This section shows:
How to use the ldapservercfg command to determine whether a system is or has been previously configured as an OpenLDAP server.
How to remove OpenLDAP server configuration.
The following are true for a newly installed system or a system that has not been configured as an OpenLDAP server:
The ldap/server:openldap service instance is in the disabled state.
$ svcs ldap/server:openldap STATE STIME FMRI disabled Jun_17 svc:/network/ldap/server:openldap
If the ldap/server:openldap service instance was previously enabled and online, then the service created the default configuration as specified in its SMF properties.
The following files and directories do not exist or are empty:
The /etc/openldap/slapd.conf legacy configuration file does not exist.
The /etc/openldap/slapd.d directory does not exist.
The /etc/openldap/certs directory does not exist.
The /var/openldap/openldap-data directory is empty.
If any of these files or directories exist, then the system might have been used as an OpenLDAP server previously.
When you run the ldapservercfg command on a system that has previously been configured as an OpenLDAP server, you are warned and prompted to confirm whether you want to continue with this reconfiguration:
************************************************************************** WARNING: The OpenLDAP server has already been configured. If you want to rerun the initial configuration, be sure to do necessary backups using slapcat, i.e. /usr/sbin/slapcat -F /etc/openldap/slapd.d -b \ "dc=example,dc=com" > example.com.ldif The tool will do the following actions: /usr/sbin/svcadm disable -s ldap/server:openldap rm -rf /etc/openldap/slapd.d rm -rf /etc/openldap/certs rm -rf /var/openldap/openldap-data/*.mdb ************************************************************************** WARNING: About to reset the server configuration. (yes/[no])
The following occurs when the server has already been configured interactively:
# su openldap -c '/usr/sbin/ldapservercfg openldap' Do you want to configure this server as a master server? (yes/[no]) [yes] The following are existing base DNs [1] dc=example,dc=com Please select LDAP base DN: (1-1) [1]
# svcadm disable ldap/server:openldap
Back up to an LDIF file in a safe place, as shown in the following example:
# slapcat -n 1 -l /var/tmp/dit.ldif # slapcat -n 0 -l /var/tmp/config.ldif
# rm -rf /etc/openldap/slapd.d /var/openldap/openldap-data/*
If you intend to reconfigure the server, and you already have clients that are using these certificates, you might choose to keep these certificates.
# rm -rf /etc/openldap/certs