Switch from BDB to MDB database backend

README.md

@@ -854,7 +854,11 @@ server are both running on the same machine.
 
 [Installation Script](vagrant-setup/openldap24.sh)
 
-OpenLDAP is compiled with TCP Wrappers and using Berkeley DB 6.2 as database.
+OpenLDAP is compiled with TCP Wrappers and using MDB as database.
+
+Berkeley DB 6.2 (HDB) can also be used by editing [slapd2.ldif](vagrant-setup/ldap/slapd2.ldif) and [ppolicyoverlay.ldif](vagrant-setup/ldap/ppolicyoverlay.ldif).
+
+A password policy is set with an SSHA password hashing scheme.
 
 If HTTPD is installed then OpenLDAP script installs phpLDAPAdmin as well
 which can be accessed through:

vagrant-setup/ldap/init.d/slapd

@@ -13,11 +13,21 @@ echo "starting slapd server"
 ;;
 stop)
 echo "stopping slapd server"
-kill -INT `cat /usr/local/var/run/slapd.pid`
+if [ -f "cat /usr/local/var/run/slapd.pid" ]
+then
+	kill -INT `cat /usr/local/var/run/slapd.pid`
+else
+	kill -9 `pidof slapd`
+fi
 ;;
 restart)
 echo "stopping slapd server"
-kill -INT `cat /usr/local/var/run/slapd.pid`
+if [ -f "cat /usr/local/var/run/slapd.pid" ]
+then
+	kill -INT `cat /usr/local/var/run/slapd.pid`
+else
+	kill -9 `pidof slapd`
+fi
 echo "starting slapd server"
 /usr/local/libexec/slapd -F /usr/local/etc/openldap/slapd.d
 ;;

vagrant-setup/ldap/ppolicyoverlay.ldif

@@ -1,8 +1,8 @@
-dn: olcOverlay=ppolicy,olcDatabase={1}bdb,cn=config
+dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
 objectClass: olcOverlayConfig
 objectClass: olcPPolicyConfig
 olcOverlay: ppolicy
 olcPPolicyDefault: cn=default,ou=Policies,dc=auth,dc=com
-olcPPolicyHashCleartext: FALSE
+olcPPolicyHashCleartext: TRUE
 olcPPolicyUseLockout: FALSE
 olcPPolicyForwardUpdates: FALSE

vagrant-setup/ldap/slapd2.ldif

@@ -26,33 +26,66 @@ include: file:///usr/local/etc/openldap/schema/core.ldif
 include: file:///usr/local/etc/openldap/schema/ppolicy.ldif
 
 #######################################################################
-# BDB database definitions
+# BDB/HDB database definitions
 #######################################################################
 
-dn: olcDatabase=bdb,cn=config
-objectClass: olcDatabaseConfig
-objectClass: olcBdbConfig
-olcDatabase: bdb
-olcSuffix: dc=auth,dc=com
-olcRootDN: cn=Manager,dc=auth,dc=com
-olcRootPW: secret
-olcDbDirectory: /usr/local/var/auth-data
-olcDbCachesize: 1000
-olcDbIDLcacheSize: 3000
-olcDbSearchStack: 8
-olcDbIndex: objectClass,ou,cn,sn,uid,email eq
-olcAccess: to attrs=userPassword
-  by self write
-  by anonymous auth
-  by dn.base="cn=Manager,dc=auth,dc=com" write
-  by * none
+# dn: olcDatabase=bdb,cn=config
+# objectClass: olcDatabaseConfig
+# objectClass: olcBdbConfig
+# olcDatabase: bdb
+# olcSuffix: dc=auth,dc=com
+# olcRootDN: cn=Manager,dc=auth,dc=com
+# olcRootPW: secret
+# olcDbDirectory: /usr/local/var/auth-data
+# olcDbCachesize: 1000
+# olcDbIDLcacheSize: 3000
+# olcDbSearchStack: 8
+# olcDbIndex: objectClass,ou,cn,sn,uid,email eq
+# olcAccess: to attrs=userPassword
+#   by self write
+#   by anonymous auth
+#   by dn.base="cn=Manager,dc=auth,dc=com" write
+#   by * none
+# olcAccess: to *
+#   by self write
+#   by anonymous search
+#   by dn.base="cn=Manager,dc=auth,dc=com" write
+#   by * read
+
+# dn: olcOverlay=ppolicy,olcDatabase={1}bdb,cn=config
+# objectclass: olcPPolicyConfig
+# olcOverlay: ppolicy
+# olcPPolicyDefault: cn=passwordDefault,ou=Policies,dc=auth,dc=com
+
+#######################################################################
+# MDB database definitions
+#######################################################################
+
+dn: olcDatabase=mdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcMdbConfig
+olcDatabase: mdb
+olcSuffix: dc=auth,dc=com
+olcDbDirectory: /usr/local/var/auth-data
+olcRootDN: cn=Manager,dc=auth,dc=com
+olcRootPW: secret
+olcDbIndex: objectClass eq
+olcLastMod: TRUE
+olcMonitoring: TRUE
+olcDbEnvFlags: writemap
+olcDBNoSync: TRUE
 olcAccess: to *
   by self write
   by anonymous search
   by dn.base="cn=Manager,dc=auth,dc=com" write
-  by * read
+  by * read
+olcAccess: to attrs=userPassword
+  by dn="cn=Manager,dc=auth,dc=com" write
+  by anonymous auth
+  by self write
+  by * none
 
-dn: olcOverlay=ppolicy,olcDatabase={1}bdb,cn=config
+dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
 objectclass: olcPPolicyConfig
 olcOverlay: ppolicy
 olcPPolicyDefault: cn=passwordDefault,ou=Policies,dc=auth,dc=com

vagrant-setup/openldap24.sh

@@ -38,7 +38,7 @@ else
 			export LD_LIBRARY_PATH="/usr/share/$BDB/build_unix/.libs"
 
 			# ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libexecdir=/usr/lib --disable-static --disable-debug --with-tls=openssl --with-cyrus-sasl --enable-dynamic --enable-crypt --enable-spasswd  --enable-slapd --enable-modules --enable-rlookups --enable-backends=mod --disable-ndb --disable-sql --disable-shell --disable-bdb --disable-hdb --enable-overlays=mod
-			./configure --enable-wrappers --enable-ppolicy --disable-hdb --disable-mdb --disable-ndb --disable-sql
+			./configure --enable-wrappers --enable-ppolicy --enable-mdb --disable-bdb --disable-hdb --disable-sql
 			make depend
 			make
 			make install