[Date Prev][Date Next] [Chronological] [Thread] [Top]

Red Hat RPM Install Woes



Hi all,

As you can judge by this message's timestamp, I've been working on
this for several hours. :)

I'm trying to get OpenLDAP going on a RH 7.1 machine for a SourceForge
installation.  I've installed the RPMs (openldap, openldap-devel,
-servers, -clients) for version 2.0.7-14. Things seem to start fine
when running "/etc/init.d/ldap start", and there are no errors in
/var/log/messages.

However, I can't get ldapsearch to bind to the server. I tried
"ldapsearch -x -b '' -s base '(objectclass=*)' namingContents", and
"ldapsearch -s base -b '' -h localhost -p 389 'objectclass=*'".

The error is "Can't contact LDAP server".

"netstat -lp" says that slapd is listening on the ldap port (I guess
389). I also was able to build the latest distribution from source and
"make test" successfully.

I really don't know too much about LDAP and OpenLDAP, so I feel like
it's some stupid configuration issue on my part, or some weirdness in
the Red Hat setup. Can someone help me out? I tried the default config
files that came with the source, and that didn't work.  I'm attaching
my current ldap.conf and slapd.conf.

Thanks a lot,
David

_________________________________________________________________________
David Coppit - Ph.D. Candidate         david@coppit.org
The University of Virginia             http://coppit.org/
    "Yes," said Piglet, "Rabbit has Brain." There was a long silence.
"I suppose," said Pooh, "that that's why he never understands anything."
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/redhat/rfc822-MailMember.schema
include		/etc/openldap/schema/redhat/autofs.schema
include		/etc/openldap/schema/redhat/kerberosobject.schema
include		/etc/openldap/schema/sourceforge.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile	/var/run/slapd.pid
argsfile	/var/run/slapd.args

# Load dynamic backend modules:
# modulepath	/usr/sbin/openldap
# moduleload	back_ldap.la
# moduleload	back_ldbm.la
# moduleload	back_passwd.la
# moduleload	back_shell.la

# To allow TLS-enabled connections, create /usr/share/ssl/certs/slapd.pem
# and uncomment the following lines.
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

#######################################################################
# ldbm database definitions
#######################################################################

database	ldbm
suffix		"o=SourceForge Internal Service, c=DE"
#suffix		"o=My Organization Name, c=US"
rootdn		"cn=Manager, o=SourceForge Internal Service, c=DE"
#rootdn		"cn=Manager, o=My Organization Name, c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		secret
# rootpw		{crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND 
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory	/var/lib/ldap
# Indices to maintain
#index	objectClass				eq
#index	objectClass,uid,uidNumber,gidNumber	eq
#index	cn,mail,surname,givenname		eq,subinitial
index	objectclass				eq
index	uid					pres,eq,sub
index	cn,sn					pres,eq,sub,subany

dbnosync
dbnolocking
# @(#)$Id: ldap.conf,v 2.17 2001/01/09 02:59:44 lukeh Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#
# PADL Software
# http://www.padl.com
#

# Your LDAP server. Must be resolvable without using LDAP.
host 127.0.0.1

# The distinguished name of the search base.
base dc=example,dc=com
#base o=SourceForge Internal Service,c=DE

# The LDAP version to use (defaults to 3
# if supported by client library)
#ldap_version 3

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=proxyuser,dc=example,dc=com

# The credentials to bind with. 
# Optional: default is no credential.
#bindpw secret

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=manager,dc=example,dc=com

# The port.
# Optional: default is 389.
#port 389

# The search scope.
#scope sub
#scope one
#scope base

# Search timelimit
#timelimit 30

# Bind timelimit
# If using Netscape SDK 4.x, this is used to
# set the TCP connection timeout as well as the
# bind timelimit.
#bind_timelimit 30

# Filter to AND with uid=%s
#pam_filter objectclass=account

# The user ID attribute (defaults to uid)
#pam_login_attribute uid

# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes

# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com

# Group member attribute
#pam_member_attribute uniquemember

# Template login attribute, default template user
# (can be overriden by value of former attribute
# in user's entry)
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody

# HEADS UP: the pam_crypt, pam_nds_passwd,
# and pam_ad_passwd options are no
# longer supported.

# Do not hash the password at all; presume
# the directory server will do it, if
# necessary.
#pam_password clear

# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service. This is the default.
#pam_password crypt

# Remove old password first, then update in
# cleartext. Necessary for use with Novell
# Directory Services (NDS)
#pam_password nds

# Update Active Directory password, by
# creating Unicode password and updating
# unicodePwd attribute.
#pam_password ad

# Use the OpenLDAP password change
# extended operation to update the password.
#pam_password exop

# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX		base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd	ou=People,
# to append the default base DN but this
# may incur a small performance impact.
#nss_base_passwd	ou=People,dc=example,dc=com?one
#nss_base_shadow	ou=People,dc=example,dc=com?one
#nss_base_group		ou=Group,dc=example,dc=com?one
#nss_base_hosts		ou=Hosts,dc=example,dc=com?one
#nss_base_services	ou=Services,dc=example,dc=com?one
#nss_base_networks	ou=Networks,dc=example,dc=com?one
#nss_base_protocols	ou=Protocols,dc=example,dc=com?one
#nss_base_rpc		ou=Rpc,dc=example,dc=com?one
#nss_base_ethers	ou=Ethers,dc=example,dc=com?one
#nss_base_netmasks	ou=Networks,dc=example,dc=com?ne
#nss_base_bootparams	ou=Ethers,dc=example,dc=com?one
#nss_base_aliases	ou=Aliases,dc=example,dc=com?one
#nss_base_netgroup	ou=Netgroup,dc=example,dc=com?one

ssl no