Simple yet Secure HTTP File Serving with SSO: Part 2

This series of articles will be updated fairly frequently because both OpenSSL and OpenLDAP have giant fields of land mines laid in the way of getting things done. Most of these are due to a lack of Getting Started material. Jeremy Mates has solved this problem brilliantly for OpenSSL with his excellent OpenSSL tools and How-tos. However, I have yet to find a similar resource for OpenLDAP and as a result I have lost metaphorical limbs walking through its mine fields.

The first of these OpenLDAP mine fields is configuration. An OpenLDAP slapd.conf file must include a schema or it will fail to parse fairly basic options. The OpenLDAP Quick Start Guide fails to mention this and thus following it will lead you nowhere useful:

    reading config file /opt/local/etc/openldap/slapd.conf
    line 1 (database bdb )
    line 2 (suffix "dc=example, dc=com" )
    /opt/local/etc/openldap/slapd.conf: line 2:  invalid DN 21 (Invalid syntax)
    slaptest: bad configuration file!

On Mac OS X I installed OpenLDAP with MacPorts and thus I need a basic slapd.conf that includes the core.schema:

    include /opt/local/etc/openldap/schema/core.schema

    database bdb
    suffix "dc=example, dc=com"
    rootdn "cn=Manager, dc=example, dc=com"
    rootpw secret
    directory /Users/alain/Sites/LDAP/data
At this point I am able to get past the configuration parsing with slaptest -v -d 64, but the Berkeley DB is apparently locked by a mystery user. For reference the directory /Users/alain/Sites/LDAP/data is completely empty prior to running slaptest.

I will keep hammering away at this to figure it out and post updates to this post.

UPDATE: slapd was running after the test. Apparently test means test, then run... In any case an ldapsearch succeeds so now its time to import an LDIF with a test user.

Links: