OpenLDAP init script
Presentation
The init script slapd provide start, stop and other commands for OpenLDAP daemon. It requires:
- Logger, to forward messages to syslog
- Awk, for regular expression management
- BerkeleyDB, for recover and archive tools
- OpenLDAP, for save, index, … tools
Configuration of this script can be done in an external file, with the same name as the init script in /etc/default.
A backup feature allows to save all data or configuration in an LDIF file, compressed or not. The restore feature import the last backup in the directory.
This script is included in LTB OpenLDAP RPMS
Usage
Run the script like that:
# /etc/init.d/slapd action
With action in:
start:- Test configuration
- Start slurpd if needed
- Start slapd with data recover if needed
stop:- Stop
slapdand save data if needed - Stop
slurpdif needed
forcestop:- If script can read PID, do a
kill -KILL PID - Else
killall -KILLon binaries name
restart:- Launch
stop - Launch
start
force-reload:- Force stop
- Config test
- Start
configtest: test configurationdb_recover: data recover (slapd must be stopped)reindex: data index (slapd must be stopped)removelogs: archive old BerkeleyDB logs (slapd must be stopped)backup: LDIF export of all datarestore: Remove current data and restore last backupbackupconfig: LDIF export of configuration or copy of slapd.confrestoreconfig: Remove current configuration and restore last backupstatus: Display running status and naming contextsdebug: Stop OpenLDAP and restart it in debug mode (level can be configured), with output on the console
Installation
Copy script in /etc/init.d:
# mv slapd /etc/init.d # chmod +x /etc/init.d/slapd
Configure the service in init levels:
# ln -s /etc/init.d/slapd /etc/rc3.d/S90slapd # ln -s /etc/init.d/slapd /etc/rc4.d/S90slapd # ln -s /etc/init.d/slapd /etc/rc5.d/S90slapd # ln -s /etc/init.d/slapd /etc/rc0.d/K10slapd # ln -s /etc/init.d/slapd /etc/rc6.d/K10slapd
For RedHat based systems:
# chkconfig --add slapd
For Debian base systems:
# update-rc.d slapd defaults
Configuration file must be installed in /etc/default:
# mkdir -p /etc/default # mv slapd.default /etc/default/slapd # chmod 600 /etc/default/slapd
You can run several OpenLDAP daemons on the same server, and use different init scripts. For example to have a “slapd2” init script:
# ln -s /etc/init.d/slapd /etc/init.d/slapd2 # cp /etc/default/slapd /etc/default/slapd2
Configuration
Use the external file in /etc/default rather than editing directly the script.
- Following parameters are mandatory:
| Parameter | Description |
IP | Listen address for standard LDAP requests. Meta character * can be used for all interfaces |
PORT | Listen port for standard LDAP requests. Use SLAPD_SERVICES if you need several ports |
SSLIP | Listen address for LDAPS requests. Meta character * can be used for all interfaces |
SSLPORT | Listen port for LDAPS requests. Use SLAPD_SERVICES if you need several ports |
| - | |
SLAPD_PATH | OpenLDAP main directory |
DATA_PATH | Data directory. You can set auto to get directories configured in slapd.conf |
SLAPD_PID_FILE | The pidfile parameter of slapd.conf |
SLAPD_CONF | Main configuration file |
SLAPD_SERVICES | Listen URI LDAP list, separated by spaces |
SLAPD_BIN | slapd binary path |
| - | |
SLAPADD_BIN | slapadd binary path |
SLAPCAT_BIN | slapcat binary path |
SLAPINDEX_BIN | slapindex binary path |
SLAPTEST_BIN | slaptest binary path |
| - | |
SLURPD_PID_FILE | The replica-pidfile parameter of slapd.conf |
SLURPD_BIN | slurpd binary path |
| - | |
BDB_PATH | BerkeleyDB main directory |
DB_ARCHIVE_BIN | db_archive binary path |
DB_RECOVER_BIN | db_recover binary path |
RECOVER_AT_STARTUP | Force data recover on startup. Should not be used for OpenLDAP > 2.2 |
| - | |
BACKUP_AT_SHUTDOWN | Backup data when slapd is stopped |
BACKUP_PATH | Backup directory |
BACKUP_SUFFIX | Backup file suffix |
| - | |
TIMEOUT | Stop slapd timeout. After that, you need to use the forcestop rule |
FD_LIMIT | Maximum opened file descriptor |
- Following parameters are not mandatory (they can contain
“”) :
| Parameter | Description |
SLAPD_PARAMS | Additional options forslapd. options -h, -f, -u et -g are already managed |
SLAPD_CONF_DIR | Main configuration dir (cancel SLAPD_CONF parameter) |
SLAPD_USER | Owner user of slapd andslurpd process |
SLAPD_GROUP | Owner group of slapd andslurpd process |
SLAPD_SYSLOG_LOCAL_USER | Syslog local user (by default local4) |
| - | |
SLURPD_PARAMS | Additional options for slurpd. Option -f is already managed |
| - | |
BACKUP_COMPRESS_EXT | Extension of LDIF compressed file. No compression is done if this is empty |
BACKUP_COMPRESS_BIN | Binary used to compress LDIF file |
BACKUP_UNCOMPRESS_BIN | Binary used to uncompress LDIF file |
DEBUG_LEVEL | OpenLDAP log level to use in debug mode. Default is 256 (stats) |