[Date Prev][Date Next] [Chronological] [Thread] [Top]
Problem Connecting to slapd...

To: openldap-software@OpenLDAP.org
Subject: Problem Connecting to slapd...
From: Lee Page <leep@yifan.net>
Date: Wed, 27 Nov 2002 18:22:34 -0500
Hi,

I installed slapd (version: 2.0.11-Release) on my RH 7.2 linux box, I 
inserted an ldif file using slapadd, and now I try to connect, but the 
connection is refused.  I'm using netscape 4.78 email to connect to 
localhost:389.  When I try to connect, I get the following response (see last 
line):

    @(#) $OpenLDAP: slapd 2.0.11-Release (Tue Aug 21 17:23:00 EDT 2001) $
            
root@stripples.devel.redhat.com:/usr/src/build/34468-i386/BUILD/openldap-2.0.11/servers/slapd
    daemon_init: listen on ldap:///
    daemon_init: 1 listeners to open...
    ldap_url_parse_ext(ldap:///)
    daemon: socket() failed errno=97 (Address family not supported by 
protocol)
    daemon: initialized ldap:///
    daemon_init: 1 listeners opened
    slapd init: initiated server.
    slap_sasl_init: initialized!
    slapd startup: initiated.
    slapd starting
    fd=7 host access from unknown (127.0.0.1) denied.

My slapd.conf file is as follows (I've added extension.schema to support 
netscape mail's ldif output):

---------------------------begin--------------------------------------------------
    # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 
23:32:43 kurt Exp $
    #
    # See slapd.conf(5) for details on configuration options.
    # This file should NOT be world readable.
    #
    include		/etc/openldap/schema/core.schema
    include		/etc/openldap/schema/cosine.schema
    include		/etc/openldap/schema/inetorgperson.schema
    include		/etc/openldap/schema/nis.schema
    include		/etc/openldap/schema/redhat/rfc822-MailMember.schema
    include		/etc/openldap/schema/redhat/autofs.schema
    include		/etc/openldap/schema/redhat/kerberosobject.schema
    include		/etc/openldap/schema/extension.schema

    # Define global ACLs to disable default read access.

    # Do not enable referrals until AFTER you have a working directory
    # service AND an understanding of referrals.
    #referral	ldap://root.openldap.org

    #pidfile	//var/run/slapd.pid
    #argsfile	//var/run/slapd.args

    # Create a replication log in /var/lib/ldap for use by slurpd.
    #replogfile	/var/lib/ldap/master-slapd.replog

    # Load dynamic backend modules:
    # modulepath	/usr/sbin/openldap
    # moduleload	back_ldap.la
    # moduleload	back_ldbm.la
    # moduleload	back_passwd.la
    # moduleload	back_shell.la

    # The next two lines allow use of TLS for connections using a dummy test
    # certificate, but you should generate a proper certificate by changing to
    # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions 
on
    # slapd.pem so that the ldap user or group can read it.
    #TLSCertificateFile /usr/share/ssl/certs/slapd.pem
    #TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

    #######################################################################
    # ldbm database definitions
    #######################################################################

    database	ldbm
    suffix		"dc=localhost,dc=localdomain"
    # suffix		"o=My Organization Name,c=US"
    # rootdn		"cn=root,dc=mindspring,dc=com"
    #rootdn		"cn=Manager,o=My Organization Name,c=US"
    # Cleartext passwords, especially for the rootdn, should
    # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
    # Use of strong authentication encouraged.
    # rootpw		secret
    # rootpw		{crypt}ijFYNcSNctBYg
    # The database directory MUST exist prior to running slapd AND 
    # should only be accessible by the slapd/tools. Mode 700 recommended.
    directory	/var/lib/ldap
    # Indices to maintain
    index	objectClass,uid,uidNumber,gidNumber,memberUid	eq
    index	cn,mail,surname,givenname			eq,subinitial
    # Replicas to which we should propagate changes
    #replica ldap-1.example.com:389 tls=yes
    #	bindmethod=sasl saslmech=GSSAPI
    #	authcId=host/ldap-master.example.com@EXAMPLE.COM

    # access to * by users read
    access to * by * read
                by * write

---------------------------end----------------------------------------------------



I've also tried it adding this to the access list:
            by peername="IP=127\.0\.0\.1:.*" read
            by peername="IP=127\.0\.0\.1:.*" write

I have a simple installation of ldap since I'm using ldap only as a database 
for housing my personal email addresses, so no one else will need to use this 
server.

I'm at a loss as to what I've done wrong, but maybe something will jump out 
at you.

Thank you,

...Lee
Prev by Date: Re: Problem when trying to modify the DN
Next by Date: ldapsearch problem
Index(es):
- Chronological
- Thread