OpenLDAP Configuration: Missing slapd.conf File in Ubuntu 10.04 – Alternative Setup Methods


2 views

In Ubuntu 10.04 and later versions, OpenLDAP transitioned from the traditional slapd.conf file to a dynamic configuration system using the slapd.d directory. This change was made to enable runtime configuration modifications without requiring server restarts.

Your LDAP configuration now resides in /etc/ldap/slapd.d/. The directory contains multiple .ldif files that replace the functionality of slapd.conf:

/etc/ldap/slapd.d/
├── cn=config
│   ├── cn=module{0}.ldif
│   ├── cn=schema
│   │   ├── cn={0}core.ldif
│   │   ├── ...
│   ├── olcDatabase={0}config.ldif
│   ├── olcDatabase={-1}frontend.ldif
│   └── olcDatabase={1}mdb.ldif

To modify your configuration, you can use ldapmodify. Here's how to change the administrator password:

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}hashed_password_here

Save this to a file (e.g., modify.ldif) and run:

sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f modify.ldif

If you have an existing slapd.conf from another system, convert it:

sudo slapd -f /path/to/slapd.conf -F /etc/ldap/slapd.d/ -d 1

This will generate the equivalent LDIF files in the slapd.d directory.

  • /etc/ldap/ldap.conf: Client configuration
  • /etc/default/slapd: Service startup options
  • /var/lib/ldap/: Default database location

After making changes, verify with:

sudo slapd -T test -F /etc/ldap/slapd.d/ -u openldap -g openldap

To view your current configuration:

sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config

Since OpenLDAP 2.3 (released in 2005), the traditional slapd.conf configuration has been deprecated in favor of the more flexible cn=config system. Ubuntu 10.04 uses this newer configuration backend by default.

Instead of /etc/ldap/slapd.conf, check these locations:

/etc/ldap/slapd.d/
/etc/ldap/ldap.conf
/var/lib/ldap/

You can view and modify configuration using these methods:

# View entire config
sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config

# Modify specific settings
sudo ldapmodify -Y EXTERNAL -H ldapi:///

Create a file loglevel.ldif:

dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: stats

Then apply it with:

sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f loglevel.ldif

If you have an existing slapd.conf:

sudo slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/

Then make sure the generated files have proper permissions:

sudo chown -R openldap:openldap /etc/ldap/slapd.d/

For adding schemas (example: cosine schema):

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif