[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: openldap nightmare
What version of OpenLDAP?
You're also using ldbm which has been dropped completely from 2.4 and
is not recommended in 2.2
On 9/4/08, John Nietzsche <john.nietzsche@gmail.com> wrote:
> Dear members,
>
> I was trying to use slapd with configurations within itself, i mean:
> not using /etc/openldap/slapd.conf.
>
> Since i could not get authentication working i decided to switch
> configuration to /etc/opendalp/slapd.conf, and
>
> everything worked. My doube is what kinf of error i am doing ? Could
> some tell me?
>
> Here is my ldap.ldif:
>
> #################################
> # #
> # Global configuration settings #
> # #
> #################################
>
> dn: cn=config
> objectClass: olcGlobal
> cn: config
> olcIdleTimeout: 64
> olcLogLevel: -1
> olcReferral: ldap://root.openldap.org
>
> ############################
> # #
> # Included file directives #
> # #
> ############################
>
> dn: cn=include{0},cn=config
> objectClass: olcIncludeFile
> cn: include{0}
> olcInclude: /etc/openldap/schema/core.schema
>
> dn: cn=include{1},cn=config
> objectClass: olcIncludeFile
> cn: include{1}
> olcInclude: /etc/openldap/schema/cosine.schema
>
> dn: cn=include{2},cn=config
> objectClass: olcIncludeFile
> cn: include{2}
> olcInclude: /etc/openldap/schema/corba.schema
>
> dn: cn=include{3},cn=config
> objectClass: olcIncludeFile
> cn: include{3}
> olcInclude: /etc/openldap/schema/dyngroup.schema
>
> dn: cn=include{4},cn=config
> objectClass: olcIncludeFile
> cn: include{4}
> olcInclude: /etc/openldap/schema/inetorgperson.schema
>
> dn: cn=include{5},cn=config
> objectClass: olcIncludeFile
> cn: include{5}
> olcInclude: /etc/openldap/schema/java.schema
>
> dn: cn=include{6},cn=config
> objectClass: olcIncludeFile
> cn: include{6}
> olcInclude: /etc/openldap/schema/misc.schema
>
> dn: cn=include{7},cn=config
> objectClass: olcIncludeFile
> cn: include{7}
> olcInclude: /etc/openldap/schema/nis.schema
>
> dn: cn=include{8},cn=config
> objectClass: olcIncludeFile
> cn: include{8}
> olcInclude: /etc/openldap/schema/openldap.schema
>
> dn: cn=include{9},cn=config
> objectClass: olcIncludeFile
> cn: include{9}
> olcInclude: /etc/openldap/schema/ppolicy.schema
>
> ###############################################################
> # #
> # If openldap was compiled with support for modules, then ... #
> # #
> ###############################################################
>
> dn: cn=module{0},cn=config
> objectClass: olcModuleList
> cn: module{0}
> olcModulePath: /usr/local/libexec/openldap
> olcModuleLoad: back_ldbm.la
>
> #dn: cn=module{1},cn=config
> #objectClass: olcModuleList
> #cn: module{1}
> #olcModulePath: /usr/local/libexec/openldap
> #olcModuleLoad: back_ldap.la
>
> ################
> # #
> # Schema entry #
> # #
> ################
>
> dn: cn=schema,cn=config
> objectClass: olcSchemaConfig
> cn: cn=schema
>
> ####################
> # #
> # Backend #
> # #
> ####################
>
> dn: olcBackend=ldbm,cn=config
> objectClass: olcBackendConfig
> olcBackend: ldbm
>
> #############
> # #
> # Databases #
> # #
> #############
>
> dn: olcDatabase=ldbm,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcLdbmConfig
> olcDatabase: ldbm
> olcSuffix: "dc=cpd,dc=ufv,dc=br"
> olcDbDirectory: /asd/var/ldap
> olcDbIndex: objectClass eq
> olcAccess: to * by users read
> olcRootDN: "cn=Manager,dc=cpd,dc=ufv,dc=br"
> olcRootPW: {SSHA}q1mH0pWNnHF0+K4hV5yOV4I7p/VfIIYs
>
>
> END OF ldap.ldif
>
> Now, my slapd.conf
>
> sioux@etosha$ cat /etc/openldap/slapd.conf
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include /etc/openldap/schema/core.schema
>
> # Define global ACLs to disable default read access.
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
>
> # Load dynamic backend modules:
> modulepath /usr/local/libexec/openldap
> # moduleload back_bdb.la
> moduleload back_ldap.la
> moduleload back_ldbm.la
> # moduleload back_passwd.la
> # moduleload back_shell.la
>
> # Sample security restrictions
> # Require integrity protection (prevent hijacking)
> # Require 112-bit (3DES or better) encryption for updates
> # Require 63-bit encryption for simple bind
> # security ssf=1 update_ssf=112 simple_bind=64
>
> # Sample access control policy:
> # Root DSE: allow anyone to read it
> # Subschema (sub)entry DSE: allow anyone to read it
> # Other DSEs:
> # Allow self write access
> # Allow authenticated users read access
> # Allow anonymous users to authenticate
> # Directives needed to implement policy:
> # access to dn.base="" by * read
> # access to dn.base="cn=Subschema" by * read
> # access to *
> # by self write
> # by users read
> # by anonymous auth
> #
> # if no access controls are present, the default policy
> # allows anyone and everyone to read anything but restricts
> # updates to rootdn. (e.g., "access to * by * read")
> #
> # rootdn can always read and write EVERYTHING!
>
> #######################################################################
> # BDB database definitions
> #######################################################################
>
> database ldbm
> suffix "dc=cpd,dc=ufv,dc=br"
> rootdn "cn=Manager,dc=cpd,dc=ufv,dc=br"
> # Cleartext passwords, especially for the rootdn, should
> # be avoid. See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw {SSHA}q1mH0pWNnHF0+K4hV5yOV4I7p/VfIIYs
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory /var/openldap-data
> # Indices to maintain
> index objectClass eq
>
>
> OpenLDAP works if i am using the slapd.conf, but if i choose -F /x/y/z
> it does not work.
>
> Thanks a lot for your time and cooperation, best regards
>
--
Sent from my mobile device
http://www.suretecsystems.com/services/openldap/