Posted on Sun, 05/06/2012 - 18:42
Before you can add modules to a dynamic OpenLDAP backend the cn=module section should be added.
Create a module.ldif file with the following lines:
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib64/openldap
olcModuleload: back_hdb
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib64/openldap
olcModuleload: back_hdb
The module path could be different depending on your Linux distribution.
To add the module section, use:
ldapadd -x -D cn=config -W -f module.ldif
adding new entry "cn=module,cn=config
adding new entry "cn=module,cn=config
To add another module for example the audit logging, add the ldif below:
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: auditlog
changetype: modify
add: olcModuleLoad
olcModuleLoad: auditlog
Now the module can be configured, by adding the config options to hdb section.
The options of the available modules can be found in the slapo-<modulename> man-page.
dn: olcOverlay=auditlog,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcAuditLogConfig
olcOverlay: auditlog
olcAuditlogFile: /tmp/auditlog.ldif
changetype: add
objectClass: olcOverlayConfig
objectClass: olcAuditLogConfig
olcOverlay: auditlog
olcAuditlogFile: /tmp/auditlog.ldif
The auditlog will log al changes in the hdb backend to the auditlog.ldif file.