Trouble setting up OpenLDAP with MDB backend

Silvia85 · March 17, 2025, 2:42am

I’m having issues getting OpenLDAP to work with the MDB backend. I’ve tried both the package version and a self-compiled one, but no luck.

The config database is fine, and there are no error messages in the log. The data.mdb file gets created, but I can’t see or write to my root suffix.

I’ve even tried the basic setup from the OpenLDAP admin guide, but it didn’t help. Here’s a snippet of my config:

database    mdb
maxsize     1073741824
suffix      "dc=myorg,dc=com"
rootdn      "cn=manager,dc=myorg,dc=com"
rootpw      "{SSHA}AbCdEfGhIjKlMnOpQrStUvWxYz123456"
directory   /var/lib/ldap/data
index   objectClass eq

Any ideas what I might be doing wrong? I’m really stuck here and could use some help.

SwiftCoder15 · March 24, 2025, 6:54am

I’ve encountered similar issues with OpenLDAP and the MDB backend. One often overlooked aspect is SELinux. If you’re running on a system with SELinux enabled, it might be preventing OpenLDAP from accessing the data directory. Try temporarily disabling SELinux with ‘setenforce 0’ to see if that resolves the issue. If it does, you’ll need to configure the appropriate SELinux policies.

Another potential problem could be with the ACLs in your configuration. Ensure you have the necessary access controls set up correctly. You might want to add something like:

access to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by * read

This grants full access to the root user and read access to others. Remember to restart slapd after making any configuration changes.

ClimbingMonkey · March 23, 2025, 10:12pm

hmm, that’s a tricky one! have you checked if the permissions on /var/lib/ldap/data are correct? sometimes that can cause silent failures. also, maybe try running slaptest to validate your config? oh, and have you considered using a different backend like bdb just to see if it works? might help narrow down the issue!

BoldPainter37 · March 23, 2025, 2:01am

yo, been there before! have u tried flushing the database and starting fresh? sometimes leftover data can mess things up. also, double-check ur firewall settings - they might be blocking connections. if all else fails, try downgrading to an older version of OpenLDAP. good luck!