Home Contact Download

Search




Ohloh statistics

Sponsored by

Hosted by

LDAP Tool Box project: even LDAP administrators need help



OpenLDAP init script

Presentation

The init script slapd provide start, stop and other commands for OpenLDAP daemon. It requires:

  • Logger, to forward messages to syslog
  • Awk, for regular expression management
  • BerkeleyDB, for recover and archive tools
  • OpenLDAP, for save, index, … tools

Configuration of this script can be done in an external file, with the same name as the init script in /etc/default.

A backup feature allows to save all data or configuration in an LDIF file, compressed or not. The restore feature import the last backup in the directory.

This script is included in LTB OpenLDAP RPMS

Usage

Run the script like that:

# /etc/init.d/slapd action

With action in:

  • start:
    • Test configuration
    • Start slurpd if needed
    • Start slapd with data recover if needed
  • stop:
    • Stop slapd and save data if needed
    • Stop slurpd if needed
  • forcestop:
    • If script can read PID, do a kill -KILL PID
    • Else killall -KILL on binaries name
  • restart:
    • Launch stop
    • Launch start
  • force-reload:
    • Force stop
    • Config test
    • Start
  • configtest: test configuration
  • db_recover: data recover (slapd must be stopped)
  • reindex: data index (slapd must be stopped)
  • removelogs: archive old BerkeleyDB logs (slapd must be stopped)
  • backup: LDIF export of all data
  • restore: Remove current data and restore last backup
  • backupconfig: LDIF export of configuration or copy of slapd.conf
  • restoreconfig: Remove current configuration and restore last backup
  • status: Display running status and naming contexts
  • debug: Stop OpenLDAP and restart it in debug mode (level can be configured), with output on the console

Installation

Copy script in /etc/init.d:

# mv slapd /etc/init.d
# chmod +x /etc/init.d/slapd

Configure the service in init levels:

# ln -s /etc/init.d/slapd /etc/rc3.d/S90slapd
# ln -s /etc/init.d/slapd /etc/rc4.d/S90slapd
# ln -s /etc/init.d/slapd /etc/rc5.d/S90slapd
# ln -s /etc/init.d/slapd /etc/rc0.d/K10slapd
# ln -s /etc/init.d/slapd /etc/rc6.d/K10slapd

For RedHat based systems:

# chkconfig --add slapd

For Debian base systems:

# update-rc.d slapd defaults

Configuration file must be installed in /etc/default:

# mkdir -p /etc/default
# mv slapd.default /etc/default/slapd
# chmod 600 /etc/default/slapd

You can run several OpenLDAP daemons on the same server, and use different init scripts. For example to have a “slapd2” init script:

# ln -s /etc/init.d/slapd /etc/init.d/slapd2
# cp /etc/default/slapd /etc/default/slapd2

Configuration

Use the external file in /etc/default rather than editing directly the script.

  • Following parameters are mandatory:
Parameter Description
IP Listen address for standard LDAP requests. Meta character * can be used for all interfaces
PORT Listen port for standard LDAP requests. Use SLAPD_SERVICES if you need several ports
SSLIP Listen address for LDAPS requests. Meta character * can be used for all interfaces
SSLPORT Listen port for LDAPS requests. Use SLAPD_SERVICES if you need several ports
-
SLAPD_PATH OpenLDAP main directory
DATA_PATH Data directory. You can set auto to get directories configured in slapd.conf
SLAPD_PID_FILE The pidfile parameter of slapd.conf
SLAPD_CONF Main configuration file
SLAPD_SERVICES Listen URI LDAP list, separated by spaces
SLAPD_BIN slapd binary path
-
SLAPADD_BIN slapadd binary path
SLAPCAT_BIN slapcat binary path
SLAPINDEX_BIN slapindex binary path
SLAPTEST_BIN slaptest binary path
-
SLURPD_PID_FILE The replica-pidfile parameter of slapd.conf
SLURPD_BIN slurpd binary path
-
BDB_PATH BerkeleyDB main directory
DB_ARCHIVE_BIN db_archive binary path
DB_RECOVER_BIN db_recover binary path
RECOVER_AT_STARTUP Force data recover on startup. Should not be used for OpenLDAP > 2.2
-
BACKUP_AT_SHUTDOWN Backup data when slapd is stopped
BACKUP_PATH Backup directory
BACKUP_SUFFIX Backup file suffix
-
TIMEOUT Stop slapd timeout. After that, you need to use the forcestop rule
FD_LIMIT Maximum opened file descriptor
  • Following parameters are not mandatory (they can contain ””) :
Parameter Description
SLAPD_PARAMS Additional options forslapd. options -h, -f, -u et -g are already managed
SLAPD_CONF_DIR Main configuration dir (cancel SLAPD_CONF parameter)
SLAPD_USER Owner user of slapd andslurpd process
SLAPD_GROUP Owner group of slapd andslurpd process
SLAPD_SYSLOG_LOCAL_USER Syslog local user (by default local4)
-
SLURPD_PARAMS Additional options for slurpd. Option -f is already managed
-
BACKUP_COMPRESS_EXT Extension of LDIF compressed file. No compression is done if this is empty
BACKUP_COMPRESS_BIN Binary used to compress LDIF file
BACKUP_UNCOMPRESS_BIN Binary used to uncompress LDIF file
DEBUG_LEVEL OpenLDAP log level to use in debug mode. Default is 256 (stats)
SPECIAL_QUOTE Some shell force quote on parameter when they are used in a command. Set 0 to let shell quote parameters, and 1 to explicitly quote parameters (see related issue). Default is 1