Start a new OpenLDAP installation

I am installing OpenLDAP from scratch on a CentOS 7.

I followed the quickstart guide on the openldap.org website.

Everything worked fine up until step 7. I installed OpenLDAP in a customized directory without problem.

Below are the command I ran:

cd /usr/local/src
mkdir openldap
cd openldap
cp /home/user/openldap/src/* . // Copied everything in the tar ball to the directory
yum install gcc openssl libdb-devel libtool-ltdl-devel.x86_64 openssl-devel.x86_64 cyrus-sasl-devel.x86_64
// yum installed every required package, including the development package for make
./configure --prefix=/usr/local/src/openldap-install   //configure to install in custom location
make depend
make
make test //all successful
make install

Then I tried to follow step 8, editing the slapd.ldif file to put in my own domain, dc=adomain,dc=com. In my case, it was in file /usr/local/src/openldap-install/etc/openldap/slapd.ldif.

I then added the /usr/local/src/openldap-install/sbin/ directory to the PATH environment, by inserting a openldap_path.sh file in the profile.d directory and verified that it worked.

Then I followed step 9 (I was running everything by root):

slapadd -F /usr/local/etc/cn=config -l /usr/local/etc/openldap/slapd.ldif

But it returned

available database(s) do not allow slapadd new server

I don't understand; I am not migrating (as suggested in some other Stack Overflow post). Its a brand new server, but it just doesn't allow me to continue.

How can I fix it?.

File as follow

# See slapd-config(5) for details on configuration options.
# This file should NOT be world readable.
#
dn: cn=config
objectClass: olcGlobal
cn: config
#
#
# Define global ACLs to disable default read access.
#
olcArgsFile: /usr/local/src/openldap-install/var/run/slapd.args
olcPidFile: /usr/local/src/openldap-install/var/run/slapd.pid
#
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#olcReferral:    ldap://root.openldap.org
#
# Sample security restrictions
#    Require integrity protection (prevent hijacking)
#    Require 112-bit (3DES or better) encryption for updates
#    Require 64-bit encryption for simple bind
#olcSecurity: ssf=1 update_ssf=112 simple_bind=64


#
# Load dynamic backend modules:
#
#dn: cn=module,cn=config
#objectClass: olcModuleList
#cn: module
#olcModulepath:    /usr/local/src/openldap-install/libexec/openldap
#olcModuleload:    back_bdb.la
#olcModuleload:    back_hdb.la
#olcModuleload:    back_ldap.la
#olcModuleload:    back_passwd.la
#olcModuleload:    back_shell.la


dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema

include: file:///usr/local/src/openldap-install/etc/openldap/schema/core.ldif

# Frontend settings
#
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: frontend
#
# Sample global access control policy:
#    Root DSE: allow anyone to read it
#    Subschema (sub)entry DSE: allow anyone to read it
#    Other DSEs:
#        Allow self write access
#        Allow authenticated users read access
#        Allow anonymous users to authenticate
#
#olcAccess: to dn.base="" by * read
#olcAccess: to dn.base="cn=Subschema" by * read
#olcAccess: to *
#    by self write
#    by users read
#    by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#


#######################################################################
# LMDB database definitions
#######################################################################
#
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
**olcSuffix: dc=ldap,dc=domain,dc=com**
**olcRootDN: cn=Manager,dc=ldap,dc=domain,dc=com**
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd-config(5) for details.
# Use of strong authentication encouraged.
**olcRootPW: {SSHA}strong**
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
**olcDbDirectory:    /usr/local/src/openldap-install/var/openldap-data**
# Indices to maintain
olcDbIndex: objectClass eq

Only the last few lines were changed from the slapd.ldif.default file

And below is the file tree in the installation path output by ls -R

.:
bin  etc  include  lib  libexec  sbin  share  var

./bin:
ldapadd      ldapdelete  ldapmodify  ldappasswd  ldapurl
ldapcompare  ldapexop    ldapmodrdn  ldapsearch  ldapwhoami

./etc:
openldap

./etc/openldap:
ldap.conf          schema      slapd.conf.default  slapd.ldif.default
ldap.conf.default  slapd.conf  slapd.ldif

./etc/openldap/schema:
collective.ldif    cosine.schema         java.ldif      openldap.schema
collective.schema  duaconf.ldif          java.schema    pmi.ldif
corba.ldif         duaconf.schema        misc.ldif      pmi.schema
corba.schema       dyngroup.ldif         misc.schema    ppolicy.ldif
core.ldif          dyngroup.schema       nis.ldif       ppolicy.schema
core.schema        inetorgperson.ldif    nis.schema     README
cosine.ldif        inetorgperson.schema  openldap.ldif

./include:
lber.h        ldap_cdefs.h     ldap.h         ldap_utf8.h  slapi-plugin.h
lber_types.h  ldap_features.h  ldap_schema.h  ldif.h

./lib:
liblber-2.4.so.2       libldap-2.4.so.2       libldap_r-2.4.so.2.10.7
liblber-2.4.so.2.10.7  libldap-2.4.so.2.10.7  libldap_r.a
liblber.a              libldap.a              libldap_r.la
liblber.la             libldap.la             libldap_r.so
liblber.so             libldap_r-2.4.so.2     libldap.so

./libexec:
slapd

./sbin:
slapacl  slapauth  slapdn     slappasswd  slaptest
slapadd  slapcat   slapindex  slapschema

./share:
man

./share/man:
man1  man3  man5  man8

./share/man/man1:
ldapadd.1      ldapdelete.1  ldapmodify.1  ldappasswd.1  ldapurl.1
ldapcompare.1  ldapexop.1    ldapmodrdn.1  ldapsearch.1  ldapwhoami.1

./share/man/man3:
ber_alloc_t.3                ldap_free_urldesc.3
blablablablabla
blablablablabla
blablablablabla

./share/man/man5:
ldap.conf.5       slapd-mdb.5       slapd-sql.5         slapo-ppolicy.5
blablablablabla
blablablablabla
blablablablabla

./share/man/man8:
blablablablabla
blablablablabla

./var:
run

./var/run:

---

The default LDIF file may actually be the cn=config database.

I am not getting an LDAP server starting. I don't see what is the problem, Perhaps cleaning up some concept of mine can actually solve the situation here?

• How to define my own database? I thought I had already done that by changing the olcsuffix.
• How is the cn=config database different from a "configuration database"?
• What file do I edit / create to define my own database?
• What does it mean in step 8 of the OpenLDAP quickstart guide contain a MDB database definition of the form?
• What does it mean in step 9 of the OpenLDAP quickstart guide import your configuration database? does it mean the installed OpenLDAP server had no configuration?
• What does the slapd.conf file that came along with the installation do? Does it contain "definition" or "configuration"?
• I have tried to skip step 8 and 9 and directly tried to start SLAPD, but it always failed. Should SLAPD be able to start on its own without me "importing my own configuration database?

What would be a dummy ldif file that I can do slapadd and then I can figure out what’s wrong?

I attribute my difficulty to I reckon poorly-done OpenLDAP guidance documentation:

• They have stated that slapd.d is the new way to go, but the compiled source make does not generate the slapd.d/ directory, nor did I find options in the ./configure to switch to such
• bdb and hdb seems fading out and replaced by mdb, but ./configure defaults enabled those two, requiring some extra libdb-devel package to correctly make them (I am using CentOS 7).
• the subdirectory required by example setup files slapd.conf and slapd.ldif (and until today I don't know if they are example files or working files) is not setup by make install, even /var/openldap-data
• not even subdirectory required by the quickstart guide command was created by make install script
• I am not sure if that should be the right, but I believe SLAPD should be shipped at least "working out of the box" and subsequent configuration should be issued by the ldapmodify, add, and del commands.

It turns out this answer solves the problem: OpenLDAP naming context issue with Apache directory studio

I think I appreciate that people can answer some specifics of my question or provide an example for answer. Not all people learn by worded explanations; some learn by examples and reverse engineering. Read manuals and only ask question when you don't understand; I would think that is such a prior statement, and most have gone past that stage before actually asking any questions.

Yes, I think I should ask on Server Fault, since Stack Overflow is more geared towards programming.