Trying to enable "olcAllows: bind_v2" in OpenLDAP 2.4

Question

I have a Linux server running OpenLDAP 2.4 that uses the cn=config setup instead of a slapd.conf file. The server does not currently support LDAPv2 connections, only v3, so I'm trying to add olcAllows: bind_v2 to cn=config.

Some searching lead me to believe that I could edit the cn=config.ldif file and restart slapd but that doesn't make the change. I suspect now that I need to use ldapmodify to update the database with the updated cn=config.ldif. I am not very experienced with OpenLDAP, in particular on using cn=config, so I'm a little nervous about running a sloppy command and screwing up the server.

Any suggestions on how to enable LDAPv2 in such situations?

Thanks, RP

Answer 1

CheckPoint R80 does not only support LDAP v3. it only supports v2.

thank you.

Answer 2

since

the slapd runtime configuration in 2.3 is fully LDAP-enabled and can be managed using the standard LDAP operations with data in LDIF. openldap_doc

using ldapmodify is what you want to do, assuming you have a running openldap setup using slapd.config instead of slapd.conf file.

To add olcAllows: bind_v2 you create an ldif file with the following content:

    dn: cn=config
    add: olcAllows
    olcAllows: bind_v2

then to add it you run ldapmodify with a dn that can edit the cn=config

ldapmodify -D <root/admin dn> -w <password> -f add_olcAllows_bind_v2.ldif

to remove it you can use a separate remove_olcAllows_bind_v2.ldif

    dn: cn=config
    delete: olcAllows

ldapmodify -D <root/admin dn> -w <password> -f remove_olcAllows_bind_v2.ldif

As with any ldif files, be careful of whitespaces. Also, if you have SASL workin I think you can use ldapmodify -Y EXTERNAL -H ldapi:/// -f <filename> I have not tried this one though.

Disclaimer: I have about a month equivalent experience with openldap. I am very much a beginner.

-- Lunamystry