[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Many Different Problems I need Help
Hi List,
This is my first contact, but I need help to install e configure the
ldap service, please read below my question and data context.
Regards
Alexandre
0.0) Problem Context
0.1) Question #1.
Whereis the ldif2ldbm, because I can't found. ?
# find / -name ldif2ldbm -print
# <nothing>
0.2) Question #2.
How to start the ldap data base ? Users, Groups, Hosts, etc ....
0.3) Question #3
What the reason of this msg ?
ldapadd -D "cn=Manager" -f ./example.ldif
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Unknown error
0.4) Question #3
What the procedure to put in /etc/pam.d/login to access ldap data base
?, I needp install anothor program to replace pam module ?
1.0) Building OpenLDAP
1.1) Software Packages
db-4.1.24.tar.gz
gdbm-1.8.0.tar.gz
openssl-0.9.6g.tar.gz
krb4-1.2.tar.gz
cyrus-sasl-2.1.7.tar.gz
MigrationTools-44.tar.gz
openldap-2.0.27.tgz
1.2) Installing db-4.1.24
tar -xvzf db-4.1.21.tar.gz
cd db-4.1.21/dist
./configure
make
make install
1.3) Installing gdbm-1.8.0
tar -xvzf gdbm-1.8.0.tar.gz
cd gdbm-1.8.0
./configure
make
make install
1.4) Installing openssl-0.9.6g
tar -xvzf openssl-0.9.6g.tar.gz
cd openssl-0.9.6g
./config
make
make install
1.5) Installing krb4-1.2
tar -xvzf krb4-1.2.tar.gz
cd krb4-1.2
./configure
make
make install
1.6) Installing cyrus-sasl-2.1.7
tar -xvzf cyrus-sasl-2.1.7.tar.gz
cd cyrus-sasl-2.1.7
./configure
make
make install
1.7) Installing openldap-2.0.27
tar -xvzf openldap-2.0.27.tgz
cd openldap-2.0.27
./configure --disable-ipv6
make
make install
2.0) Configuring OpenLDAP
2.1) Special Files
cd /usr/local/etc/openldap
ls -l
-rw-r--r-- 1 root root 5965 Oct 1 14:45 ldap.conf
-rw-r--r-- 1 root root 337 Oct 1 11:28
ldap.conf.default
-rw-r--r-- 1 root root 3122 Oct 1 11:28
ldapfilter.conf
-rw-r--r-- 1 root root 3122 Oct 1 11:28
ldapfilter.conf.default
-rw-r--r-- 1 root root 5043 Oct 1 11:28
ldapsearchprefs.conf
-rw-r--r-- 1 root root 5043 Oct 1 11:28
ldapsearchprefs.conf.default
-rw-r--r-- 1 root root 16452 Oct 1 11:28
ldaptemplates.conf
-rw-r--r-- 1 root root 16452 Oct 1 11:28
ldaptemplates.conf.default
drwxr-xr-x 2 root root 4096 Oct 1 11:28 schema
-rw------- 1 root root 1819 Oct 1 14:46 slapd.conf
-rw------- 1 root root 1801 Oct 1 11:28
slapd.conf.default
2.2) ldap.conf content
# @(#)$Id: ldap.conf,v 2.28 2001/08/28 12:17:29 lukeh Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#
# PADL Software
# http://www.padl.com
#
# Your LDAP server. Must be resolvable without using LDAP.
host 127.0.0.1
# The distinguished name of the search base.
base dc=example,dc=com
# Another way to specify your LDAP server is to provide an
# uri with the server name. This allows to use
# Unix Domain Sockets to connect to a local LDAP Server.
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator
# The LDAP version to use (defaults to 3
# if supported by client library)
#ldap_version 3
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=proxyuser,dc=example,dc=com
# The credentials to bind with.
# Optional: default is no credential.
bindpw secret
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=Manager,ou=matriz,o=technochannel,c=BR
# The port.
# Optional: default is 389.
port 389
# The search scope.
#scope sub
#scope one
#scope base
# Search timelimit
#timelimit 30
# Bind timelimit
#bind_timelimit 30
# Idle timelimit; client will close connections
# (nss_ldap only) if the server has not been contacted
# for the number of seconds specified below.
#idle_timelimit 3600
# Filter to AND with uid=%s
#pam_filter objectclass=account
# The user ID attribute (defaults to uid)
#pam_login_attribute uid
# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes
# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com
# Group member attribute
#pam_member_attribute uniquemember
# Template login attribute, default template user
# (can be overriden by value of former attribute
# in user's entry)
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody
# HEADS UP: the pam_crypt, pam_nds_passwd,
# and pam_ad_passwd options are no
# longer supported.
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
#pam_password clear
# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
#pam_password crypt
# Remove old password first, then update in
# cleartext. Necessary for use with Novell
# Directory Services (NDS)
#pam_password nds
# Update Active Directory password, by
# creating Unicode password and updating
# unicodePwd attribute.
#pam_password ad
# Use the OpenLDAP password change
# extended operation to update the password.
#pam_password exop
# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd ou=People,
# to append the default base DN but this
# may incur a small performance impact.
#nss_base_passwd ou=People,dc=example,dc=com?one
#nss_base_shadow ou=People,dc=example,dc=com?one
#nss_base_group ou=Group,dc=example,dc=com?one
#nss_base_hosts ou=Hosts,dc=example,dc=com?one
#nss_base_services ou=Services,dc=example,dc=com?one
#nss_base_networks ou=Networks,dc=example,dc=com?one
#nss_base_protocols ou=Protocols,dc=example,dc=com?one
#nss_base_rpc ou=Rpc,dc=example,dc=com?one
#nss_base_ethers ou=Ethers,dc=example,dc=com?one
#nss_base_netmasks ou=Networks,dc=example,dc=com?ne
#nss_base_bootparams ou=Ethers,dc=example,dc=com?one
#nss_base_aliases ou=Aliases,dc=example,dc=com?one
#nss_base_netgroup ou=Netgroup,dc=example,dc=com?one
# attribute/objectclass mapping
# Syntax:
#nss_map_attribute rfc2307attribute mapped_attribute
#nss_map_objectclass rfc2307objectclass mapped_objectclass
# configure --enable-nds is no longer supported.
# For NDS now do:
#nss_map_attribute uniqueMember member
# configure --enable-mssfu-schema is no longer supported.
# For MSSFU now do:
#nss_map_objectclass posixAccount User
#nss_map_attribute uid msSFUName
#nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_objectclass posixGroup Group
#nss_map_attribute cn msSFUName
#pam_login_attribute msSFUName
#pam_filter objectclass=User
#pam_password ad
# configure --enable-authpassword is no longer supported
# For authPassword support, now do:
#nss_map_attribute userPassword authPassword
#pam_password nds
# For IBM AIX SecureWay support, do:
#nss_map_objectclass posixAccount aixAccount
#nss_base_passwd ou=aixaccount,?one
#nss_map_attribute uid userName
#nss_map_attribute gidNumber gid
#nss_map_attribute uidNumber uid
#nss_map_attribute userPassword passwordChar
#nss_map_objectclass posixGroup aixAccessGroup
#nss_base_group ou=aixgroup,?one
#nss_map_attribute cn groupName
#nss_map_attribute uniqueMember member
#pam_login_attribute userName
#pam_filter objectclass=aixAccount
#pam_password clear
# Netscape SDK LDAPS
#ssl on
# Netscape SDK SSL options
#sslpath /etc/ssl/certs/cert7.db
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically
636
#ssl start_tls
#ssl on
# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is "no"
#tls_checkpeer yes
# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client sertificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
ssl no
pam_password md5
2.3) ldapd.conf content
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7
2001/09/27 20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default is:
# Allow read by all
#
# rootdn can always write!
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=technochannel,dc=com"
#suffix "ou=matriz,o=technochannel,c=BR"
rootdn "cn=Manager,dc=technochannel,dc=com"
#rootdn "cn=Manager,ou=matriz,o=technochannel,c=BR"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700
recommended.
directory /usr/local/var/openldap-ldbm
# Indices to maintain
index objectClass eq
3.0) Startting LDAP
3.1) Using command line
/usr/local/lib/libexec/slapd
3.2) Checking the running status
ps -ax | grep slapd
3975 ? S 0:00 /usr/local/libexec/slapd
3976 ? S 0:00 /usr/local/libexec/slapd
3977 ? S 0:00 /usr/local/libexec/slapd
3984 ? S 0:00 /usr/local/libexec/slapd
14056 pts/5 S 0:00 grep slapd
3.3) Making a first LDAP test
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
version: 2
#
# filter: (objectclass=*)
# requesting: namingContexts
#
#
dn:
namingContexts: dc=technochannel,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1