1)Create, for example under /var/lib, a directory that will be used to
store the database file of the new tree i.e. in "ldap-mynewtree"
sudo mkdir -p /var/lib/ldap-mynewtree2)Give the ownership of the directory to the openldap user (or whatever user the LDAP server is using)
sudo chown openldap:openldap /var/lib/ldap-mynewtree3)Add a second database and suffix to /etc/ldap/slapd.conf
The below config has been taken from OpenLDAP default settings
######################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
# The base of your directory in database #2
suffix "dc=mynewtree,dc=com"
# rootdn directive for specifying a superuser on the database.
#This is needed for syncrepl.
rootdn "cn=admin,dc=mynewtree,dc=com"
rootpw pwdadmin
# Where the database file are physically stored for database #2
directory "/var/lib/ldap-mynewtree"
#The above has been taken from the default settings of OpenLDAP
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
# Indexing options for database #2
index objectClass eq
# Save the time that the entry gets modified, for database #2
lastmod on
access to *
by dn="cn=admin,dc=mynewtree,dc=com" write
by dn="cn=admin,dc=mynewtree,dc=com" read
by * read
4)
sudo /etc/init.d/slapd stop5)
sudo /etc/init.d/slapd start6) Create a ldif file containing the basic tree structure and save it
as mytreestructure.ldif
Example of ldif:
##############################
version: 1
dn: dc=mynewtree,dc=com
objectClass: dcObject
objectClass: organization
dc: mynewtree
o: Example Corporation
description: The Example Corporation
dn: cn=admin,dc=mynewtree,dc=com
objectClass: organizationalRole
cn: admin
description: Directory Manager
#####################################
7)Add the structure from the ldif file to the OpenLDAP server:
ldapadd -x -W -D cn=admin,dc=mynewtree,dc=com -f mytreestructure.ldif -cAs reference, http://www.linux.com/articles/
* -c: This means don't die on every error; list errors, but
continue and add those entries that did not contain errors
* -x: use simple authentication
* -W: prompt for the bind password
* -f filename: get entries from filename
* -D'binddn: Bind using binddn -- essentially a username expressed
in LDAP's language, using the full dn.
For admin functions, this will be the rootdn you specified in your
slapd.conf file.
8)Update config.php for phpldapadmin to display the new root
sudo vi /etc/phpldapadmin/config.php
Around line 86: We add the new root dn of the new tree in the array
$ldapservers->SetValue($i,'server','base',array('dc=thefirsttree,dc=com','dc=mynewtree,dc=com'));
9)You should now see the new tree you have just created under phpldapadmin beside the first tree.
