0

I am trying to create a second root domain in OpenLDAP. I want to accomplish this through the command line. I understand that we have to edit the slapd.conf file and add the following for the second domain:

database    bdb
suffix      "dc=newdomain,dc=com"
rootdn      "cn=Manager,dc=mydomain,dc=com"
rootpw          secret
directory   <path_to_preexisting_directory>

After this, I restarted the server, but the domain doesn't seem to get added as neither can I connect to it nor can I execute any commands such as ldapadd, ldapsearch etc.

What can I do to create the domain?

Gaurav Sood
  • 157
  • 3
  • 16

1 Answers1

0

According to openldap quick start guide #8 you don't have to change the ldap.conf, but you have to create an auxilliary .ldif-file and to perform ldapadd upon it:

#example .ldif-file for domain example.com
dn: olcDatabase=bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: bdb
OlcDbMaxSize: 1073741824
olcSuffix: dc=example,dc=com
olcRootDN: cn=Manager,dc=example,dc=com
olcRootPW: secret
olcDbDirectory: /usr/local/var/openldap-data
olcDbIndex: objectClass eq

Call it, for example, test.ldif and use this command to add it to your database:

ldapadd -x -D "cn=admin,dc=example,dc=com" -w <password> -H ldap:// -f test.ldif

cn=admin can not work for you, it depends on how did you called your user

-w <password> is where you need to specify your password, without <>

I guess you would want to know, that configuring OpenLDAP with slapd.conf is deprecated and soon will not be supported. Using new method with ldif-files and cn=config has many pros, for example you don't need to restart the server after changing system databases.

Using bdb and hdb is also undesirable, they use Oracle BerkleyDB and OpenLDAP wants to go further with their own DB-backend, the mdb.

Asalle
  • 1,239
  • 19
  • 41
  • This answer only works if you are already using online configuration, which isn't mentioned in the question. – user207421 Mar 07 '16 at 19:56