When installing the openldap-servers package provided by Rocky Plus (openldap-2.4.46-18.el8.src.rpm), I found a problem with the openldap’s frontend database which was already addressed in EL 7 in 2014:
Due to the missing object class “olcFrontendConfig” for the frontend in slapd.ldif, you are not able to make use of frontend properties provided by modules.
For example, without this object class it is not possible to set secure password hashes from the “pw-sha2” module.
Resources:
Do you have an Idea where to file this bug since it was solved in the past?
I can’t answer that. When it was clear that RHEL8 has no openldap-servers, I did install the “dirsrv”, package 389-ds-base, and migrated database from openldap. IIRC, I had to do some sed renames on the dump before importing it, and the ACL’s are done differently. Overall, that process was quite effortless. That is to day that there is an alternative.
I’d be curious to see if this issue is still in Fedora. If it is, then you can still report the issue to bugzilla.redhat.com, because I don’t think they’ll accept issues with openldap-servers for EL8 unless they bring it back (I don’t think they will).
You should be able to fix the config files manually and restart the service. It’ll give you warnings in the logs, but it won’t affect the service running. Any future changes you do to it via ldapmodify will make the warnings go away.
Thanks for the replies. I did the latter, which got my setup working. When I find some time, i will look if the problem also exists in the Fedora Repo.