OpenLDAP configuration utilities
Switch branches/tags
Nothing to show
Clone or download

Slapdconf Project

OpenLDAP configuration utilities. These utilities make configuration of OpenLDAP easier - especially after the switch to the OLC-stype configuration which uses the cn=config LDAP suffix.


$ sudo slapdconf list-suffixes

$ sudo slapdconf get-suffix-prop dc=example,dc=com
olcDatabase : {2}mdb
olcDbDirectory : /var/lib/ldap/example
.... (shorted for clarity) ....

$ sudo slapdconf set-server-prop idle-timeout:120

$ sudo slapdconf get-server-prop
olcIdleTimeout : 120
olcLogLevel :


There are two utilities in this project:

slapdconf - Command-line tool to configure a running OpenLDAP. slapdadm - Command-line tool to configure stopped OpenLDAP.


This command-line tool is used to configure a running OpenLDAP server instance. It uses LDAP protocol to change the cn=config subtree of an OpenLDAP server. The configuration changes are applied without a server restart.

It can reconfigure the sever, create new directory suffixes, setup replication, etc.


slapdconf -h -D "uid=admin,ou=people,dc=example,dc=com" -w secret get-server-prop
slapdconf -Y EXTERNAL list-suffixes
slapdconf -Y EXTERNAL create-suffix dc=example,dc=com --dbDir /var/lib/ldap/dc=example,dc=com --rootPassword supersecret


This command-line tool is used to configure a stopped OpenLDAP instance. The configuration is done by direct manipulation of files in C</etc/ldap/slapd.d> directory and the database files.

It can be used for operations that slapdconf cannot do. E.g. it can claen-up the OpenLDAP configuration that is provided by your Linux distribution and that somehow never quite fits. Then a slapdconf tool can be used to replace it with a proper setup.


slapdadm delete-suffix dc=example,dc=com
slapdadm delete-all


This is work in progress. Some commands are not yet implemented or implemented partially. Any kind of contribution to make these tools a more complete solution is greatly appreciated. The primary source code repository for these tools is at Github:


The tools are written in Perl. The slapdconf uses Net::LDAP module which is easy to use LDAP client. The Perl was chosen because of its flexibility. It also looks like it is kind of a tradition to use Perl for LDAP server administration tools.