uid,uidNumber eq
And then reload your ldap server. So how to translate this to the new style of configuring openldap?
Lets first see what the current indexed attributes are
# ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb olcDbIndex
Enter LDAP Password:
dn: olcDatabase={1}hdb,cn=config
olcDbIndex: objectClass eq
We look in the cn=config tree as the admin user. All OpenLDAP items
are prefixed with olc (Open Ldap Configuration?). In our first defined
database there is only an index on the objectClass.
We can now use ldapmodify to add indexes (we add three in this case):
# ldapmodify -x -D cn=admin,cn=config -W
Enter LDAP Password:
dn: olcDatabase={1}hdb,cn=config
add: olcDbIndex
olcDbIndex: cn eq
olcDbIndex: uid eq
olcDbIndex: uidNumber eq
modifying entry "olcDatabase={1}hdb,cn=config"
^D
Recheck what we’ve got
# ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb olcDbIndex
Enter LDAP Password:
dn: olcDatabase={1}hdb,cn=config
olcDbIndex: objectClass eq
olcDbIndex: cn eq
olcDbIndex: uid eq
olcDbIndex: uidNumber eq
Looking good. Notice that you don’t have to restart your ldap server as this change is being picked up at once.