[Date Prev][Date Next] [Chronological] [Thread] [Top]

Many Different Problems I need Help



Hi List,

        This is my first contact, but I need help to install e configure the
ldap service, please read below my question and data context.

Regards
Alexandre

0.0) Problem Context
0.1) Question #1.

 Whereis the ldif2ldbm, because I can't found. ?
 # find / -name ldif2ldbm -print
 # <nothing>

0.2) Question #2.

 How to start the ldap data base ? Users, Groups, Hosts, etc ....

0.3) Question #3

      What the reason of this msg ?

     ldapadd -D "cn=Manager" -f ./example.ldif
     SASL/DIGEST-MD5 authentication started
     ldap_sasl_interactive_bind_s: Unknown error

0.4) Question #3

      What the procedure to put in /etc/pam.d/login to access ldap data base
?, I needp install anothor program to replace pam module ?

1.0) Building OpenLDAP
1.1) Software Packages

          db-4.1.24.tar.gz
          gdbm-1.8.0.tar.gz
          openssl-0.9.6g.tar.gz
          krb4-1.2.tar.gz
          cyrus-sasl-2.1.7.tar.gz
          MigrationTools-44.tar.gz
          openldap-2.0.27.tgz

1.2) Installing db-4.1.24

          tar -xvzf db-4.1.21.tar.gz
          cd db-4.1.21/dist
          ./configure
          make
          make install

1.3) Installing gdbm-1.8.0

          tar -xvzf gdbm-1.8.0.tar.gz
          cd gdbm-1.8.0
          ./configure
          make
          make install


1.4) Installing openssl-0.9.6g

          tar -xvzf openssl-0.9.6g.tar.gz
          cd openssl-0.9.6g
          ./config
          make
          make install

1.5) Installing krb4-1.2

          tar -xvzf krb4-1.2.tar.gz
          cd krb4-1.2
          ./configure
          make
          make install

1.6) Installing cyrus-sasl-2.1.7

          tar -xvzf cyrus-sasl-2.1.7.tar.gz
          cd cyrus-sasl-2.1.7
          ./configure
          make
          make install

1.7) Installing openldap-2.0.27

          tar -xvzf openldap-2.0.27.tgz
          cd openldap-2.0.27
          ./configure --disable-ipv6
          make
          make install


2.0) Configuring OpenLDAP
2.1) Special Files

          cd /usr/local/etc/openldap
          ls -l

          -rw-r--r--    1 root     root         5965 Oct  1 14:45 ldap.conf
          -rw-r--r--    1 root     root          337 Oct  1 11:28
ldap.conf.default
          -rw-r--r--    1 root     root         3122 Oct  1 11:28
ldapfilter.conf
          -rw-r--r--    1 root     root         3122 Oct  1 11:28
ldapfilter.conf.default
          -rw-r--r--    1 root     root         5043 Oct  1 11:28
ldapsearchprefs.conf
          -rw-r--r--    1 root     root         5043 Oct  1 11:28
ldapsearchprefs.conf.default
          -rw-r--r--    1 root     root        16452 Oct  1 11:28
ldaptemplates.conf
          -rw-r--r--    1 root     root        16452 Oct  1 11:28
ldaptemplates.conf.default
          drwxr-xr-x    2 root     root         4096 Oct  1 11:28 schema
          -rw-------    1 root     root         1819 Oct  1 14:46 slapd.conf
          -rw-------    1 root     root         1801 Oct  1 11:28
slapd.conf.default

2.2) ldap.conf content


          # @(#)$Id: ldap.conf,v 2.28 2001/08/28 12:17:29 lukeh Exp $
          #
          # This is the configuration file for the LDAP nameservice
          # switch library and the LDAP PAM module.
          #
          # PADL Software
          # http://www.padl.com
          #

          # Your LDAP server. Must be resolvable without using LDAP.
          host 127.0.0.1

          # The distinguished name of the search base.
          base dc=example,dc=com

          # Another way to specify your LDAP server is to provide an
          # uri with the server name. This allows to use
          # Unix Domain Sockets to connect to a local LDAP Server.
          #uri ldap://127.0.0.1/
          #uri ldaps://127.0.0.1/
          #uri ldapi://%2fvar%2frun%2fldapi_sock/
          # Note: %2f encodes the '/' used as directory separator

          # The LDAP version to use (defaults to 3
          # if supported by client library)
          #ldap_version 3

          # The distinguished name to bind to the server with.
          # Optional: default is to bind anonymously.
          #binddn cn=proxyuser,dc=example,dc=com

          # The credentials to bind with.
          # Optional: default is no credential.
          bindpw secret

          # The distinguished name to bind to the server with
          # if the effective user ID is root. Password is
          # stored in /etc/ldap.secret (mode 600)
          rootbinddn cn=Manager,ou=matriz,o=technochannel,c=BR

          # The port.
          # Optional: default is 389.
          port 389

          # The search scope.
          #scope sub
          #scope one
          #scope base

          # Search timelimit
          #timelimit 30

          # Bind timelimit
          #bind_timelimit 30

          # Idle timelimit; client will close connections
          # (nss_ldap only) if the server has not been contacted
          # for the number of seconds specified below.
          #idle_timelimit 3600

          # Filter to AND with uid=%s
          #pam_filter objectclass=account

          # The user ID attribute (defaults to uid)
          #pam_login_attribute uid

          # Search the root DSE for the password policy (works
          # with Netscape Directory Server)
          #pam_lookup_policy yes

          # Group to enforce membership of
          #pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com

          # Group member attribute
          #pam_member_attribute uniquemember

          # Template login attribute, default template user
          # (can be overriden by value of former attribute
          # in user's entry)
          #pam_login_attribute userPrincipalName
          #pam_template_login_attribute uid
          #pam_template_login nobody

          # HEADS UP: the pam_crypt, pam_nds_passwd,
          # and pam_ad_passwd options are no
          # longer supported.

          # Do not hash the password at all; presume
          # the directory server will do it, if
          # necessary. This is the default.
          #pam_password clear

          # Hash password locally; required for University of
          # Michigan LDAP server, and works with Netscape
          # Directory Server if you're using the UNIX-Crypt
          # hash mechanism and not using the NT Synchronization
          # service.
          #pam_password crypt

          # Remove old password first, then update in
          # cleartext. Necessary for use with Novell
          # Directory Services (NDS)
          #pam_password nds

          # Update Active Directory password, by
          # creating Unicode password and updating
          # unicodePwd attribute.
          #pam_password ad

          # Use the OpenLDAP password change
          # extended operation to update the password.
          #pam_password exop

          # RFC2307bis naming contexts
          # Syntax:
          # nss_base_XXX  base?scope?filter
          # where scope is {base,one,sub}
          # and filter is a filter to be &'d with the
          # default filter.
          # You can omit the suffix eg:
          # nss_base_passwd ou=People,
          # to append the default base DN but this
          # may incur a small performance impact.
          #nss_base_passwd ou=People,dc=example,dc=com?one
          #nss_base_shadow ou=People,dc=example,dc=com?one
          #nss_base_group  ou=Group,dc=example,dc=com?one
          #nss_base_hosts  ou=Hosts,dc=example,dc=com?one
          #nss_base_services ou=Services,dc=example,dc=com?one
          #nss_base_networks ou=Networks,dc=example,dc=com?one
          #nss_base_protocols ou=Protocols,dc=example,dc=com?one
          #nss_base_rpc  ou=Rpc,dc=example,dc=com?one
          #nss_base_ethers ou=Ethers,dc=example,dc=com?one
          #nss_base_netmasks ou=Networks,dc=example,dc=com?ne
          #nss_base_bootparams ou=Ethers,dc=example,dc=com?one
          #nss_base_aliases ou=Aliases,dc=example,dc=com?one
          #nss_base_netgroup ou=Netgroup,dc=example,dc=com?one

          # attribute/objectclass mapping
          # Syntax:
          #nss_map_attribute rfc2307attribute mapped_attribute
          #nss_map_objectclass rfc2307objectclass mapped_objectclass

          # configure --enable-nds is no longer supported.
          # For NDS now do:
          #nss_map_attribute uniqueMember member

          # configure --enable-mssfu-schema is no longer supported.
          # For MSSFU now do:
          #nss_map_objectclass posixAccount User
          #nss_map_attribute uid msSFUName
          #nss_map_attribute uniqueMember posixMember
          #nss_map_attribute userPassword msSFUPassword
          #nss_map_attribute homeDirectory msSFUHomeDirectory
          #nss_map_objectclass posixGroup Group
          #nss_map_attribute cn msSFUName
          #pam_login_attribute msSFUName
          #pam_filter objectclass=User
          #pam_password ad

          # configure --enable-authpassword is no longer supported
          # For authPassword support, now do:
          #nss_map_attribute userPassword authPassword
          #pam_password nds

          # For IBM AIX SecureWay support, do:
          #nss_map_objectclass posixAccount aixAccount
          #nss_base_passwd ou=aixaccount,?one
          #nss_map_attribute uid userName
          #nss_map_attribute gidNumber gid
          #nss_map_attribute uidNumber uid
          #nss_map_attribute userPassword passwordChar
          #nss_map_objectclass posixGroup aixAccessGroup
          #nss_base_group ou=aixgroup,?one
          #nss_map_attribute cn groupName
          #nss_map_attribute uniqueMember member
          #pam_login_attribute userName
          #pam_filter objectclass=aixAccount
          #pam_password clear

          # Netscape SDK LDAPS
          #ssl on

          # Netscape SDK SSL options
          #sslpath /etc/ssl/certs/cert7.db

          # OpenLDAP SSL mechanism
          # start_tls mechanism uses the normal LDAP port, LDAPS typically
636
          #ssl start_tls
          #ssl on

          # OpenLDAP SSL options
          # Require and verify server certificate (yes/no)
          # Default is "no"
          #tls_checkpeer yes

          # CA certificates for server certificate verification
          # At least one of these are required if tls_checkpeer is "yes"
          #tls_cacertfile /etc/ssl/ca.cert
          #tls_cacertdir /etc/ssl/certs

          # SSL cipher suite
          # See man ciphers for syntax
          #tls_ciphers TLSv1

          # Client sertificate and key
          # Use these, if your server requires client authentication.
          #tls_cert
          #tls_key
          ssl no
          pam_password md5

2.3) ldapd.conf content

          # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7
2001/09/27 20:00:31 kurt Exp $
          #
          # See slapd.conf(5) for details on configuration options.
          # This file should NOT be world readable.
          #
          include  /usr/local/etc/openldap/schema/core.schema

          # Define global ACLs to disable default read access.

          # Do not enable referrals until AFTER you have a working directory
          # service AND an understanding of referrals.
          #referral ldap://root.openldap.org

          pidfile  /usr/local/var/slapd.pid
          argsfile /usr/local/var/slapd.args

          # Load dynamic backend modules:
          # modulepath /usr/local/libexec/openldap
          # moduleload back_ldap.la
          # moduleload back_ldbm.la
          # moduleload back_passwd.la
          # moduleload back_shell.la

          #
          # Sample Access Control
          # Allow read access of root DSE
          # Allow self write access
          # Allow authenticated users read access
          # Allow anonymous users to authenticate
          #
          #access to dn="" by * read
          #access to *
          # by self write
          # by users read
          # by anonymous auth
          #
          # if no access controls are present, the default is:
          # Allow read by all
          #
          # rootdn can always write!


#######################################################################
          # ldbm database definitions

#######################################################################

          database ldbm
          suffix  "dc=technochannel,dc=com"
          #suffix  "ou=matriz,o=technochannel,c=BR"

          rootdn  "cn=Manager,dc=technochannel,dc=com"
          #rootdn  "cn=Manager,ou=matriz,o=technochannel,c=BR"

          # Cleartext passwords, especially for the rootdn, should
          # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
          # Use of strong authentication encouraged.
          rootpw  secret

          # The database directory MUST exist prior to running slapd AND
          # should only be accessible by the slapd/tools. Mode 700
recommended.
          directory /usr/local/var/openldap-ldbm

          # Indices to maintain
          index objectClass eq



3.0) Startting LDAP
3.1) Using command line

          /usr/local/lib/libexec/slapd

3.2) Checking the running status


          ps -ax | grep slapd

           3975 ?        S      0:00 /usr/local/libexec/slapd
           3976 ?        S      0:00 /usr/local/libexec/slapd
           3977 ?        S      0:00 /usr/local/libexec/slapd
           3984 ?        S      0:00 /usr/local/libexec/slapd
          14056 pts/5    S      0:00 grep slapd

3.3) Making a first LDAP test

          ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

          version: 2

          #
          # filter: (objectclass=*)
          # requesting: namingContexts
          #

          #
          dn:
          namingContexts: dc=technochannel,dc=com

          # search result
          search: 2
          result: 0 Success

          # numResponses: 2
          # numEntries: 1