Mandriva Directory Server On Debian Etch

Want to support HowtoForge? Become a subscriber!
 
Submitted by o.meyer (Contact Author) (Forums) on Tue, 2008-02-05 17:58. :: Debian | Samba | Storage

Mandriva Directory Server On Debian Etch

Version 1.1
Author: Oliver Meyer <o [dot] meyer [at] projektfarm [dot] de>
Last edited 02/19/2008

This document describes how to set up the Mandriva Directory Server (MDS) on Debian Etch. The resulting system provides a full-featured office server for small and medium companies - easy to administer via the web-based Mandriva Management Console (MMC).

 

Main Features

  • Easy administration via MMC
  • System wide OpenLDAP integration
  • SAMBA Primary Domain Controller (PDC)
  • Postfix Mailserver with Dovecot, Amavis, Spamassassin and ClamAV (POP3/IMAP/SSL/TLS/Quota)
  • BIND DNS-server
  • ISC DHCP-server
  • Squid web-proxy with SquidGuard

This howto is a practical guide without any warranty - it doesn't cover the theoretical backgrounds. There are many ways to set up such a system - this is the way I chose.

 

Preamble

This howto is quite complex. Please take your time, read it extensively and follow the steps minutely. The smallest amount of variance might effect that your setup won't work accurately.

 

1 Preparation

1.1 Basic System

Set up a standard debian etch system and update it. I used the following configuration for this howto and the attached virtual machine that is available for our subscribers:

Hostname: server1.example.com
SAMBA domain: EXAMPLE
IP: 192.168.0.100
Gateway: 192.168.0.2
All Passwords: howtoforge

 

1.2 Hostname

Edit the hosts file - assign the hostname to the server IP.

vi /etc/hosts

It should look like this:

127.0.0.1       localhost.localdomain   localhost
192.168.0.100   server1.example.com     server1

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

 

Afterwards insert the hostname into the hostname file ...

echo server1.example.com > /etc/hostname

... and reboot the system.

reboot

When the system is up again, the output of the both commands ...

hostname

... and ...

hostname -f

... should be:

server1.example.com

 

1.3 Filesystem ACLs

In order that SAMBA is able to map filesystem-ACLs between the Linux server and the Windows clients you need to add ACL-support to the corresponding mount point.

vi /etc/fstab

Add the option "acl" to the mount point where the SAMBA directories will be stored and the SAMBA users will have their homes. In my case it's "/" - the content should look like this:

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/sda1       /               ext3    defaults,acl,errors=remount-ro 0       1
/dev/sda5       none            swap    sw              0       0
/dev/hdc        /media/cdrom0   udf,iso9660 user,noauto     0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto  0       0

 

Afterwards remount the mountpoint to take the changes effect.

mount -o remount /

If all went well, the command ...

mount -l

... should show the option "acl" for the corresponding mountpoint:

/dev/sda1 on / type ext3 (rw,acl,errors=remount-ro)

 

2 Repositories

2.1 MDS

The MDS repository provides the MDS related packages and also patched packages for bind9 & dhcp3.

vi /etc/apt/sources.list

Add the following lines to the file.

# MDS repository
deb http://mds.mandriva.org/pub/mds/debian etch main

 

2.2 Debian Volatile

The Debian Volatile repository provides newer packages for ClamAV & Spamassassin than the standard debian repository.

vi /etc/apt/sources.list

Add the following lines to the file.

# Debian Volatile
deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free

 

2.3 Debian Backports

The Debian Backports repository provides newer packages for dovecot.

vi /etc/apt/sources.list

Add the following lines to the file.

# Debian Etch Backports
deb http://www.backports.org/debian etch-backports main

Afterwards refresh apt.

apt-get update

 

3 Needed packages

3.1 Install

Install the needed packages for this setup.

apt-get install mmc-web-base mmc-web-mail mmc-web-network mmc-web-proxy mmc-web-samba mmc-agent python-mmc-plugins-tools python-mmc-base python-mmc-mail python-mmc-network python-mmc-proxy python-mmc-samba postfix postfix-ldap sasl2-bin libsasl2 libsasl2-modules amavisd-new libdbd-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl lzop nomarch zoo clamav clamav-daemon gzip bzip2 unzip unrar-free unzoo arj spamassassin libnet-dns-perl razor pyzor dcc-client slapd ldap-utils libnss-ldap libpam-ldap dhcp3-server dhcp3-server-ldap bind9 samba smbclient smbldap-tools cupsys cupsys-client foomatic-db-engine foomatic-db foomatic-db-hpijs foomatic-db-gutenprint foomatic-filters foomatic-filters-ppds fontconfig hpijs-ppds linuxprinting.org-ppds

The actual dovecot-packages in the standard debian repository have a bug in conjunction with LDAP - so you have to use the dovecot-packages from Debian Backports.

apt-get install -t etch-backports dovecot-common dovecot-imapd dovecot-pop3d

If you want to use HP printers it's recommeded to install a few more packages.

apt-get install hplip libusb-dev python-dev python-reportlab libcupsys2-dev libjpeg62-dev libsnmp9-dev lsb-core

 

3.2 Configuration

During the installation of the new packages you'll be asked a few questions - answer them as follows.

 

3.2.1 LDAP

Enter the password for the LDAP admin and confirm it. (howtoforge)

 

3.2.2 Samba

Enter a name for your domain. (EXAMPLE)
Select "No" when you're asked if the smb.conf should be modified to use WINS settings from DHCP.

 

3.2.3 Postfix

Select "Internet Site" as general type of configuration.
Enter "server1.example.com" as mail name.

 

3.2.4 Libnss-LDAP

Enter "ldap://127.0.0.1/" as LDAP server URI.
Enter "dc=example,dc=com" as name for the search base.
Select the LDAP version. (3)
Enter "cn=admin,dc=example,dc=com" as LDAP account for root.
Enter the password for the LDAP admin. (howtoforge)

 

3.2.5 Libpam-LDAP

Select "Yes" when you're asked if the local root should be the database admin.
Select "No" when you're asked if the LDAP database requires login.
Enter "cn=admin,dc=example,dc=com" as LDAP account for root.
Enter the password for the LDAP admin. (howtoforge)

 

4 LDAP Configuration

4.1 Schema Files

First copy the schema files for MMC, mail, SAMBA, printer, DNS and DHCP into the LDAP schema directory.

cp /usr/share/doc/python-mmc-base/contrib/ldap/mmc.schema /etc/ldap/schema/
cp /usr/share/doc/python-mmc-base/contrib/ldap/mail.schema /etc/ldap/schema/
zcat /usr/share/doc/python-mmc-base/contrib/ldap/samba.schema.gz > /etc/ldap/schema/samba.schema
zcat /usr/share/doc/python-mmc-base/contrib/ldap/printer.schema.gz > /etc/ldap/schema/printer.schema
zcat /usr/share/doc/python-mmc-base/contrib/ldap/dnszone.schema.gz > /etc/ldap/schema/dnszone.schema
zcat /usr/share/doc/python-mmc-base/contrib/ldap/dhcp.schema.gz > /etc/ldap/schema/dhcp.schema

Next include the schema files into the LDAP configuration

vi /etc/ldap/slapd.conf

Include the schema files after the inetorgperson schema.

include /etc/ldap/schema/mmc.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/printer.schema
include /etc/ldap/schema/mail.schema
include /etc/ldap/schema/dnszone.schema
include /etc/ldap/schema/dhcp.schema

Enable the schemacheck (below the included schema files).

schemacheck on

 

4.2 Basic Configuration

In this step you'll need the ldap admin password (that you defined during the package installation in step 3) in encrypted form (SSHA) - so let's encrypt it.

slappasswd -s %ldap_admin_password%

E.g.:

slappasswd -s howtoforge

The output should look like this:

{SSHA}kPd9OeiwGx4lyZUiQ2NFmzXV0JWyLV9A

Note it down and proceed - open the LDAP server configuration file.

vi /etc/ldap/slapd.conf

Search the commented line with the entry for the LDAP admin (rootdn) ...

# rootdn "cn=admin,dc=example,dc=com"

... and comment it out. After that add a new line straight below. You have to enter the encrypted ldap admin password that you generated at the beginning of this step.

rootpw %encrypted_ldap_admin_password%

E.g.:

rootpw {SSHA}kPd9OeiwGx4lyZUiQ2NFmzXV0JWyLV9A

Next we have to modify the indexing options for the database. Search the following entry:

# Indexing options for database #1

Remove the line below ...

index objectClass eq

... and insert the following lines:

index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index zoneName,relativeDomainName eq
index dhcpHWAddress,dhcpClassData eq

Now add SAMBA to the access-list for the database. Search the following line:

access to attrs=userPassword,shadowLastChange

Change it that it looks like this:

access to attrs=userPassword,sambaLMPassword,sambaNTPassword

At this point the LDAP server configuration file should look like this:

# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/mmc.schema
include         /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/printer.schema
include         /etc/ldap/schema/mail.schema
include         /etc/ldap/schema/dnszone.schema
include         /etc/ldap/schema/dhcp.schema

schemacheck     on

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile         /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile        /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel        0

# Where the dynamically loaded modules are stored
modulepath      /usr/lib/ldap
moduleload      back_bdb

# The maximum number of entries that is returned for a search operation
sizelimit 500

# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1

#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend         bdb
checkpoint 512 30

#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend                <other>

#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database        bdb

# The base of your directory in database #1
suffix          "dc=example,dc=com"

# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
rootdn          "cn=admin,dc=example,dc=com"
rootpw          {SSHA}kPd9OeiwGx4lyZUiQ2NFmzXV0JWyLV9A

# Where the database file are physically stored for database #1
directory       "/var/lib/ldap"

# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0

# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057
# for more information.
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500

# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500

# Number of lockers
dbconfig set_lk_max_lockers 1500

# Indexing options for database #1
index      objectClass,uidNumber,gidNumber                  eq
index      cn,sn,uid,displayName                            pres,sub,eq
index      memberUid,mail,givenname                         eq,subinitial
index      sambaSID,sambaPrimaryGroupSID,sambaDomainName    eq
index      zoneName,relativeDomainName                 	    eq 
index      dhcpHWAddress,dhcpClassData                      eq

# Save the time that the entry gets modified, for database #1
lastmod         on

# Where to store the replica logs for database #1
# replogfile    /var/lib/ldap/replog
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
        by dn="cn=admin,dc=example,dc=com" write
        by anonymous auth
        by self write
        by * none

# Ensure read access to the base for things like
# supportedSASLMechanisms.  Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work 
# happily.
access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
access to *
        by dn="cn=admin,dc=example,dc=com" write
        by * read

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
#        by dn="cn=admin,dc=example,dc=com" write
#        by dnattr=owner write

#######################################################################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database        <other>

# The base of your directory for database #2
#suffix         "dc=debian,dc=org"

 

Additionally you have to edit the LDAP configuration file.

vi /etc/ldap/ldap.conf

Add the following lines:

host 127.0.0.1
base dc=example,dc=com

Afterwards restart the LDAP server.

/etc/init.d/slapd restart


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by carlitus (not registered) on Tue, 2011-10-25 17:41.
Hi folks! I know, this howto is pretty old but still applicable. Let me give my 2 cents...

I installed it on Debian Lenny, and works great. But you should edit /etc/apt/preferences and add this, before installing required packages:

Package: *
Pin: origin mds.mandriva.org
Pin-Priority: 1001;
This should give priority to MDS packages, and force it to install bind9 from MDS repository instead Lenny's package. If bind9 .deb from Lenny sources is installed, you'll get DNS failures, bind9 will not load internal DNS zones because it doesn't have ldap support. 
 
Sorry if I did some grammar mistakes, this is not my native language and I need more English lessons. :)
Submitted by alvarod_silva (registered user) on Mon, 2010-02-08 01:02.

 Hi Oliver,

 Sorry to botther you putting this comment asking for help, but since Dovecot had a upgraded version, the last line at /etc/dovecot/dovecot-ldap.conf that says "user_global_gid=mail" its not longer usefull, as I've trying to put dovecot to run and I receive this message (at log file): Error: Error in configuration file /etc/dovecot/dovecot-ldap.conf line 11: Unknown setting: user_global_gid.

Do you have any ideas about this problem? If is there any help you could give me on this problem, I'd be appreciated...

Also, when I try to connect using the Microsoft outlook client mail, its just not working either...I know its because dovecot its not runnig, but since I commented in the line "user_global_gid=mail" and get dovecot running again, the service still not working......

 

 

 

Submitted by Anonymous (not registered) on Fri, 2009-10-23 07:35.

I can't authenticate any mail user 

telnet x.x.x.x 110

USER user

PASS pass

-ERR Authentication Failed

 My dovecot-ldap.conf

hosts = x.x.x.x
auth_bind = yes
#auth_bind = no
ldap_version = 3
base = dc=test,dc=local
scope = subtree
user_attrs = homeDirectory=home,uidNumber=uid,mailbox=mail,mailuserquota=quota=maildir:storage
user_filter = (&(objectClass=mailAccount)(mail=%u)(mailenable=OK))
pass_attrs = mail=user,userPassword=password
pass_filter = (&(objectClass=mailAccount)(mail=%u)(mailenable=OK))
default_pass_scheme = CRYPT
user_global_gid = mail

 

Any ideas? :)

Thx

Submitted by maumar (registered user) on Fri, 2009-05-08 00:34.

i followed literally the first age of howto and i got this error:

May  8 03:21:20 pdc slapd[2396]: /etc/ldap/slapd.conf: line 24: unknown directive <schemacheck> outside backend info and database definitions.

i fixed commenting this line

 after fixed, retarted slapd and got:

 /etc/ldap/slapd.conf: line 47: unknown directive <checkpoint> outside backend info and database definitions.
fixed this, too, commentig it

 

debian lenny with all packages updated

Submitted by Alder (not registered) on Fri, 2009-05-29 10:19.

Simply delete schemacheck on. 

my system debian lenny with all packages updated

Submitted by NOKSY (registered user) on Thu, 2009-02-05 10:52.

Hi all,

I'm following this "Howto" step by step, but when i  enter this command :

chown -R :"Domain Users" /home/samba/

I have this error message : chown : ':Domain Users' : Invalid group

 

Do you have an idea please ?

 

Thanks

Submitted by Alder (not registered) on Fri, 2009-05-29 10:20.

Try this 

chown -R "Domain Users" /home/samba/

debian lenny

Submitted by alvarod_silva (registered user) on Sun, 2009-04-12 20:21.

Hi NOKSY Sorry to being late at your answer. I've been doing this server for about a 2 years and it's just no a normal issue setting up this server. About this error I could say that you' re missing some part of the tutorial, as I've done this server again perfectly 2 days ago. Try to read all the tutorial first, then you proceed to install it. It's very confuse, but at the end you will discover its a very functional tool that saves a lot of time.

Submitted by alvarod_silva (registered user) on Sun, 2008-06-01 20:53.

Could you take a look at this output from my server and tell me what could be wrong?? This output came from the last step of MDS Server Setup, and its killing me !! Thanks man, I'll really appreciate your help on this....

PS: I've tried to send you a PM, but it says that I don't have 3 counts on my posts, I really didn't get that, but, whatever, you should ignore this comment and just send me a answer by mail, thanks!


No option 'bindgroup' in section: 'dns'
Traceback (most recent call last):
  File "/var/lib/python-support/python2.4/mmc/agent.py", line 339, in agentService
    if (func()):
  File "/var/lib/python-support/python2.4/mmc/plugins/network/__init__.py", line 50, in activate
    config = NetworkConfig("network")
  File "/var/lib/python-support/python2.4/mmc/support/config.py", line 81, in __init__
    self.readConf()
  File "/var/lib/python-support/python2.4/mmc/plugins/network/__init__.py", line 340, in readConf
    self.bindGroup = self.get("dns", "bindgroup")
  File "ConfigParser.py", line 520, in get
    raise NoOptionError(option, section)
NoOptionError: No option 'bindgroup' in section: 'dns'
Error while trying to load plugin samba
{'info': 'no global superior knowledge', 'desc': 'Server is unwilling to perform'}
Traceback (most recent call last):
  File "/var/lib/python-support/python2.4/mmc/agent.py", line 339, in agentService
    if (func()):
  File "/var/lib/python-support/python2.4/mmc/plugins/samba/__init__.py", line 129, in activate
    samba.addOu(ouName, path)
  File "/var/lib/python-support/python2.4/mmc/plugins/base/__init__.py", line 1718, in addOu
    self.l.add_s(addrdn,attributes)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 163, in add_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 405, in result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 409, in result2
    res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 415, in result3
    rtype, rdata, rmsgid, serverctrls = self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call
    result = func(*args,**kwargs)
UNWILLING_TO_PERFORM: {'info': 'no global superior knowledge', 'desc': 'Server is unwilling to perform'}

Submitted by alvarod_silva (registered user) on Fri, 2008-05-30 19:48.

It seems to have some kind of error at the end of this installation. Before, I've finished everything just fine, but in about 2 days ago, I didn't get my server done in any way I tried. Its seems to be a error on the Samba Schema or something. I wish I had that log to show you.....if you notice something, please let me know, ok?

Thanks a lot 

Submitted by alvarod_silva (registered user) on Sun, 2008-04-06 06:06.

Hi Oliver, how's everything?

I 've got taked a look at my memory status and its seems that processing jobs be a little bit up, is that normal? I 've got a 3.0 GB virtualized memory and its seems to be anormal, and please if you have a suggestion please show me A.S.A.P. Thanks...

Submitted by alvarod_silva (registered user) on Fri, 2008-02-22 20:57.

Hi o.meyer,

 I've got some questions about your installation, but I know it that is me the wrong part, but let me understand something: When I just finish to update the system, and step over to install LDAP, after the install I've got some error messages at the boot time. Is it normal? It says ldap://127.0.0.1 - could not connect - Invalid Credentials .

Wich file do I have deal to stop this problem? Can I set my ip address to 192.168.1.0 instead of 127.0.0.1?

Another question is: Where I find "server1.example.com", I've tried to change the names using my account on dyndns.org . Is there any problems?

And the file that controls SAMBA and LDAP servers (smb.conf) says at the first line: workgroup = DYNDNS. Can I use that way??

Regards,

Alvaro Gomes

(Ps.: Your article is a great and fantastic tool that helps a lot o people over the world, when the subject is Technology of servers. Thanks again for the article, it was great)

Submitted by o.meyer (registered user) on Sun, 2008-02-24 13:59.

Hi Alvaro Gomes,

1.) Yes, the error messages are normal - it's an old udev-bug known since 2006 or earlier. Simply ignore it.

2.) You can change your hostname to whatever you want (in a LAN) :) Have a look at step 1.2 .

3.) Edit the workgroup as you like - but keep in mind that you have to replace some commands in this howto, that they fit to your workgroup.

Best regards,

Olli 

Submitted by alvarod_silva (registered user) on Mon, 2008-02-25 16:11.

Thanks for your answer, and again I did raise another question about this system, please don't take me on the wrong way, what I just trying to do is get this solution (for me specially) on the framework, so this way we could install this solution in big scale (production)

Well, about the management of the LDAP Server based on Mandriva directory server, I wish I could have the management out of the site, so this way we can control everything (remote management). I did open the port on the firewall side (smoothwall, port 443) but I'm still stucked c'ause when I try to access it I've got the message: Forbidden. I tried to review the configuration, but nothing yet...Could you help me on this issue:? Thanks again

 Best regards,

 

Álvaro Gomes
 

Submitted by o.meyer (registered user) on Tue, 2008-02-26 21:31.

Hi Álvaro,

for security reasons I configured the system that it is only accessible from the local network.

If you want to access the MMC from outside, you have to modify the settings for the https vhost (step 16.3.2). Change "Allow from 192.168.0.0/24" to "Allow from all". Afterwards restart the webserver (/etc/init.d/apache2 restart). Additionally you have to adjust the firewall settings that port 443 will be forwarded to the MDS.

Best regards,

Olli 

Submitted by alvarod_silva (registered user) on Fri, 2008-03-07 04:14.

Just passing by to say that tool is fantastic!!!! I've good things coming up here; think to the possibility to come to Brazil and make like a partnership program with us.....We'll work with a lot of big companies and I think to implement this tool.....Acctually I've been asked about this tool, and its great the fact we could make a very powerfull server with a lot of resources, using low hardware and high space.......Well, anyway I would like to say that you're invite come to Brazil anytime.......

 

My Best regards,

 

Submitted by alvarod_silva (registered user) on Sun, 2008-03-02 02:02.

Thanks for this solution Oliver,

 This help me a lot..........Feel free if you need anything (like test some solution, whatever) to contact me anytime

My best regards, 

Submitted by Peter (not registered) on Sun, 2009-08-16 02:31.

I got stuck on this and need some help:

/etc/ldap/slapd.conf is missing in my system. I get slapd.d in /etc/ldap/ but nothig like slapd.conf. Can anyone help ?