How to know which berkley db openldap is refering to?

Question

I have two berkeley dbs installed on the RHEL 5.3. Now, I am confused that which one openldap is referring as its backend.

Following is the slapd.conf:

include /usr/local/etc/openldap2-4-30/schema/core.schema
include /usr/local/etc/openldap2-4-30/schema/cosine.schema
include /usr/local/etc/openldap2-4-30/schema/inetorgperson.schema

**# Define global ACLs to disable default read access.**

**# Do not enable referrals until AFTER you have a working directory**
**# service AND an understanding of referrals.**                  

pidfile /usr/local/var/openldap2-4-30/run/slapd.pid
argsfile    /usr/local/var/openldap2-4-30/run/slapd.args

**# rootdn can always read and write EVERYTHING!**
access to *
    by self write
    by * read

#########################################
**# uniquely identifies this server**
#########################################
serverID 1

#######################################################################
**# BDB database definitions**
#######################################################################
database bdb
suffix "dc=COMPANY,dc=CP"
rootdn "cn=Manager,dc=COMPANY,dc=CP"

**# Cleartext passwords, especially for the rootdn, should**
**# be avoid. See slappasswd(8) and slapd.conf(5) for details.**
**# Use of strong authentication encouraged.**
rootpw secret   

**# The database directory MUST exist prior to running slapd AND**
**# should only be accessible by the slapd and slap tools.**
**# Mode 700 recommended.**
directory   /usr/local/var/openldap2-4-30/Master1/openldap-data

Please guide how can i know that out of which installed berkeley dbs, openldap is using as its backend?

Note: this question is linked to

slapd not running

Thanking you.

score 1 · Accepted Answer · answered Apr 25 '12 at 10:07

1

It looks like you should only have 1 root there, each new root contains a

database        bdb
suffix  "dc=limepepper,dc=org"
directory       /var/lib/ldap/mycompany.org

type block.

Have you initialized the new root?

I think you need to create a new root ldif file, and import those entries into the running LDAP server like so;

# cat /home/myuser/mynewroot.ldif
dn: dc=COMPANY,dc=CP
objectclass: dcObject
objectclass: organization
o: COMPANY CP
dc: COMPANY

dn: cn=Manager,dc=COMPANY,dc=CP
objectclass: organizationalRole
cn: Manager

and then import that into the empty LDAP server like so;

# ldapadd -x -D "cn=Manager,dc=COMPANY,dc=CP" -W -f   /home/myuser/mynewroot.ldif

There is a tutorial on setting up new roots here;
http://www.howtoforge.com/linux_openldap_setup_server_client

and some more details on what you need in the minimal root here;
http://www.openldap.org/doc/admin22/dbtools.html

answered Apr 25 '12 at 10:07

Tom

10,886
5
39
62

once that is done, you should be able to connect to it using some visual tool like LDAPexplorer – Tom Apr 25 '12 at 10:10
thanks for the reply. I am able to connect to db and everything is working fine. I just want to know how can I check which bdb OpenLdap is referring to? – Infotechie Apr 25 '12 at 12:02
its probably in the logs, and might well be in the attributes exposed on the root element. But as a brutal test of what files the openldap is actually got open you can do `lsof -P| grep slapd` and look through the output for which directory is being used. – Tom Apr 25 '12 at 15:43
thanks. It showed me the list of directory/file used by ldap. But I have one confusion that some directories are empty and the output of above command showing that there are files in that. For eg. /usr/local/var/openldap2-4-30/Master1/openldap-data/ directory is empty but lsof output says /usr/local/var/openldap2-4-30/Master1/openldap-data/id2entry.bdb Why is it so? – Infotechie Apr 26 '12 at 04:16
Its possible that those files are cached in memory, and will be flushed to disk at some point, or when the service stops. So you could try `service ldap stop` and check the contents then. If they are not there at that point, then you might have some other issue like a dir masked by a mount, so you could try to re-login to another ssh console and try the `ls -lah /usr/local/var/openldap2-4-30/Master1/openldap-data/` again – Tom Apr 26 '12 at 07:40
Thank you so much Tom for all the sugeestions.They really helped me a lot in configuring openldap.Now it is working fine. – Infotechie Apr 26 '12 at 09:02

score 0 · Answer 2 · answered Apr 25 '12 at 09:22

0

The database OpenLDAP is using is located at /usr/local/var/openldap2-4-30/Master1/openldap-data.

answered Apr 25 '12 at 09:22

Sven

97,248
13
177
225

But this folder is empty. – Infotechie Apr 25 '12 at 09:27

score 0 · Answer 3 · answered Apr 25 '12 at 10:22

0

How about:

$ ldd <path-to-slapd> | grep libdb

?

answered Apr 25 '12 at 10:22

nickgrim

4,336
1
17
27

score 0 · Answer 4 · answered Apr 25 '12 at 11:00

0

It seems you have been mixing several sources (both information and software....) while you've been wrestling with OpenLDAP. My recommendation: start over from scratch.

For starters, if you yum install openldap-servers, you absolutely DO NOT need to download any BDB libraries from the net, everything is set for you.

Secondly, the "standard" path for OpenLDAP data files is /var/lib/ldap. Normally you should not care about that, you create LDIF files with the text editor of your choice and then use slapadd command to create those LDAP trees. After that, use standard LDAP utilities such as Luma, gq, ldapsearch/ldapadd/ldapremove or your favourite programming language LDAP bindings.

Here's an excellent on-line book about (Open)LDAP, don't get scared by the title.

answered Apr 25 '12 at 11:00

Janne Pikkarainen

31,454
4
56
78

You are right i just got confused. this all is new for me. Thanks for the wonderful link. I'll definitely go through it.Just for your information I have not installed ldap using yum install openldap-servers. I have separately installed Berkeley & OpenLdap thorugh source.What if I want to upgrade the already installed version of bdb? – Infotechie Apr 25 '12 at 11:58
In Linux world you install packages using the package manager. It takes care of updating everything for you. In RHEL package updates do give you security updates, bug fixes and occasionally new features, too; they aim for stability, not for the latest and greatest. You do not need to worry about the versions. If you truly need to live dangerously and use the latest version, compiling from the source is one option, using more bleeding edge distro is another. – Janne Pikkarainen Apr 25 '12 at 12:08
Ok. I have googled a lot for getting those rpm first but did not able to find the proper link. It will be really helpful if you can provide the link where I can get the proper ldap as per the linux distribution. Or you want to say that the openldap package comes with the RHEL package? – Infotechie Apr 25 '12 at 12:22
You don't hand-pick and download ANY rpm files. Command `yum install openldap-servers` installs OpenLDAP and all the dependencies (such as BerkeleyDB) for you. Same for any other piece of software you need. `yum` is a package manager which is clever enough to know what `rpm` files it needs to download. – Janne Pikkarainen Apr 25 '12 at 12:36

How to know which berkley db openldap is refering to?

4 Answers4

Linked