The latest and greatest OpenBSD includes ldapd, an LDAP directory server written by Martin Hedenfalk. Compared to OpenLDAP, I call this lightweight, both in terms of requirements and features. Even so, the status page includes lots of things that are important:

  • Indices supported
  • Schema file parsing
  • SSL support (STARTTLS and the nonstandard LDAPS)
  • Simple authentication (SHA, SSHA, and CRYPT) with userPassword attribute
  • SASL PLAIN
  • Online database compaction
  • Schema checking
  • Append-only B-Tree database

I took its portable version for a small test drive. ldapd requires a user on the system called _ldapd. This user's home directory is where ldapd creates database files. If need be, you can change the definition of LDAPD_USER in ldapd.h before building the program. Apropos build, ldapd requires libevent and current OpenSSL libraries. After the ubiquitous ./configure; make; make install the program is ready to be configured. I created the following ldapd.conf

listen on 127.0.0.1 port 389 secure
    
    include "/etc/schema/core.schema"
    include "/etc/schema/inetorgperson.schema"
    include "/etc/schema/nis.schema"
    
    namespace "dc=mens,dc=de" {
        rootdn "dc=mens,dc=de"
        rootpw "secret"
        index "uid"
        index "cn"
    }

and launched ldapd with

./ldapd -d -f ldapd.conf

After the server starts, I can start adding, searching and modifying entries as usual.

ldapsearch -LLL -x -h localhost -b '' -s base +
    dn:
    vendorName: bzero.se
    vendorVersion: 0.1p
    supportedLDAPVersion: 3
    namingContexts: dc=mens,dc=de
    supportedExtension: 1.3.6.1.4.1.1466.20037
    supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
    subschemaSubentry: cn=schema

I can also add an index as an afterthought, and use ldapctl to reindex the database. ldapctl also allows me to view server statistics:

start time: Tue Nov  2 09:10:07 2010
    requests: 73
    search requests: 27
    bind requests: 16
    modify requests: 2
    timeouts: 0
    unindexed searches: 11
    active connections: 0
    active searches: 0
    
    suffix: dc=mens,dc=de
    data timestamp: Tue Nov  2 09:11:07 2010
    data page size: 4096
    data depth: 1
    data revisions: 2
    data entries: 2
    data branch/leaf/overflow pages: 0/1/0
    data cache size: 1 of 0 (0.0% full)
    data page reads: 2
    data cache hits: 12 (85.7%)
    indx timestamp: Tue Nov  2 09:11:07 2010
    indx page size: 4096
    indx depth: 1
    indx revisions: 1
    indx entries: 3
    indx branch/leaf/overflow pages: 0/1/0
    indx cache size: 1 of 0 (0.0% full)
    indx page reads: 1
    indx cache hits: 3 (75.0%)

I'd have to do a lot more testing, but this certainly is the quickest LDAP directory server setup I've performed to date. Worth a closer look.

Comments

blog comments powered by Disqus