This is a very incomplete work in progress.

Since 4.8, OpenBSD comes with a simple ldapd(8) with just what's needed for user authentication (currently working with ownCloud and Wordpress).

$ sudo pkg_add openldap-server

# /etc/openldap/slapd.conf
...
pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args
...
suffix          "dc=narf,dc=net"
rootdn          "cn=Manager,dc=narf,dc=net"
rootpw          {SSHA}SEE_BELOW

The root password is generated using slappasswd.

$ /usr/local/sbin/slappasswd
New password:
Re-enter new password:
{SSHA}SEE_BELOW

The files in /var/run have to be created beforehand

$ sudo touch /var/run/slapd.{pid,args}
$ sudo chown _openldap:_openldap /var/run/slapd.{pid,args}

# /etc/rc.local
...
if [ "$slapd_flags" != "NO" -a -x /usr/local/libexec/slapd ]; then
    install -d -o _openldap /var/run/openldap
    /usr/local/libexec/slapd $slapd_flags
    echo -n ' slapd'
fi

# /etc/rc.conf.local 
...
slapd_flags="-u _openldap" # -h ldap:// ldaps://

$ sudo pkg_add openldap-client

# /etc/openldap/ldap.conf 
...
BASE   dc=narf, dc=net
URI    ldap://ldap.narf.ssji.net # I'd like to *really* have narf.net...

$ ldapsearch -x -b 'dc=narf,dc=net' '(objectclass=*)'

# /etc/changelist
...
+/etc/openldap/sldap.conf
/etc/openldap/ldap.conf

Last time this solution was tried, on the LDAP-server running machine, it resulted in lockups at boot as the system hung trying to get users entry from the not-started-yet LDAP server.

• Trac
• SMTPd

This GIST in Python

>>> import openldap_passwd
>>> openldap_passwd.make_secret("correcthorsebatterystaples")
'{SSHA}A+DN5tKvr8YNPoh9RCDxQ1m2ZqOu8O7z'

ServerFault to the rescue:

$ XXXX < EOF
dn: cn=Alice, ou=Users, o=example, c=com
changetype: modify
replace: userPassword
userPassword: {SSHA}A+DN5tKvr8YNPoh9RCDxQ1m2ZqOu8O7z
EOF