Symas OpenLDAP Knowledge Base

Override slapd Defaults

By default, the slapd process will run as the root user and listen on ldap:/// and ldapi:///

To change these settings requires making a systemd override file. Use at text editor to create the symas-openldap override file /etc/default/symas-openldap. Options that can be overridden:

  • SLAPD_URLS - URLS to listen on
  • SLAPD_OPTIONS - Additional options to pass to slapd, including user and group

Add the following:

SLAPD_URLS="ldap:/// ldaps:///"
SLAPD_OPTIONS="-u root -g root"

In the example above enables the default ports for LDAP (389) and LDAPS (636). It ensures that the slapd process will run under the system’s ‘root’ user’s authority.

Save the recently created file and restart slapd.

sudo systemctl restart slapd

If you are needing to specify a port or change the user and group slapd runs as, make the following adjustment.

SLAPD_URLS="ldap://:1389/ ldaps://:1636/ ldapi:///" 
SLAPD_OPTIONS="-u ldap -g ldap"

In the example above, LDAP is set to use port 1389 and LDAPS is set to use port 1636. You may adjust the port as needed. The slapd process will now run as ‘ldap’ user and group.