Go to main content

Working With Oracle® Solaris 11.4 Directory and Naming Services: LDAP

Exit Print View

Updated: November 2020

Troubleshooting OpenLDAP Server Configuration

This section shows:

  • How to use the ldapservercfg command to determine whether a system is or has been previously configured as an OpenLDAP server.

  • How to remove OpenLDAP server configuration.

ldapservercfg Warns that the System is Already Configured

The following are true for a newly installed system or a system that has not been configured as an OpenLDAP server:

  • The ldap/server:openldap service instance is in the disabled state.

    $ svcs ldap/server:openldap
    STATE          STIME    FMRI
    disabled       Jun_17   svc:/network/ldap/server:openldap

    If the ldap/server:openldap service instance was previously enabled and online, then the service created the default configuration as specified in its SMF properties.

  • The following files and directories do not exist or are empty:

    • The /etc/openldap/slapd.conf legacy configuration file does not exist.

    • The /etc/openldap/slapd.d directory does not exist.

    • The /etc/openldap/certs directory does not exist.

    • The /var/openldap/openldap-data directory is empty.

    If any of these files or directories exist, then the system might have been used as an OpenLDAP server previously.

When you run the ldapservercfg command on a system that has previously been configured as an OpenLDAP server, you are warned and prompted to confirm whether you want to continue with this reconfiguration:

WARNING: The OpenLDAP server has already been configured.
         If you want to rerun the initial configuration, be sure to do
         necessary backups using slapcat, i.e.

         /usr/sbin/slapcat -F /etc/openldap/slapd.d -b \
             "dc=example,dc=com" > example.com.ldif

         The tool will do the following actions:
         /usr/sbin/svcadm disable -s ldap/server:openldap
         rm -rf /etc/openldap/slapd.d
         rm -rf /etc/openldap/certs
         rm -rf /var/openldap/openldap-data/*.mdb

WARNING: About to reset the server configuration. (yes/[no])

ldapservercfg Shows Existing Base DNs

The following occurs when the server has already been configured interactively:

# su openldap -c '/usr/sbin/ldapservercfg  openldap'
Do you want to configure this server as a master server? (yes/[no])  [yes]
The following are existing base DNs

    [1] dc=example,dc=com

Please select LDAP base DN: (1-1) [1]

How to Remove OpenLDAP Configuration

  1. Disable the openldap service instance.
    # svcadm disable ldap/server:openldap
  2. Back up data and configuration.

    Back up to an LDIF file in a safe place, as shown in the following example:

    # slapcat -n 1 -l /var/tmp/dit.ldif
    # slapcat -n 0 -l /var/tmp/config.ldif
  3. Remove configuration and data files.
    # rm -rf /etc/openldap/slapd.d /var/openldap/openldap-data/*
  4. (Optional) Remove TLS certificates.

    If you intend to reconfigure the server, and you already have clients that are using these certificates, you might choose to keep these certificates.

    # rm -rf /etc/openldap/certs