[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL authentication - please help
Hello,
Yes, I did create a saslpasswd file - see step 69 & 70 in the cited
installation guide (bottom of this email). It did show output as follows:
user: LDAProot realm: server.company.com mech: DIGEST-MD5
user: LDAProot realm: server.company.com mech: PLAIN
user: LDAProot realm: server.company.com mech: CRAM-MD5
I believe that there is a problem with the RootDSE entry for the slave
server. It does not show any values for the supportedSASLMechanisms
attribute. This is despite a compile from source on a fresh system.
Thanks for trying. Any other helpful comments will be greatly appreciated.
On Friday 24 August 2001 06:40 am, Tarjei Huse wrote:
> Have you created a saslpasswd file? E.g.:
> ./saslpasswd cyrus
> ?
> You must have done this to let OL check for mechanisms.
>
> > After 25 hours of work on installing OpenLDAP 2.0.11 with SASL, I'm
>
> writing
>
> > to you for help. I realize this is one of the most commonly asked
>
> questions
>
> > on the list. I have already reviewed the 518 posts that are in the list
> > archive (search for "SASL;2001") and have not found my answer. However,
> > I have printed out and followed the instructions in those that seemed
> > most promising. I have also reviewed the man pages, the systems
> > administrators guide, an "Exchange Server Replacement How-To", and a
> > "LDAP v3 How-To" by Turbo Fredrikson.
> >
> > I would like to use SASL to encrypt the username & password used in
> > replication. I don't mind if the rest of the replication traffic goes
>
> plain
>
> > text over the wire - user passwords aren't being stored on the LDAP
>
> server.
>
> > I don't see any need to install Kerberos. You'll note in the
> > installation instructions, I specifically mention OpenSSL - I don't
> > believe this is required to use SASL but I've installed it "just in
> > case".
> >
> > My most recent attempt was working on a clean install on a blank hard
>
> drive.
>
> > I would like to present you with the problem, and with the steps I have
>
> taken
>
> > to install the relevant software. These steps are being written as part
>
> of
>
> > an installation guide for a project I am working on. So that you know,
> > OpenLDAP, OpenSSL, and Cyrus SASL are all compiled from the most recent
> > source versions. As well, I confirmed that SASL was working using the
> > sample-server and sample-client programs. The 'make test' for OpenLDAP
> > completed without error.
> >
> > I am doing this in the hopes that someone who has successfully configured
> > OpenLDAP with SASL will email me with a solution, or some direction to
>
> take.
>
> > I have followed what few instructions that I have found to the best of my
> > abilities.
> >
> > Note: this is a long email. If you feel like skipping down to the next
> > section, use your find command and look for ---
> >
> > ---The problem, as seen from the client machine---
> >
> > [root@server /root]# ldapsearch -x -b "" -s base -LLL
>
> supportedSASLMechanisms
>
> > dn:
> >
> > [root@server /root]# ldapsearch -d 2
> > ber_flush: 64 bytes to sd 3
> > 0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02
>
> 0>...c9.........
>
> > 0010: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74
>
> ..........object
>
> > 0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74
>
> class0...support
>
> > 0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73
>
> edSASLMechanisms
>
> > ldap_write: want=64, written=64
> > 0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02
>
> 0>...c9.........
>
> > 0010: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74
>
> ..........object
>
> > 0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74
>
> class0...support
>
> > 0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73
>
> edSASLMechanisms
>
> > ldap_read: want=1, got=1
> > 0000: 30 0
> > ldap_read: want=1, got=1
> > 0000: 09 .
> > ldap_read: want=9, got=9
> > 0000: 02 01 01 64 04 04 00 30 00 ...d...0.
> > ldap_read: want=1, got=1
> > 0000: 30 0
> > ldap_read: want=1, got=1
> > 0000: 0c .
> > ldap_read: want=12, got=12
> > 0000: 02 01 01 65 07 0a 01 00 04 00 04 00 ...e........
> > request 1 done
> > ldap_sasl_interactive_bind_s: No such attribute
> >
> > ---The problem, as seen from the primary LDAP server---
> >
> > [root@ldap openldap]# /usr/local/libexec/slurpd -d 255
> > Config: opening config file "/usr/local/etc/openldap/slapd.conf"
> > Config: (include
>
> /usr/local/etc/openldap/schema/core.schema)
>
> > Config: (include
>
> /usr/local/etc/openldap/schema/cosine.schema)
>
> > Config: (include
> > /usr/local/etc/openldap/schema/inetorgperson.schema)
> > Config: (include
>
> /usr/local/etc/openldap/schema/local.schema)
>
> > Config: (pidfile /usr/local/var/slapd.pid)
> > Config: (argsfile /usr/local/var/slapd.args)
> > Config: (loglevel 0)
> > Config: (idletimeout 30)
> > Config: (sizelimit 100)
> > Config: (timelimit 120)
> > Config: (defaultsearchbase "dc=company,dc=com")
> > Config: (schemacheck on)
> > Config: (database ldbm)
> > Config: (replica host=server.company.com:389
> > binddn="cn=LDAProot,dc=company,dc=com" bindmethod=sasl
>
> saslmech=DIGEST-MD5
>
> > authcID="server.company.com" realm=server.company.com
> > credentials="c19vffxx")
> > Config: ** successfully added replica "server.company.com:389"
> > Config: (replogfile /usr/local/etc/openldap/replog/replog.log)
> > Config: (lastmod off)
> > Config: (suffix "dc=company,dc=com")
> > Config: (rootdn "cn=LDAProot,dc=company,dc=com")
> > Config: (rootpw {crypt}SAf0p11tbz3MQ)
> > Config: (directory /usr/local/var/openldap-ldbm)
> > Config: (index objectClass eq,pres)
> > Config: (index uid eq)
> > Config: (index cn eq,sub)
> > Config: (index mail eq,pres,sub)
> > Config: (index givenName eq,sub)
> > Config: (index sn eq,sub)
> > Config: (index o eq,sub)
> > Config: (access to attr=userPassword by dn="cn=LDAPRoot, dc=company,
> > dc=com" write by * none)
> > Config: (access to * by anonymous read by dn="cn=LDAPRoot,
> > dc=company, dc=com" write)
> > Config: (dbnolocking)
> > Config: (dbnosync)
> > Config: (cachesize 10000)
> > Config: (dbcachesize 100000)
> > Config: ** configuration file successfully read and parsed
> > Retrieved state information for server.company.com:389 (timestamp
>
> 997309400.0)
>
> > begin replication thread for server.company.com:389
> > Replica server.company.com:389, skip repl record for
> > uid=Roman_Gebhart,ou=Distributors,dc=company,dc=com (old)
> > Initializing session to server.company.com:389
> > ldap_create
> > bind to server.company.com as server.company.com via DIGEST-MD5 (SASL)
> > ldap_interactive_sasl_bind_s: user selected: DIGEST-MD5
> > ldap_int_sasl_bind: DIGEST-MD5
> > ldap_new_connection
> > ldap_int_open_connection
> > ldap_connect_to_host
> > ldap_new_socket: 6
> > ldap_prepare_socket: 6
> > ldap_connect_to_host: Trying 192.168.1.2:389
> > ldap_connect_timeout: fd: 6 tm: -1 async: 0
> > ldap_ndelay_on: 6
> > ldap_is_sock_ready: 6
> > ldap_ndelay_off: 6
> > ldap_int_sasl_open: server.company.com
> > ldap_sasl_bind_s
> > ldap_sasl_bind
> > ldap_send_initial_request
> > ldap_send_server_request
> > ber_flush: 54 bytes to sd 6
> > 0000: 30 34 02 01 01 60 2f 02 01 03 04 1c 63 6e 3d 4c
>
> 04...`/.....cn=L
>
> > 0010: 44 41 50 72 6f 6f 74 2c 64 63 3d 73 61 66 65 63
>
> DAProot,dc=compan
>
> > 0020: 6f 2c 64 63 3d 63 6f 6d a3 0c 04 0a 44 49 47 45
>
> y,dc=com....DIGE
>
> > 0030: 53 54 2d 4d 44 35 ST-MD5
> > ldap_write: want=54, written=54
> > 0000: 30 34 02 01 01 60 2f 02 01 03 04 1c 63 6e 3d 4c
>
> 04...`/.....cn=L
>
> > 0010: 44 41 50 72 6f 6f 74 2c 64 63 3d 73 61 66 65 63
>
> DAProot,dc=compan
>
> > 0020: 6f 2c 64 63 3d 63 6f 6d a3 0c 04 0a 44 49 47 45
>
> y,dc=com....DIGE
>
> > 0030: 53 54 2d 4d 44 35 ST-MD5
> > ldap_result msgid 1
> > ldap_chkResponseList for msgid=1, all=1
> > ldap_chkResponseList returns NULL
> > wait4msg (infinite timeout), msgid 1
> > wait4msg continue, msgid 1, all 1
> > ** Connections:
> > * host: server.company.com port: 389 (default)
> > refcnt: 2 status: Connected
> > last used: Thu Aug 23 12:31:48 2001
> >
> > ** Outstanding Requests:
> > * msgid 1, origid 1, status InProgress
> > outstanding referrals 0, parent count 0
> > ** Response Queue:
> > Empty
> > ldap_chkResponseList for msgid=1, all=1
> > ldap_chkResponseList returns NULL
> > do_ldap_select
> > read1msg: msgid 1, all 1
> > ber_get_next
> > ldap_read: want=1, got=1
> > 0000: 30 0
> > ldap_read: want=1, got=1
> > 0000: 0c .
> > ldap_read: want=12, got=12
> > 0000: 02 01 01 61 07 0a 01 07 04 00 04 00 ...a........
> > ber_get_next: tag 0x30 len 12 contents:
> > ber_dump: buf=0x0807f120 ptr=0x0807f120 end=0x0807f12c len=12
> > 0000: 02 01 01 61 07 0a 01 07 04 00 04 00 ...a........
> > ldap_read: message type bind msgid 1, original id 1
> > ber_scanf fmt ({iaa) ber:
> > ber_dump: buf=0x0807f120 ptr=0x0807f123 end=0x0807f12c len=9
> > 0000: 61 07 0a 01 07 04 00 04 00 a........
> > read1msg: 0 new referrals
> > read1msg: mark request completed, id = 1
> > request 1 done
> > res_errno: 0, res_error: <>, res_matched: <>
> > ldap_free_request (origid 1, msgid 1)
> > ldap_free_connection
> > ldap_free_connection: refcnt 1
> > ldap_parse_sasl_bind_result
> > ber_scanf fmt ({iaa) ber:
> > ber_dump: buf=0x0807f120 ptr=0x0807f123 end=0x0807f12c len=9
> > 0000: 61 07 0a 01 07 04 00 04 00 a........
> > ldap_msgfree
> > ldap_err2string
> > Error: LDAP SASL for server.company.com:389 failed: Authentication method
>
> not
>
> > supported
> > ldap_unbind
> > ldap_free_connection
> > ldap_send_unbind
> > ber_flush: 7 bytes to sd 6
> > 0000: 30 05 02 01 02 42 00 0....B.
> > ldap_write: want=7, written=7
> > 0000: 30 05 02 01 02 42 00 0....B.
> > ldap_free_connection: actually freed
> > fm: exiting
> > Retrying operation for DN uid=roman_g,ou=Distributors,dc=company,dc=com
> > on replica server.company.com:389
> > end replication thread for server.company.com:389
> > slurpd: terminated.[
> >
> > --- Steps to Reproduce ---
> >
> > 1.To begin, insert Red Hat Linux CD 1 in the CD-ROM drive. Turn off the
> > computer and turn it on again.
> > 2."Welcome to Red Hat Linux 7.1" will appear on screen. Press the ENTER
>
> key.
>
> > 3.Debugging information will appear on screen. The screen will briefly
>
> turn
>
> > blue, and then additional debugging information will appear. Wait for
> > the Red Hat logo to appear on screen.
> > 4.In Language Selection, confirm that "English" is selected and press
>
> Next.
>
> > 5.In Keyboard Configuration, confirm that "Generic 105-key (Intl) PC" is
> > selected. Confirm that U.S. English is selected. Select "Disable dead
>
> keys."
>
> > Press Next.
> > 6.In Mouse Configuration, select "2 Button Mouse (PS/2)". Select
> > "Emulate
>
> 3
>
> > buttons". Press next.
> > 7.On the Welcome to Red Hat Linux screen, press Next.
> > 8.In Install Options, select "Server System".
> > 9.In Disk Partitioning, select "Manually partition with Disk Druid" and
>
> press
>
> > Next
> > 10.Using the mouse, delete any existing partitions. Using the Add
> > button, add the following partitions:
> > Mount point: (Not set) Size = 2x Physical RAM in server. Partition Type:
> > Linux Swap.
> > Mount point: /var Size = 650 Partition Type: Linux Native
> > Mount point: / Use remaining space - checked. Partition Type: Linux
>
> Native.
>
> > 11.In Choose Partitions to Format select all partitions. As well, select
> > "Check for bad blocks while formatting".
> > 12.In Network Configuration, select the eth0 tab. Clear "Configure using
> > DHCP." Type in the appropriate values for IP address, NetMask, Network,
> > Broadcast, Hostname, Gateway, and the DNS servers. If there are multiple
> > NICs in the server, select the eth1, eth2, etc. tabs and set appropriate
> > values.
> > 13.In Firewall Configuration, select "No Firewall". Later in this guide,
>
> the
>
> > Bastille Firewall will be installed. Detailed instructions for how to
> > configure this firewall are provided in the Red Hat Linux Configuration
> > Guide. Press Next.
> > 14.In Language Support Selection, confirm that "English (USA)" is
>
> selected.
>
> > Press Next.
> > 15.In Time Zone Selection, select "America/Vancouver". Press Next.
> > 16.In Account Configuration, type the Root Password in "Root Password"
> > and
>
> in
>
> > "Confirm". Add a second account admin with the following properties:
> > Account Name: admin
> > Password: (your password)
> > Password (confirm): (your password)
> > Full Name: administrative user
> > Press "Add" to add the new account. Do not add additional accounts at
>
> this
>
> > time.
> > 17.In Selecting Package Groups, confirm that all packages are cleared.
> > Select "Select individual packages", and press Next.
> > 18.The next screen will be titled "Individual Package Selection". A
> > tree-view of available package categories will appear on the left side of
>
> the
>
> > screen, while individual packages appear on the right.
> > Applications - Communications: press "Unselect all in group".
> > Applications - Editors: press "Unselect all in group".
> > Applications - Internet: clear "elm", "fetchmail", "finger", "ftp", "im",
> > "metamail", "ncftp", "nmh", "pine", "rsh", "rsync", "slrn", "talk", and
> > "telnet".
> > Applications - Publishing: clear "ghostscript" and "ghostscript-fonts".
> > Applications - System: clear "isdn4k-utils". Select "linuxconf" and
> > "mtools". Clear "rdist". Select "samba-client" and "samba-common".
> > Development - Libraries - clear openssl-devel
> > System Environment - Base: clear "chkfontpath".
> > System Environment - Daemons: clear "LPRng", "XFree86-xfs", "anonftp",
> > "finger server", "inews", "ppp", "printconf", "rp-ppoe", "rsh-server",
> > "rusers", "rusers-server", "rwall", "rwall-server", "rwho",
> > "talk-server", "telnet-server", "wu-ftpd", and "wvdial".
> > System Environment - Kernel: select "kernel-enterprise".
> > System Environment - Libraries: clear "VFlib2"
> > User Environment - X: clear "urw-fonts" and "xtt-fonts".
> > 17.Press Next.
> > 18.In About to Install, press Next.
> > 19.In Installing Packages, the file system will be formatted. Packages
>
> will
>
> > be copied to the hard disk. When prompted, insert Red Hat Linux Disk Two
> > into the CD-ROM drive and press Ok.
> > 20.In Boot Disk Creation, insert a blank floppy disk into the floppy
> > drive and press Next. The boot disk will be created.
> > 21.In Congratulations, remove the floppy disk from the drive. Label this
> > "BOOT FLOPPY" and do not lose it. Press Exit.
> > 22.The system will shut down and the CD-ROM will eject. IMMEDIATELY
>
> remove
>
> > the CD-ROM from the drive.
> > 23.Lilo will show. You do not need to press Enter for Linux to boot.
> > 24.Linux boot messages will show. Services will start, and network
> > interfaces will start. When "Red Hat Linux release 7.1 (Seawolf)" appears
>
> on
>
> > screen, you may continue.
> > Updating Linux with post-release fixes
> > 25.Log in as root.
> > 26.Insert the Project CD-ROM into the CD-ROM drive.
> > 27.Mount the CD-ROM by typing mount /mnt/cdrom
> > 28.Switch to the updates folder of the CD-ROM by typing cd
>
> /mnt/cdrom/updates
>
> > 29.Type rpm -Uvh gcc/libstdc++-2.96-85.i386.rpm
> > gcc/libstdc++-devel-2.96-85.i386.rpm and press Enter.
> > 30.Type rpm -Uvh gnupg/gnupg-1.0.6-1.i386.rpm and press Enter.
> > 31.Type rpm -Uvh mount/losetup-2.11b-3.i386.rpm
>
> mount/mount-2.11b-3.i386.rpm
>
> > and press Enter.
> > 32.Type rpm -Uvh xinetd/xinetd-2.3.0-1.71.i386.rpm and press Enter.
> > 33.Type cat /etc/lilo.conf and look for the section that starts with
> > image=/boot/vmlinuz-2.4.2-2 . This indicates which hard disk partition
>
> Linux
>
> > is installed on. Make a note of the line that begins with root= . For
> > example, root=/dev/hda2 .
> > 34.Type rpm -ivh kernel/i686/kernel-enterprise-2.4.3-12.i686.rpm and
> > press Enter.
> > 35.Type vi /etc/lilo.conf and press Enter.
> > 36.Move the cursor down to the end of the file and press a. Type the
> > following lines below, replacing /dev/hdaXX with the value you determined
>
> in
>
> > step 33.
> > image = /boot/vmlinuz-2.4.3-12
> > label = linux
> > root = /dev/hdaXX
> > 37.Find the section that begins with image=/boot/vmlinuz-2.4.2-2 . Move
>
> the
>
> > cursor down to the line that says label = linux . Modify this line to
>
> read
>
> > label = linux.old .
> > 38.Press the Escape key, type :w and press Enter. Type :q and press
>
> Enter.
>
> > 39.Type lilo -v and press Enter.
> > 40.Type cd and press Enter.
> > 41.Type umount mnt/cdrom and press Enter. You do not need to remove the
> > CD-ROM from the CD-ROM drive.
> > 42.Type cd and press Enter.
> > 43.Type source .bash_profile and press Enter.
> > 44.Type shutdown now -r and press Enter. The server will reboot.
> > 45.The Lilo screen will be shown with two choices - linux and linux old.
>
> You
>
> > do not need to press Enter for the boot sequence to continue.
> > 46.Once again, log in as root.
> > 47.Type mkbootdisk --device /dev/fd0 2.4.3-12 and press Enter. Press
>
> Enter a
>
> > second time. This updates the boot disk with information about the new
> > kernel. Label this disk as (servername) Boot Disk
> > Installing Bastille
> > 48.Mount the CD-ROM with the command mount /mnt/cdrom . Press Enter.
> > 49.Type cd /mnt/cdrom/Bastille/ and press Enter.
> > 50.Type rpm --nodeps -ivh perl-Curses-1.05-2mdk.i586.rpm and press Enter.
> > 51.Type rpm -ivh Bastille-1.2.0-1.1mdk.noarch.rpm
> > Bastille-Curses-module-1.2.0-1.1mdk.noarch.rpm and press Enter.
> > Compiling & Installing OpenSSL libraries
> > 52.Type cp /mnt/cdrom/openssl/openssl-0.9.6b.tar.gz /usr/src and press
>
> Enter.
>
> > 53.Type cd /usr/src and press Enter.
> > 54.Type tar -xzvf openssl-0.9.6b.tar.gz and press Enter.
> > 55.Type cd /openssl-0.9.6b and press Enter.
> > 56.Type ./config --prefix=/usr --openssldir=/usr/lib/ssl and press Enter.
> > 57.Type make -f Makefile.ssl all and press Enter.
> > 58.Type make -f Makefile.ssl install and press Enter.
> > Compiling & Installing Cyrus SASL libraries
> > 59.Type cp /mnt/cdrom/cyrus/cyrus-sasl-1.5.24.tar.gz /usr/src and press
>
> Enter.
>
> > 60.Type cd and press Enter.
> > 61.Type umount /mnt/cdrom and press Enter. You should eject the CD-ROM
>
> from
>
> > the CD-ROM drive.
> > 62.Type cd /usr/src and press Enter.
> > 63.Type tar -xzvf cyrus-sasl-1.5.24.tar.gz and press Enter.
> > 64.Type cd cyrus-sasl-1.5.24 and press Enter.
> > 65.Type ./configure --enable-plain --disable-krb4 and press Enter.
> > 66.Type make and press Enter.
> > 67.Type make install and press Enter.
> > 68.Type ln /usr/lib/sasl /usr/local/lib/sasl -d and press Enter.
> > 19.Type linuxconf and press Enter.
> > 20.A welcome screen will appear. Press Quit (this is not intuitive).
> > 21.Using the cursor keys, select Config - Networking - Client Tasks and
>
> press
>
> > Enter. Select Host Name and IP Network Devices and press Enter.
> > 22.In the "Host Name and Domain" field, input the appropriate server host
> > name (if it's not already there).
> > 23.Press Accept (use either the mouse or the tab key).
> > 24.Press Dismiss.
> > 25.Press Quit. When prompted, press Do It.
> > 69.Type saslpasswd -c LDAProot and press Enter. When prompted, enter the
> > password for LDAProot and press Enter.
> > 70.Type sasldblistusers and press Enter. The output should be as
> > follows: user: LDAProot realm: server.company.com mech: DIGEST-MD5
> > user: LDAProot realm: server.company.com mech: PLAIN
> > user: LDAProot realm: server.company.com mech: CRAM-MD5
> > (where server should be equal to the server name).
> > Compiling & Installing OpenLDAP
> > 71.Type cd../OpenLDAP and press Enter.
> > 72.Type cp openldap-stable-20010524.tgz /usr/src and press Enter.
> > 73.Type cd /usr/src and press Enter.
> > 74.Type tar -xzvf openldap-stable-20010524.tgz and press Enter.
> > 75.Type cd openldap-2.0.11/ and press Enter.
> > 76.Type ./configure --with-cyrus-sasl --enable-spasswd and press Enter.
> > 77.The last line of the output should read Please "make depend" to build
> > dependencies.
> > 78.Type make depend and press Enter.
> > 79.Type make and press Enter.
> > 80.Type make test and press Enter. This verifies that the software has
> > compiled correctly.
> > 81.Type make install and press Enter.
> >
> > ---The contents of slapd.conf---
> >
> > Please note: this is the slapd.conf from the backup LDAP server. The
>
> primary
>
> > LDAP server has the "replica host" lines uncommented, and the "updatedn"
> > / "updateref" lines commented out.
> >
> >
> > # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20
>
> 23:32:43
>
> > kurt Exp $
> > #
> > # See slapd.conf(5) for details on configuration options.
> > # This file should NOT be world readable.
> > #
> >
> > sasl-host server.company.com
> > sasl-realm company.COM
> >
> > include /usr/local/etc/openldap/schema/core.schema
> > include /usr/local/etc/openldap/schema/cosine.schema
> > include /usr/local/etc/openldap/schema/inetorgperson.schema
> > include /usr/local/etc/openldap/schema/local.schema
> >
> > # Define global ACLs to disable default read access.
> >
> > # Do not enable referrals until AFTER you have a working directory
> > # service AND an understanding of referrals.
> > #referral ldap://root.openldap.org
> >
> > pidfile /usr/local/var/slapd.pid
> > argsfile /usr/local/var/slapd.args
> >
> > # Load dynamic backend modules:
> > # modulepath /usr/local/libexec/openldap
> > # moduleload back_ldap.la
> > # moduleload back_ldbm.la
> > # moduleload back_passwd.la
> > # moduleload back_shell.la
> >
> > #LDAP_Version_3
> > loglevel 0
> > idletimeout 30
> > sizelimit 100
> > timelimit 120
> > defaultsearchbase "dc=company,dc=com"
> > schemacheck on
> >
> > #######################################################################
> > # ldbm database definitions
> > #######################################################################
> >
> > database ldbm
> > ## REPLICATION OPTIONS
> > #replica host=server.company.com:389
> > # bindmethod=simple
> > # binddn="cn=LDAProot,dc=company,dc=com"
> > # credentials=password
> > updatedn "cn=LDAProot,dc=company,dc=com"
> > updateref "ldap://ldap.company.com"
> >
> > replogfile /usr/local/etc/openldap/replog/replog.log
> > lastmod off
> >
> > suffix "dc=company,dc=com"
> > rootdn "cn=LDAProot,dc=company,dc=com"
> > # Cleartext passwords, especially for the rootdn, should
> > # be avoid. See slappasswd(8) and slapd.conf(5) for details.
> > # Use of strong authentication encouraged.
> > rootpw {SASL}LDAProot
> > # The database directory MUST exist prior to running slapd AND
> > # should only be accessible by the slapd/tools. Mode 700 recommended.
> > directory /usr/local/var/openldap-ldbm
> > # Indices to maintain
> >
> > index objectClass eq,pres
> > index uid eq
> >
> > index cn eq,sub
> > index mail eq,pres,sub
> > index givenName eq,sub
> > index sn eq,sub
> > index o eq,sub
> >
> > #ldbm access control definitions
> > access to attr=userPassword
> > by dn="cn=LDAPRoot, dc=company, dc=com" write
> > by * none
> >
> > access to *
> > by anonymous read
> > by dn="cn=LDAPRoot, dc=company, dc=com" write
> >
> > dbnolocking
> > dbnosync
> > cachesize 10000
> > dbcachesize 100000
> >
> >
> > I look forward to any responses.
> >
> >
> > Kayne McGladrey
> > k.mcgladrey@worldnet.att.net