OpenLDAP 2.4: Adding overlays
Mostly googlefood, since I spent way too long looking for this.
I wanted to load the unique plugin into my openLDAP 2.4 installation, and had a hell of a time, since so much of the documentation out there is for 2.2. Here’s what I did.
First, I told LDAP to load the plugin (forgetting this caused no end of grief):
root@ldap# cat /tmp/unique.1.ldif
dn: cn=module{0},cn=config
cn: module{0}
objectClass: olcModuleList
olcModulePath: /usr/lib64/openldap/
olcModuleLoad: unique.la
structuralObjectClass: olcModuleList
root@ldap# ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/unique.1.ldif
Then after that, loading in the configuration for the module itself.
root@ldap# cat /tmp/unique.2.ldif
dn: olcOverlay=unique,olcDatabase={2}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcUniqueConfig
olcOverlay: unique
olcUniqueUri: ldap:///ou=people,dc=example,dc=com?uid?sub
olcUniqueUri: ldap:///ou=people,dc=example,dc=com?mail?sub
olcUniqueUri: ldap:///ou=people,dc=example,dc=com?uidNumber?sub
olcUniqueUri: ldap:///ou=groups,dc=example,dc=com?gidNumber?sub
olcUniqueUri: ldap:///ou=groups,dc=example,dc=com?cn?sub
root@ldap# ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/unique.2.ldif
May 23rd, 2014 at 3:24 am
Darren, you are the man! I was looking for solution for uidNext + uidNumber junction. And finally, thanks to your post, I’ve done it. Thanks a lot!
July 23rd, 2014 at 2:59 am
I must agree with Van.
This was indeed a lifesaver.
November 11th, 2014 at 9:35 am
Thx a lot man !
March 13th, 2017 at 11:50 am
I found with OpenLDAP 2.4.40, that I had to remove the structuralObjectClass attribute, otherwise it would fail:
ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/unique.1.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=module{0},cn=config”
ldap_add: Constraint violation (19)
additional info: structuralObjectClass: no user modification allowed
August 8th, 2018 at 2:10 am
@Ron McLeod: remove the “structuralObjectClass” line from the file, that couldn’t be there.