Create multiple databases to OpenLDAP

Perform the following action at creating a new other database if a database is already existed.

Setting of OpenLDAP

$ sudo mkdir /var/lib/ldap2
$ sudo chown openldap:openldap /var/lib/ldap2
$ sudo ldapvi -Y EXTERNAL -h ldapi:/// -b cn=config

Append lines as follow to last lines with a blank line.

add olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap2
olcSuffix: dc=example,dc=org
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=org" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=org" write by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=example,dc=org
olcRootPW: {SSHA}AWtw2vmrYibntFzTJrcxjW13A3xlI+ck
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq

(save then,)
add: 1, rename: 0, modify: 0, delete: 0
Action? [yYqQvVebB*rsf+?] y

Generate password for rootdn of a new database

$ slappasswd
New password:
Re-enter new password:

Add new entries to new database

You should use ‘-A’ option, this option start with an empty file without searcing.

$ sudo ldapvi -D cn=admin,dc=example,dc=org -A

--- Login
Type M-h for help on key bindings.

Filter or DN: cn=admin,dc=example,dc=org
Password: ********

Example entries is follow

add dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
dc: example

add cn=admin,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: {SSHA}3n2Z4m3XfLFMV6wK+neR8bGlptUHJpJC

add ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People

(save, then)
add: 3, rename: 0, modify: 0, delete: 0
Action? [yYqQvVebB*rsf+?] y

At this point, you will be able to do the entry in the same way as the existing LDAP database.