Home Contact Download

Search




Ohloh statistics

LDAP Tool Box project: even LDAP administrators need help



OpenLDAP init script

Presentation

The init script slapd provide start, stop and other commands for OpenLDAP daemon. It requires:

  • Logger, to forward messages to syslog
  • Awk, for regular expression management
  • BerkeleyDB, for recover and archive tools
  • OpenLDAP, for save, index, … tools

Configuration of this script can be done in an external file, with the same name as the init script in /etc/default.

A backup feature allows to save all data in an LDIF file, compressed or not.

Usage

Run the script like that:

# /etc/init.d/slapd action

With action in:

  • start:
    • Test configuration
    • Start slurpd if needed
    • Start slapd with data recover if needed
  • stop:
    • Stop slapd and save data if needed
    • Stop slurpd if needed
  • forcestop:
    • If script can read PID, do a kill -KILL PID
    • Else killall -KILL on binaries name
  • restart:
    • Launch stop
    • Launch start
  • force-realod:
    • Force stop
    • Config test
    • Start
  • configtest: test configuration
  • db_recover: data recover (slapd must be stopped)
  • reindex: data index (slapd must be stopped)
  • removelogs: archive old BerkeleyDB logs (slapd must be stopped)
  • backup: LDIF export of all data
  • status: Display running status and naming contexts

Installation

Copy script in /etc/init.d:

# mv slapd /etc/init.d
# chmod +x /etc/init.d/slapd

Configure the service in init levels:

# ln -s /etc/init.d/slapd /etc/rc3.d/S90slapd
# ln -s /etc/init.d/slapd /etc/rc4.d/S90slapd
# ln -s /etc/init.d/slapd /etc/rc5.d/S90slapd
# ln -s /etc/init.d/slapd /etc/rc0.d/K10slapd
# ln -s /etc/init.d/slapd /etc/rc6.d/K10slapd

For RedHat based systems:

# chkconfig --add slapd

For Debian base systems:

# update-rc.d slapd defaults

Configuration file must be installed in /etc/default:

# mkdir -p /etc/default
# mv slapd.default /etc/default/slapd
# chmod 600 /etc/default/slapd

You can run several OpenLDAP daemons on the same server, and use different init scripts. For example to have a “slapd2” init script:

# cp /etc/init.d/slapd /etc/init.d/slapd2
# cp /etc/default/slapd /etc/default/slapd2

Configuration

Use the external file in /etc/default rather than editing directly the script.

  • Following parameters are mandatory:
Parameter Description
IP Listen address for standard LDAP requests. Meta character * can be used for all interfaces
PORT Listen port for standard LDAP requests. Use SLAPD_SERVICES if you need several ports
SSLIP Listen address for LDAPS requests. Meta character * can be used for all interfaces
SSLPORT Listen port for LDAPS requests. Use SLAPD_SERVICES if you need several ports
-
SLAPD_PATH OpenLDAP main directory
DATA_PATH Data directory. You can set auto to get directories configured in slapd.conf
SLAPD_PID_FILE The pidfile parameter of slapd.conf
SLAPD_CONF Main configuration file
SLAPD_SERVICES Listen URI LDAP list, separated by spaces
SLAPD_BIN slapd binary path
-
SLAPCAT_BIN slapcat binary path
SLAPINDEX_BIN slapindex binary path
SLAPTEST_BIN slaptest binary path
-
SLURPD_PID_FILE The replica-pidfile parameter of slapd.conf
SLURPD_BIN slurpd binary path
-
BDB_PATH BerkeleyDB main directory
DB_ARCHIVE_BIN db_archive binary path
DB_RECOVER_BIN db_recover binary path
RECOVER_AT_STARTUP Force data recover on startup. Should not be used for OpenLDAP > 2.2
-
BACKUP_AT_SHUTDOWN Backup data when slapd is stopped
BACKUP_PATH Backup directory
BACKUP_FILE Backup file path
BACKUP_SUFFIX Backup file suffix
-
TIMEOUT Stop slapd timeout. After that, you need to use the forcestop rule
FD_LIMIT Maximum opened file descriptor
  • Following parameters are not mandatory (they can contain ””) :
Parameter Description
SLAPD_PARAMS Additional options forslapd. options -h, -f, -u et -g are already managed
SLAPD_CONF_DIR Main configuration dir (cancel SLAPD_CONF parameter)
SLAPD_USER Owner user of slapd andslurpd process
SLAPD_GROUP Owner group of slapd andslurpd process
-
SLURPD_PARAMS Additional options for slurpd. Option -f is already managed
-
BACKUP_COMPRESS_EXT Extension of LDIF compressed file. No compression is done if this is empty
BACKUP_COMPRESS_BIN Binary used to compress LDIF file