[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: database meta question



"D'Arcy Smith" <ds.bcit@gmail.com> writes:

> On 8/25/07, Pierangelo Masarati <ando@sys-net.it> wrote:
>> D'Arcy Smith wrote:
>
>> > I am having a terrible time trying to get the meta backend to work
>> > with my setup.  If I do not have meta things work as expected.  As
>> > soon as I add the meta backend thing go south.
>
>> What version of OpenLDAP are you using?
>
> 2.3.35
>
>
>> ^^^ extra cruft after "#" (included) is invalid, as clearly indicated in
>> slapd.conf(5).  This is treated as an error in OpenLDAP 2.4 (finally!)
>
> Good I like it when errors are treated as errors!
>
> after some more searching around I now have this:
>
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
>
> password-hash {ssha}
>
> pidfile       /var/run/openldap/slapd.pid
> argsfile      /var/run/openldap/slapd.args
>
> modulepath    /usr/lib64/openldap/openldap
> moduleload    back_null.so
> moduleload    back_meta.so
>
> database      ldap
> suffix        "o=aaa.yyy.zzz,o=bcit"
> uri           ldap://aaa.yyy.zzz:389
>
> idassert-authzFrom "dn:*"
> idassert-bind      bindmethod=simple
>  binddn="uid=******,ou=people,o=aaa.yyy.zzz,o=yyy"
>  credentials="******"
>  mode=none
>
> database          bdb
> suffix            "o=bbb.yyy.zzz,o=bcit"
> rootdn            "cn=Manager,o=bbb.yyy.zzz,o=yyy"
> rootpw            {SSHA}******
> checkpoint        32 30
> directory         /var/lib/openldap-data
> index objectClass eq
>
> database      meta
> suffix        "dc=yyy,dc=zzz"
> uri           ldap://foo.yyy.zzz:389/dc=ccc,dc=yyy,dc=zzz
> suffixmassage "dc=ccc,dc=yyy,dc=zzz" "o=aaa.yyy.zzz,o=yyy"
> uri           ldap://foo.yyy.zzz:389/dc=ccc,dc=yyy,dc=zzz
> suffixmassage "dc=ccc,dc=yyy,dc=zzz" "o=bbb.yyy.zzz,o=yyy"
>
> What I am after is having it so that users that exist in the
> "aaa.yyy.zzz" LDAP server (that I have no control over) can
> authenticate, users in the "bbb.yyy.zzz" LDAP server (that I do
> control) can authenticate, and that the groups in the "bbb.yyy.zzz",
> which contain users from both "aaa" and "bbb" are able to
> authenticate.  Authenticate right now means can access apache via
> authnzldap.
>
> Running "/usr/lib64/openldap/slapd -d -{any level}" doesn't seem to
> issue any objections, and my testing works (users from both "aaa" and
> "bbb" can login either as a by user or group).
>
> If I run "slaptest -f /etc/openldap/slapd.conf -F
> /etc/openldap/slapd.d" -d {any level} I get:
>
>    WARNING: No dynamic config support for database meta.
>    WARNING: The converted cn=config directory is incomplete and may not work.
>    config file testing succeeded
>
> I cannot spot any errors that it is giving me in the config.
>
> then running "/usr/lib64/openldap/slapd -d -{any level}" doesn't work
> (it does work if I delete the files in the /etc/openldap/slapd.d
> directory.
>
> For example (with -d 64):
>
> @(#) $OpenLDAP: slapd 2.3.35 (Aug 23 2007 11:00:09) $
>         root@foo:/var/tmp/portage/net-nds/openldap-2.3.35-r1/work/openldap-2.3.35/servers/slapd
> loaded module back_null.so
> module back_null.so: null module registered
> loaded module back_meta.so
> module back_meta.so: null module registered
> index objectClass 0x0004
> meta_back_db_open: no targets defined
> backend_startup_one: bi_db_open failed! (1)
> slapd stopped.
> connections_destroy: nothing to destroy.

You have not defined a config database in slapd.conf but created a
slapd.d directory, so just run slapd with  -f <path/to/slapd.conf>
parameter, man slapd(8)

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6