This is a very incomplete work in progress.

$ sudo pkg_add openldap-server

# /etc/openldap/slapd.conf
...
pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args
...
suffix          "dc=narf,dc=net"
rootdn          "cn=Manager,dc=narf,dc=net"
rootpw          {SSHA}SEE_BELOW

The root password is generated using slappasswd.

$ /usr/local/sbin/slappasswd
New password:
Re-enter new password:
{SSHA}SEE_BELOW

The files in /var/run have to be created beforehand

$ sudo touch /var/run/slapd.{pid,args}
$ sudo chown _openldap:_openldap /var/run/slapd.{pid,args}

# /etc/rc.local
...
if [ "$slapd_flags" != "NO" -a -x /usr/local/libexec/slapd ]; then
    install -d -o _openldap /var/run/openldap
    /usr/local/libexec/slapd $slapd_flags
    echo -n ' slapd'
fi

# /etc/rc.conf.local 
...
slapd_flags="-u _openldap" # -h ldap:// ldaps://

$ sudo pkg_add openldap-client

# /etc/openldap/ldap.conf 
...
BASE   dc=narf, dc=net
URI    ldap://ldap.narf.ssji.net # I'd like to *really* have narf.net...

$ ldapsearch -x -b 'dc=narf,dc=net' '(objectclass=*)'

# /etc/changelist
...
+/etc/openldap/sldap.conf
/etc/openldap/ldap.conf

Last time this solution was tried, on the LDAP-server running machine, it resulted in lockups at boot as the system hung trying to get users entry from the not-started-yet LDAP server.

• Trac
• SMTPd