The latest and greatest OpenBSD includes ldapd, an LDAP directory server written by Martin Hedenfalk. Compared to OpenLDAP, I call this lightweight, both in terms of requirements and features. Even so, the status page includes lots of things that are important:

  • Indices supported
  • Schema file parsing
  • SSL support (STARTTLS and the nonstandard LDAPS)
  • Simple authentication (SHA, SSHA, and CRYPT) with userPassword attribute
  • SASL PLAIN
  • Online database compaction
  • Schema checking
  • Append-only B-Tree database

I took its portable version for a small test drive. ldapd requires a user on the system called _ldapd. This user’s home directory is where ldapd creates database files. If need be, you can change the definition of LDAPD_USER in ldapd.h before building the program. Apropos build, ldapd requires libevent and current OpenSSL libraries. After the ubiquitous ./configure; make; make install the program is ready to be configured. I created the following ldapd.conf

listen on lo0 secure
listen on 192.168.33.126 port 389 tls certificate "jpm/obsd.ww.mens.de"
    
schema "/etc/schema/core.schema"
schema "/etc/schema/inetorgperson.schema"
schema "/etc/schema/nis.schema"
    
namespace "dc=mens,dc=de" {
        rootdn "dc=mens,dc=de"
        rootpw "secret"
        index "uid"
        index "cn"
}

and launched ldapd with

./ldapd -d -f ldapd.conf

After the server starts, I can start adding, searching and modifying entries as usual.

ldapsearch -LLL -x -h localhost -b '' -s base +
dn:
vendorName: bzero.se
vendorVersion: 0.1p
supportedLDAPVersion: 3
namingContexts: dc=mens,dc=de
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
subschemaSubentry: cn=schema

I can also add an index as an afterthought, and use ldapctl to reindex the database. ldapctl also allows me to view server statistics:

start time: Tue Nov  2 09:10:07 2010
requests: 73
search requests: 27
bind requests: 16
modify requests: 2
timeouts: 0
unindexed searches: 11
active connections: 0
active searches: 0
    
suffix: dc=mens,dc=de
data timestamp: Tue Nov  2 09:11:07 2010
data page size: 4096
data depth: 1
data revisions: 2
data entries: 2
data branch/leaf/overflow pages: 0/1/0
data cache size: 1 of 0 (0.0% full)
data page reads: 2
data cache hits: 12 (85.7%)
indx timestamp: Tue Nov  2 09:11:07 2010
indx page size: 4096
indx depth: 1
indx revisions: 1
indx entries: 3
indx branch/leaf/overflow pages: 0/1/0
indx cache size: 1 of 0 (0.0% full)
indx page reads: 1
indx cache hits: 3 (75.0%)

I’d have to do a lot more testing, but this certainly is the quickest LDAP directory server setup I’ve performed to date. Worth a closer look.