Migrate from slapd.conf to cn=configΒΆ

Tip

This documentation is generic

Assumptions:

<SLAPD_CONF>:the path to the slapd.conf OpenLDAP configuration file
<SLAPD_CONF_DIR>:
 the path to the slapd.d folder that is going to store the future cn=config configuration
<SLAPD_USER>:the user that owns the slapd process
<SLAPD_GROUP>:the group that owns the slapd process
  1. Stop OpenLDAP:

    systemctl stop slapd
    
  2. Create cn=config directory:

    mkdir <SLAPD_CONF_DIR>
    
  3. Convert configuration file:

    slaptest -f <SLAPD_CONF> -F <SLAPD_CONF_DIR> -d 256
    
    # set correct permissions
    chown -R <SLAPD_USER>:<SLAPD_GROUP> <SLAPD_CONF_DIR>
    find <SLAPD_CONF_DIR> -type d -exec chmod 750 {} \;
    find <SLAPD_CONF_DIR> -type f -exec chmod 640 {} \;
    
  4. Update the arguments for your OpenLDAP launch command. It can be in any of these paths:

    • the systemd configuration file,
    • /etc/default/slapd,
    • /etc/sysconfig/slapd,
    • /usr/local/openldap/etc/openldap/slapd-cli.conf for OpenLDAP LTB packages

You should replace the argument: -f <SLAPD_CONF> by -F <SLAPD_CONF_DIR>

  1. Start OpenLDAP:

    systemctl slapd start