26.4. Configure the /etc/ldap/slapd.conf file

The /etc/openldap/slapd.conf file is the main configuration file for the stand-alone LDAP daemon. Options like: permission, password, database type, database location and so on can be configured in this file and will apply to the slapd daemon as a whole. In the example below we configure the slapd.conf file for an LDBM backend database.

Edit the slapd.conf file, vi /etc/openldap/slapd.conf and add/adjust the following information:


                 #
                 # See slapd.conf(5) for details on configuration options.
                 # This file should NOT be world readable.
                 #
                 include        /etc/openldap/slapd.at.conf
                 include        /etc/openldap/slapd.oc.conf
                 schemacheck    off
                 #referral      ldap://ldap.itd.umich.edu

                 pidfile        /var/run/slapd.pid
                 argsfile       /var/run/slapd.args

                 #######################################################################
                 # ldbm database definitions
                 #######################################################################

                 database       ldbm
                 suffix "o=openna, c=com"
                 directory      /var/ldap
                 rootdn "cn=admin, o=openna, c=com"
                 rootpw secret
                 # cleartext passwords, especially for the rootdn, should
                 # be avoid.  See slapd.conf(5) for details.

                 # ldbm indexed attribute definitions
                 index cn,sn,uid
                 index objectclass pres,eq
                 index default none
                 # ldbm access control definitions
                 defaultaccess read
                 access to attr=userpassword
                 by self write
                 by dn="cn=admin, o=openna, c=com" write
                 by * compare
               

You should be sure to set the following options in your slapd.conf file above before starting the slapd daemon program:

suffix o=openna, c=com

This option specifies the DN of the root of the sub tree you are trying to create. In other words, it indicates what entries are to be held by this database.

directory /var/ldap

This option specifies the directory where the database and associated indexes files of LDAP should reside. We must set this to /var/ldap because we created this directory earlier in the installation stage specifically to handle the backend database of LDAP.

rootdn cn=admin, o=openna, c=com

This option specifies the DN of an entry allowed to do anything on the LDAP directory. The name entered here can be one that doesn't actually exist in your password file /etc/passwd.

rootpw secret

This option specifies the password that can be used to authenticate the super-user entry of the database. This is the password for the rootdn option above. Its important to not use clear text passwords here and to use a crypto password instead.

index cn,sn,uid | index objectclass pres,eq | index default none

These options specify the index definitions you want to build and maintain in the database definition. The options we specifies in our slapd.conf file example above, cause all indexes to be maintained for the cn, sn, and uid attributes; -index cn,sn,uid, presence and an equality indexes for the objectclass attribute -index objectclass pres,eq, and no indexes for all remaining attributes -index default none. See your user manual for more information.

The last options in the file slapd.conf relate to access control in LDAP directory.


                 defaultaccess read
                 access to attr=userpassword
                 by self write
                 by dn="cn=admin, o=openna, c=com" write
                 by * compare
               
This example applies to entries in the o=openna, c=com sub tree. Read access is granted to everyone, and the entry itself can write all attributes, except for userpassword. The userpassword attribute is writable only by the specified cn entry; admin, and comparable by everybody else. See your user manual for more information.