# OpenLDAP 2.4 cn=config



OpenLDAP uses a `cn=config` DIT to configure the server since version
2.4. I'm always into new stuff, but I must admit that I rather liked
editing `/etc/ldap/slapd.conf` to configure the server. Anyhow being
able to store ACLs in the tree is a big plus, but for configuring minor
stuff (like indexes) it makes live more difficult.

The [following
site](https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html)
was an excellent tool in helping me configure OpenLDAP. For a list
of current attributes names, see for instance 
[here](http://www.openldap.org/doc/admin23/slapdconf2.html)

# Configuring an index
In OpenLDAP you can configure a index by using the following in
`slapd.conf`

     index cn,uid,uidNumber eq

And then reload your ldap server. So how to translate this to the
new style of configuring openldap?

Lets first see what the current indexed attributes are

    # ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb olcDbIndex
    Enter LDAP Password: 
    dn: olcDatabase={1}hdb,cn=config
    olcDbIndex: objectClass eq


We look in the `cn=config` tree as the admin user. All OpenLDAP items
are prefixed with `olc` (Open Ldap Configuration?). In our first defined
database there is only an index on the objectClass.

We can now use `ldapmodify` to add indexes (we add three in this case):

    # ldapmodify -x -D cn=admin,cn=config -W
    Enter LDAP Password: 
    dn: olcDatabase={1}hdb,cn=config
    add: olcDbIndex
    olcDbIndex: cn eq
    olcDbIndex: uid eq
    olcDbIndex: uidNumber eq

    modifying entry "olcDatabase={1}hdb,cn=config"

    ^D

Recheck what we've got

    # ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb olcDbIndex
    Enter LDAP Password: 
    dn: olcDatabase={1}hdb,cn=config
    olcDbIndex: objectClass eq
    olcDbIndex: cn eq
    olcDbIndex: uid eq
    olcDbIndex: uidNumber eq

Looking good. Notice that you don't have to restart your ldap server as
this change is being picked up at once.