OpenLDAP configuration brought to

Apache Directory Studio

1

<OpenLDAP configuration/> brought to

<Apache Directory Studio/>

2

Apache Software Foundation member

Chairman of MINA project

PMC of Apache Directory Project

elecharny@apache.org / elecharny@symas.com

Emmanuel Lécharny

Apache Directory Studio

4

OpenLDAP configuration

5

slapd.conf

Or

cn=config/

Slapd.conf

6

# See slapd.conf(5) for details on configuration options.include "/opt/symas/etc/openldap/schema/core.schema"

pidfile "/var/symas/run/slapd.pid"argsfile "/var/symas/run/slapd.args"

# Choose the directory for loadable modules.modulepath "/opt/symas/lib/openldap"

# Load dynamic backend modules:moduleload back_hdb.lamoduleload back_monitor.la

# Sample hdb database definitionsdatabase hdbsuffix "dc=example,dc=com"rootdn "dc=example,dc=com"rootpw secret

# Indices to maintainindex default eqindex objectClassindex cn

directory "/var/symas/openldap-data/example"cachesize 5000idlcachesize 5000checkpoint 512 60database monitor

cn=config

7

dn: cn=configolcWriteTimeout: 0olcTLSCRLCheck: noneolcConnMaxPendingAuth: 1000olcIndexIntLen: 4olcIdleTimeout: 0olcIndexHash64: FALSEolcAttributeOptions: lang-olcConfigDir: etc/openldap/slapd.dolcIndexSubstrAnyStep: 2olcPidFile: /var/symas/run/slapd.pid...

dn: cn=schemastructuralObjectClass: olcSchemaConfigcreateTimestamp: 20131117072024.982ZolcObjectIdentifier: OLcfg 1.3.6.1.4.1.4203.1.12.2olcObjectIdentifier: OLcfgAt OLcfg:3olcObjectIdentifier: OLcfgGlAt OLcfgAt:0olcObjectIdentifier: OLcfgBkAt OLcfgAt:1olcObjectIdentifier: OLcfgDbAt OLcfgAt:2olcObjectIdentifier: OLcfgOvAt OLcfgAt:3olcObjectIdentifier: OLcfgCtAt OLcfgAt:4olcObjectIdentifier: OLcfgOc OLcfg:4...

dn: olcDatabase={1}hdbolcDbShmKey: 0olcDbConfig: {0}#olcDbConfig: {1}# DB_CONFIG file for example databaseolcDbConfig: {2}#olcDbConfig: {3}# IMPORTANTolcDbConfig: {4}# Changes will automatically take effect after slapd is restarted....

Why cn=config ?

8

Configuration in LDAP

Can be replicated

Allows dynamic configuration

Protects against misconfigurations

But...

9

People keep using vi/Emacs

More complex than slapd.conf

You have to use ldapadd/ldapmodify/ldapdelete

But...

10

« It is of course possible for a careful, clueful admin to edit the files by hand without breaking

anything. »

« But let's face it, the majority of people out there, and particularly the people having

problems that drive them to post on this mailing list, are neither careful enough nor clueful

enough to qualify for these activities. »

Let's use Studio !

11

OpenLDAP configuration plugin

12

Don't have to lecture people who use text editors

Config for dummies (almost)

Many controls done by the plugin

« smart » editors

Backend configuration

13

HDB configuration

14

Replication configuration

15

Options configuration

16

What's next ?

17

Polish the editors

Make it work with slapd.conf

Add the missing elements

Manage versions

Release it !!!

Thanks!