[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: newbie openbsd ldap startup and slapd logging



hmmm... even though.. you're not staring slapd as any user? in any case, start slapd with debugging on

here's a little bourne shell script that might help you

#!/bin/sh
DEBUG_MODE=256

/usr/local/bin/slapd \
-f /usr/local/etc/openldap/slapd.conf \
-h "ldap:///" \
-l local4 \
-d $DEBUG_MODE \
-u slapd -g slapd   ### create this user and group in /etc/passwd, /etc/group respectively


You must be root to do this (for logging):

1. Make backup copies of the lookup files (just in case you need them). Namely:
* /usr/local/etc/openldap/slapd.conf
* /etc/init.d/slapd
* /usr/sbin/syslogd (make sure to transfer this in binary)
* /etc/syslog.conf

3. Move over the files we've copied from pinnacle to their respective places EXCEPT /usr/local/etc/openldap/slapd.conf. This is only for reference

4. Edit /etc/syslog.conf and add the following:

local4.emerg    /var/log/sldap.log
local4.alert    /var/log/sldap.log
local4.crit     /var/log/sldap.log
local4.err      /var/log/sldap.log
local4.warning  /var/log/sldap.log
local4.notice   /var/log/sldap.log
local4.info     /var/log/sldap.log
local4.debug    /var/log/sldap.log

Remember that the syslog.conf file takes the facility name <TAB> /path/to/log (one or more tabs)

5. cd to /var/log and touch sldap.log file. This should create the sldap.log file

6. Edit the /etc/init.d/slapd startup script file (again be wary of spaces and extra tabs)
#! /bin/sh
#
#
# start/stop the slapd daemon

case "$1" in

'start')
        # Start the slapd daemon
        if [ -f /usr/local/libexec/slapd ] ; then
                echo "starting slapd"
               /usr/local/libexec/slapd -p 389 -f /usr/local/etc/openldap/slapd.
conf -s 256 -l local4
        fi
        ;;

'stop')
        # Stop the slapd daemon
        echo "stopping slapd"
        kill -TERM `cat /usr/local/var/slapd.pid`
        ;;
esac

8. Double check the /usr/local/etc/openldap/slapd.conf file and it should match the first 18 lines (more or less):
     1  #
     2  # See slapd.conf(5) for details on configuration options.
     3  # This file should NOT be world readable.
     4  #
     5  include         /usr/local/etc/openldap/slapd.at.conf
     6  include         /usr/local/etc/openldap/slapd.oc.conf
     7  # MyCompany denfined schema
     8  include         /usr/local/etc/openldap/slapd.user_at.conf
     9  include         /usr/local/etc/openldap/slapd.user_oc.conf
    10  schemacheck     on
    11  sizelimit       500
    12  #referral       ldap://ldap.itd.umich.edu
    13
    14  pidfile         /usr/local/var/slapd.pid
    15  argsfile        /usr/local/var/slapd.args
    16
    17  loglevel        256


9. Run the syslogd daemon if it isn't already by doing
cd /usr/sbin ; ./syslogd

10. Restart the syslogd daemon to have it re-read its configuration file
kill -1 `/bin/cat /etc/syslog.pid` 

This might complain that the syslog.pid does not exist if so repeat step 9 and 10 again for about a couple times. If after a couple of times it still complains check to make sure that /bin/ps -ef | grep sl still reports something similar to the following:

# /bin/ps -ef | grep sl
    root 15940     1  0 08:10:43 ?        0:14 /usr/local/libexec/slapd -p 389 -f /usr/local/etc/openldap/slapd.conf -s 256 -l
    root 15791     1  0 07:41:57 ?        0:00 ./syslogd

10a. "Touch" a new file in /var/log
cd /var/log
touch slapd.log

11. restart the slapd daemon
/etc/init.d/slapd start

12. Check /var/log/sldap.log by logging onto your browser and typing ldap://<HOSTNAME>/<LDAP attributes>??sub?uid=<NAME> for example ldap://myserver.mydomain.com/ou=People,o=MyCompany??sub?uid=myuid

13. Assuming you got everything to work you should be able to view the log file via tail -f /var/log/sldap.log
 and get results similar to the following:
May 24 09:17:46 myserver.mydomain.com slapd[15940]: conn=22 op=19 RESULT err=0 tag=101 nentries=1
May 24 09:18:12 myserver.mydomain.com slapd[15940]: conn=69 fd=23 connection from user-2injvqj.dsl.mindspring.com (165.121.255.83) accepted.
May 24 09:18:12 myserver.mydomain.comslapd[15940]: conn=69 op=0 BIND dn="" method=128
May 24 09:18:12 myserver.mydomain.com slapd[15940]: unknown version 3
May 24 09:18:12 myserver.mydomain.com slapd[15940]: conn=69 op=0 RESULT err=2 tag=97 nentries=0




At 10:41 AM 11/19/2001 -0500, you wrote:
Thanks JM,
I've done everything as root so far until I have a better idea how all this works together.. probably not a good idea, but I just want to see the thing work to start. so i don't think it's permissions. .
I'm going to try to find logging note you'd posted. .
I don't suppose you have it handy?
cheers,
Kris.
 
 
----- Original Message -----
From: Jan-Michael Ong
To: Kris McKay
Cc: openLDAP-software@OpenLDAP.org
Sent: Monday, November 19, 2001 10:29 AM
Subject: Re: newbie openbsd ldap startup

Check your database permissions. Normally that's the reason why it can't add. If its other than that check the logs... I posted a note before on how to do the logging its pretty tricky but you'll have to restart syslogd and edit /etc/syslog.conf and start slapd with -s local4. Please check the man page on openldap.

jm ^_^

At 10:12 AM 11/19/2001 -0500, you wrote:
I need help desperately..
 
I'm tryind to get qmial-ldap setup, but I can't get past the initial install for ldap.
I've installed openldap 2.0.18 on OpenBSD 2.9. The 'make tests' all passed with no problems.. I can start slapd, but I get the following error everytime I try to do anything.
 
ldap_init( localhost, 0 )
ldap_bind: Can't contact LDAP server
 
When I 'ps -aux' I can see that slapd is running. I'm using the default slapd.conf exactly as it comes with the following command to add a record.
 
ldapadd -vxc -h localhost -D "cn=manager,dc=my-domain,dc=com" -w secret -f ldap.ldif
 
The the contents of ldap.ldif is:
 
dn: dc=my-domain, dc=com
objectclass: top
 
dn: ou=qmail, dc=my-domain, dc=com
objectclass: top
objectclass: organizationalUnit
ou: qmail
There's probably a typical rookie flaw in here somewhere, but I haven't been able to find anything online to help..
Thanks in advance..