cn=config is the default configuration backend in openldap

The release of Intrepid Alpha4 comes amongst other things with the latest version of openldap – 2.4.11. One of the most important change is in the packaging: cn=config is now the default configuration backend. Migration from slapd.conf to cn=config is automatically done on upgrades.

As explained in the Openldap Administrator Guide:

the slapd runtime configuration in 2.3 (and later) is fully LDAP-enabled and can be managed using the standard LDAP operations with data in LDIF. The LDAP configuration engine allows all of slapd’s configuration options to be changed on the fly, generally without requiring a server restart for the changes to take effect.

The old-style configuration using slapd.conf is still enabled, however the openldap package won’t maintain it anymore. Upgrade actions (such as migrating unsupported options, dumping database when necessary) will only be taken if the system uses cn=config.

From a packaging point of view one of the benefit of using the cn=config backend is the ability to add extra schemas to the ldap server (which was impossible without breaking the Debian Policy). That opens the door for better integration of ldap-aware applications. Packages will be able to automatically load the application schema into the ldap tree. There is still more work to be done in that area, but using cn=config as the default configuration backend is the first step in that direction.

The Ubuntu Server Team is looking for testers: if you’re running an ldap server you can help out. Clone your ldap system and try to upgrade to intrepid to see if things break. If so don’t forget to report bugs !

4 Responses to “cn=config is the default configuration backend in openldap”

  1. Excellent decision!

    Remember to report any bugs to the OpenLDAP Project at:


  2. Great to hear the progress coming along on LDAP. I’ve been toying with the idea of setting up an LDAP server to sync contacts, and perhaps logins between desktop/laptop.

    Along with that, it would also be a big step to see some more documentation and tutorials for setting up an LDAP server. My unfamiliarity, coupled with the sparse and outdated collection of documentation, is was steered me away in the first place.

    Keep up the good work.

  3. Excellent step forward. I’m mostly interested in setting up an ubuntu small business server, and although openldap is the way forward, very small steps are taken to make openldap a breeze to work with. Hopefully with the on-the-fly configurability things will move into a brighter position.

  4. […] upload also marks the move from slapd.conf to the cn=config backend. Although slapd.conf support is still available new installs and package upgrades will only support […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: