Bug 11038

Summary: openldap should use cn=config as the default backend
Product: Mageia Reporter: benoit mortier <benoit.mortier>
Component: RPM PackagesAssignee: Buchan Milne <bgmilne>
Status: RESOLVED WONTFIX QA Contact:
Severity: normal    
Priority: Normal CC: ennael1, jlgrall
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: openldap-2.4.33-7.mga3 CVE:
Status comment:

Description benoit mortier 2013-08-20 10:22:04 CEST 
Description of problem:

openldap still use slapd.conf as the default backend. This backend is considered deprecated by the openldap guys and most of the distro have activated cn=config as the default openldap backend.

i think the next release of mageia could do the same

Version-Release number of selected component (if applicable):

openldap-2.4.33-7.mga3

How reproducible:

just install openldap

Steps to Reproduce:
1.
2.
3.


Reproducible: 

Steps to Reproduce:
Anne Nicolas 2013-08-20 10:23:05 CEST

CC: (none) => ennael1

Comment 1 Buchan Milne 2013-08-20 12:27:50 CEST 
1)It is trivial to convert from slapd.conf to slapd.d, and everything in the package works correctly. I am not 100% sure that everything works in the absence of slapd.conf (and would prefer to verify that before).

[root@media ~]# /etc/init.d/ldap status
ldap.service - LSB: LDAP servers (slapd)
          Loaded: loaded (/etc/rc.d/init.d/ldap)
          Active: active (running) since Tue, 2013-08-20 12:19:52 SAST; 5min ago
         Process: 2300 ExecStart=/etc/rc.d/init.d/ldap start (code=exited, status=0/SUCCESS)
        Main PID: 2546 (slapd)
          CGroup: name=systemd:/system/ldap.service
                  â 2546 /usr/sbin/slapd -u ldap -g ldap -l local4 -s 0 -h ldap:/// ldaps:///

Aug 20 12:19:52 media.ranger.dnsalias.com ldap[2300]: Starting slapd (ldap + ldaps): [  OK  ]
Aug 20 12:19:52 media.ranger.dnsalias.com systemd[1]: Started LSB: LDAP servers (slapd).

[root@media ~]# ls /etc/openldap/slapd.d/
[root@media ~]# /etc/init.d/ldap convert
config file testing succeeded
[root@media ~]# ls /etc/openldap/slapd.d/
cn=config/  cn=config.ldif

[root@media ~]# /etc/init.d/ldap restart
Restarting ldap (via systemctl):                                                                  [  OK  ]
[root@media ~]# /etc/init.d/ldap status
ldap.service - LSB: LDAP servers (slapd)
          Loaded: loaded (/etc/rc.d/init.d/ldap)
          Active: active (running) since Tue, 2013-08-20 12:25:25 SAST; 4s ago
         Process: 8634 ExecStop=/etc/rc.d/init.d/ldap stop (code=exited, status=0/SUCCESS)
         Process: 8661 ExecStart=/etc/rc.d/init.d/ldap start (code=exited, status=0/SUCCESS)
        Main PID: 8675 (slapd)
          CGroup: name=systemd:/system/ldap.service
                  â 8675 /usr/sbin/slapd -u ldap -g ldap -l local4 -s 0 -F /etc/openldap/slapd.d/ -h ldap:///...

Aug 20 12:25:23 media.ranger.dnsalias.com systemd[1]: Starting LSB: LDAP servers (slapd)...
Aug 20 12:25:25 media.ranger.dnsalias.com ldap[8661]: Starting slapd (ldap + ldaps): [  OK  ]
Aug 20 12:25:25 media.ranger.dnsalias.com ldap[8661]: grep: /etc/openldap/slapd.d/: Is a directory
Aug 20 12:25:25 media.ranger.dnsalias.com systemd[1]: Started LSB: LDAP servers (slapd).

2)It is impossible to automatically revert to slapd.conf

3)There are still no tools for managing cn=config/slapd.d that match vim on slapd.conf, I haven't seen any integration for cn=config/slapd.d in tools like puppet or cfengine. Until there are, new users spend too much time trying to learn ldap to configure slapd to learn ldap (chicken and egg problem).


Feel free to differ with valid arguments on these 3 issues.

Status: NEW => RESOLVED
Resolution: (none) => WONTFIX

Comment 2 jlgrall 2013-08-22 21:51:10 CEST 
Interesting, I didn't know we could easily convert with: /etc/init.d/ldap convert

Point 3: there is FusionDirectory.

Point 2: if it works with cn=config, it is not really needed to revert to slapd.conf

CC: (none) => jlgrall