Symas OpenLDAP Knowledge Base

Quick Start - Notes on Loading cn=config

The Command Itself

The command /usr/local/sbin/slapadd is installed by the symas-openldap package. It is an important database creation, backup, and maintenance command. Here we use it to load the cn=config (internal configuration LDIF) database.

The -n 0 Option

cn=config is ALWAYS the first database defined. It is predefined in the source code. OpenLDAP can not do anything but wait for a valid, if minimal, configuration to loaded into the database1. This option identifies which database, by number in the dynamic configuration database order, slapadd is supposed to load the data to. To solve the “chicken and egg” configuration problem, cn=config is hard-coded to be a back-ldif (LDIF) database.

Note: if you choose to use static configuration (slapd.conf) this step is not needed. The data is loaded from slapd.conf and its include files at startup time.

The -n option tells slapadd which database the data is loaded to. The 0 value specifies the first database or cn=config.

The -F /usr/local/etc/slapd.d Option

This tells slapadd which directory to put the configuration database (LDIF). /usr/local/etc/slapd.d is ??? the default ??? location for OpenLDAP 2.5+.

The -l /usr/local/etc/openldap/slapd.ldif Option

This tells slapadd where the input LDIF is.

The Effect of the Command

slapadd does schema and value checking on the LDIF provided and stores it. It is possible to edit this LDIF directly. Please DO NOT EDIT slapd.d directly. Use ldapadd, ldapmodify, or other line commands to make changes!


  1. This explanation is for cn=conf, the dynamic internal configuration database. When the directory is started without either a static configuration definition (slapd.conf) or an LDIF file to load into cn=conf, the server starts and waits. For simplification in the Quick-Start Guide, the process starts without any configuration data loaded at start up so we can discuss things in an orderly, piece by piece way.↩︎