OpenBSD Journal

[Ask OBSDJ] LDAP Anyone?

Contributed by Dengue on from the dc=foo,dc=bar dept.

I'm taking some time off from work, and have spent much of my time playing around with LDAP on OpenBSD. Currently, I am running OpenLDAP from the 3.0/ports tree, chrooted (slick eh?) and using LDAP to provide authentication for Linux and (soon) Solaris hosts. I'm also using it to provide Netscape Roaming profiles, global addressbook, and mail routing (via the Courier MTA ). Thread performance issues aside (running the test script from the Courier distribution pegs slapd at ~90% for a long time on a P5/200 with plenty of ram, and yes, directory entries are cached.), OpenBSD looks like an excellent choice as a secure platform for a mission-critical application like LDAP. Of course, I might be biased <g>.

What I'd like to ask: Is anyone else out there doing work with OpenLDAP on OpenBSD? And, while I'm at it, would anyone like to donate some faster equipment for me to play on?

(Comments are closed)

  1. By dengue () on mailto:dengue(at)

    I forgot to add: A really excellent tool for working with directories is Jarok Gawor's LDAP BrowserEditor , a java application that allows you to browse, edit, and create directory entries. It's also one of the few java applications that don't give me a headache, and runs well using the jdk-linux-1.3.1 package on my pokey P5.

  2. By Frank DENIS () on

    I'm using LDAP to store all accounts for a small ISP. All servers are running OpenBSD 2.9 or 3.0.

    There's one MySQL server, one LDAP server, two DNS/Mail/FTP servers, one NFS server and 6 web servers. The box with the MySQL server also runs a secondary OpenLDAP server to replicate the LDAP server content.

    The DNS servers are running djbdns with a set of M4 macros to ease the maintenance (no LDAP there) .

    The Mail servers are running Qmail-LDAP.

    The FTP servers are running Pure-FTPd.

    The web servers are Zeus.

    Management of LDAP accounts is done with a custom set of PHP scripts.

    Everything works very nicely and reliably. I only had troubles with OpenLDAP once : indexes got corrupted (don't know why... not even after a crash of slapd...) . I rebuilt them and everything went ok since.

    So OpenBSD + LDAP is definitely something you can consider. We use LDAP not only for PosixAccount info, but also to add administrative info to customers. This is a real pleasure to have everything stored at the same place.

    The OpenBSD 3.0 box running the main LDAP server has its kernel tuned with :


    It speeds up a bit OpenLDAP operations.

    Best regards,


  3. By Anonymous Coward () on

    Do you use a program for the Netscape roaming profiles and global address book? Or just add the entries by hand?

  4. By thelieber () on

    Anyone able to get the Abzilla LDAP address book support in post 0.9.4 Mozilla release. I found the following link which seems to indicate that the feature can be enabled (can't seem to get it to work).

  5. By Tom Hensel () on

    I'm in trouble setting up OpenLDAP2 on OpenBSD properly;
    as I'm new to LDAP at all I'd love to read a good
    HOWTO or whatever instructions.

    Any hints? Thanks!


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]