Symas OpenLDAP 2.5: Systemd configuration

With systemd, there are two seperate types of configuration changes.

• Overriding system limitations such as the number of open files
• Overriding defaults for the slapd startup process

Overriding system limitations

Sometimes it is necessary to provide more resources to the slapd process. Most commonly this is the number of file descriptors available to the process. The following is an example of how this is done with Symas OpenLDAP 2.5. All commands run as root.

1. RHEL: mkdir -p /etc/systemd/system/symas-openldap-servers.service.d
   Debian/Ubuntu: mkdir -p /etc/systemd/system/symas-openldap-server.service.d
2. Create the file override.conf
3. The following contents would allow the slapd process to have up to approximately 524,000 active connections
   [Service]
   LimitNOFILE=524288
   
4. The systemd daemon must be reloaded for this to take effect:
   systemctl daemon-reload
5. When ready, restart the slapd process
   systemctl restart slapd

Overriding slapd defaults

By default, the slapd process will run as the root user and listen on ldap:/// and ldapi:///
To change these settings requires making a systemd override file
edit /etc/default/symas-openldap
Options that can be overridden:

• SLAPD_URLS - URLS to listen on
• SLAPD_OPTIONS - Additional options to pass to slapd, including user and group

For example, to listen on the ldap, ldaps, and ldapi ports and socket:
SLAPD_URLS="ldap:/// ldaps:/// ldapi:///"
To run as the user and group ldap
SLAPD_OPTIONS="-u ldap -g ldap"
 
Need help? Email: support@symas.com