Runs an OpenLDAP server for custom user management. The LDAP server listens by default on the srv network for LDAP requests.
- OpenLDAP server
- ldapvi utility to edit live LDAP records
The main OpenLDAP configuration is broken into parts. Some of these are left empty by default and may be edited by service users:
/etc/openldap/slapd.00acl-local.confallows to define custom ACLs which precede the default ACLs
/etc/openldap/slapd.20main-local.confallows to add main configuration settings after the default configuration
/etc/openldap/slapd.40backend-local.confallows to override the default backend configuration, e.g. to define custom indexes.
/etc/openldap/listen_urlscontains a list of LDAP URIs to listen on, one per line. Listening on srv addresses and localhost is added automatically.
In addition, service users may also place custom schema files into
The LDAP database suffix (as found in
cn=example,cn=com) can only be changed by Flying Circus support staff and
requires the database to be rebuilt.
After configuration changes, invoke sudo /etc/init.d/slapd restart as service user to activate the new configuration.
To get all slapd indexes rebuilt during server restart, invoke sudo slapd-restart-reindex.
We monitor the reachability of OpenLDAP via IPv4 and IPv6 via the srv network by default. Usually these checks are sufficient, so there is no custom monitoring configuration required.