cn=config is the default configuration backend in openldap

Posted in Uncategorized on August 14th, 2008 by Dave Walker

The release of Intrepid Alpha4 comes amongst other things with the latest version of openldap – 2.4.11. One of the most important change is in the packaging: cn=config is now the default configuration backend. Migration from slapd.conf to cn=config is automatically done on upgrades.

As explained in the Openldap Administrator Guide:

the slapd runtime configuration in 2.3 (and later) is fully LDAP-enabled and can be managed using the standard LDAP operations with data in LDIF. The LDAP configuration engine allows all of slapd’s configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect.

The old-style configuration using slapd.conf is still enabled, however the openldap package won’t maintain it anymore. Upgrade actions (such as migrating unsupported options, dumping database when necessary) will only be taken if the system uses cn=config.

From a packaging point of view one of the benefit of using the cn=config backend is the ability to add extra schemas to the ldap server (which was impossible without breaking the Debian Policy). That opens the door for better integration of ldap-aware applications. Packages will be able to automatically load the application schema into the ldap tree. There is still more work to be done in that area, but using cn=config as the default configuration backend is the first step in that direction.

The Ubuntu Server Team is looking for testers: if you’re running an ldap server you can help out. Clone your ldap system and try to upgrade to intrepid to see if things break. If so don’t forget to report bugs !