I hate OpenLDAP. Thanks to a stupid decision by OpenLDAP packagers, the server is completely unusable after install on Ubuntu. We went from a working debconf on jaunty to a completely broken install on karmic (and it doesn't look like it will be fixed in lucid either).
An OpenLDAP install on karmic no longer creates a database, installs schemas, or creates an admin user. There are basically no good HOWTOs for this initial configuration, and all the official documentation is wrong - it says to use dpkg-reconfigure, which no longer works. A thread on the ubuntu forums is the best you will get.
All I wanted to do was move my existing (working) ldap database to another server, which should have been a 5-minute job with slapcat, slapadd.
I finally got it working using the instructions in the thread to create a database, then added the users using 'slapadd -n1' as originally intended (I never got to import the original config '-n0' successfully). There is a whole lot of black magic involved: I don't understand what installing the schemas does, and I only vaguely understand what the ldif file does. The error messages provided by openldap might as well be in another language because they are completely uninformative.
Once I had a working setup I was getting a prompt with 'I have no name!'@box. Despite there being a lot of bullshit about this being caused by permissions on ldap config files in forums, it turns out if you install 'nscd' it magically goes away. I have no idea why, but nscd also seems to be the antidote to other ldap bugs, so you might as well have it :)
It's enough to make me want to use a windows DC and likewise....
Update: according to a bug report, this doco is now up-to-date, with the same information as in the thread.
No comments:
Post a Comment