[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Trouble with "allow bind_v2"



On Thu, 2002-12-26 at 11:17, Casimiro Daniel NPRI wrote:
> I need to enable LDAPv2 connections on my openLDAP 2.x server.
> When I try to add "allow bind_v2" to my slapd.conf file I get the
following error:
> 
> "/etc/openldap/slapd.conf: line 59: unknown feature bind_v2 in "allow
<features>" line"
> 
> I am currently running the 2.1.9 Release, which I compiled from source
with the following
> options:
> --enable-crypt
> --enable-passwd
> --enable-lmpasswd
> --enable-spasswd
> --enable-ldbm
> --enable-syslog
> --enable-rlookups
> --enable-dynamic
> --enable-modules
> --enable-dnssrv
> --enable-ldap
> --enable-ldap-module
> 
> I also tried adding the "allow bind_v2" to the slapd.conf on the
2.0.25 Server supplied
> with Redhat 8.0.  The server would not start.
> 
> Do I need to compile a particular feature into the binary?
> 
> ~Dan
-- 
Ryan Matteson - UNIX Administrator
GPG ID: 1B52A210 2002-12-01 Ryan Matteson (Primary Key Pair)
<matty91@bellsouth.net>
Public Key: http://www.daemons.net/~matty/public.asc
Detached Digital Signature: http://www.daemons.net/~matty/public.sig.asc
Fingerprint = A0B1 298E 29C4 3F26 01D5  EDFC 3D62 281F 1B52 A210


>-----Original Message-----
>From: Matty
>To: Casimiro Daniel NPRI
>Sent: 12/26/02 9:33 PM
>Subject: Re: Trouble with "allow bind_v2"

>I built 2.1.9 this past weekend. Did you stick this option in the global
>configuration area? What does your slapd.conf look like?

******************************************************************************

Hi,

Sorry about the slow response, I was away on vacation.  Here is the default RedHat slapd.conf that I am having trouble with "allow bind_v2"

slapd.conf:
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/redhat/rfc822-MailMember.schema
include		/etc/openldap/schema/redhat/autofs.schema
include		/etc/openldap/schema/redhat/kerberosobject.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile	//var/run/slapd.pid
argsfile	//var/run/slapd.args

# Create a replication log in /var/lib/ldap for use by slurpd.
#replogfile	/var/lib/ldap/master-slapd.replog

# Load dynamic backend modules:
# modulepath	/usr/sbin/openldap
# moduleload	back_ldap.la
# moduleload	back_ldbm.la
# moduleload	back_passwd.la
# moduleload	back_shell.la

#
# The next three lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
#
# Sample Access Control
#	Allow read access of root DSE
#	Allow self write access
#	Allow authenticated users read access
#	Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default is:
#	Allow read by all
#
# rootdn can always write!

allow bind_v2
#allow bind_anon_dn

#######################################################################
# ldbm database definitions
#######################################################################

database	ldbm
suffix		"dc=my-domain,dc=com"
#suffix		"o=My Organization Name,c=US"
rootdn		"cn=Manager,dc=my-domain,dc=com"
#rootdn		"cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw		secret
# rootpw		{crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory	/var/lib/ldap
# Indices to maintain
index	objectClass,uid,uidNumber,gidNumber,memberUid	eq
index	cn,mail,surname,givenname			eq,subinitial
# Replicas to which we should propagate changes
#replica host=ldap-1.example.com:389 tls=yes
#	bindmethod=sasl saslmech=GSSAPI
#	authcId=host/ldap-master.example.com@EXAMPLE.COM

The service starts when I comment out "allow bind_v2."  Do I need to move it somewhere else?

~Dan