[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: failed to start slapd & can't create password - please help.



Harry Jede wrote:
Am Sonntag, 20. Juni 2010 schrieb sam:
Hi,

With the following setup:

hometest:openldap # uname -a
FreeBSD hometest.ip6.com.au <http://hometest.ip6.com.au> 8.1-RC1
FreeBSD 8.1-RC1 #0: Fri Jun 18
15:26:58 EST 2010
root@hometest.ip6.com.au:/usr/
obj/usr/src/sys/mail.db.java.portal
i386
hometest:openldap # pkg_info | grep -i ldap
openldap-sasl-client-2.4.22 Open source LDAP client implementation
with SASL2 support
openldap-sasl-server-2.4.22 Open source LDAP server implementation
hometest:openldap # pkg_info | grep -i db
db46-4.6.21.4       The Berkeley DB package, revision 4.6
hometest:openldap # pkg_info | grep -i sasl
cyrus-sasl-2.1.23   RFC 2222 SASL (Simple Authentication and Security
Layer)
cyrus-sasl-saslauthd-2.1.23 SASL authentication server for
cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client
implementation with SASL2 support
openldap-sasl-server-2.4.22 Open source LDAP server implementation

I can't create password for ldap:
hometest:openldap # slappasswd -h {MD5} -s password
Password generation failed for scheme MD5: scheme not recognized

and:

hometest:rc.d # ./slapd start
Starting slapd.
./slapd: WARNING: failed to start slapd

slapd.conf file is shown below:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema

#X.500 RFC1274 COSINE Pilot Schema
include         /usr/local/etc/openldap/schema/cosine.schema
#For Addressbooks
include         /usr/local/etc/openldap/schema/inetorgperson.schema
#For Authentication
include         /usr/local/etc/openldap/schema/nis.schema

TLSCACertificateFile /usr/local/etc/ssl/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/ssl/portal.ip6.com.au.pem
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/private/cakey.pem
TLSCipherSuite HIGH


# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org <http://root.openldap.org>

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

# Load dynamic backend modules:
modulepath      /usr/local/libexec/openldap
moduleload      back_bdb
#####################################################################
## # BDB database definitions
#####################################################################
##

database        bdb
suffix          "dc=ip6,dc=com,dc=au"
rootdn          "cn=Manager,dc=ip6,dc=com,dc=au"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/db/openldap-data
# Indices to maintain
index   objectClass     eq

Can anyone tell me how to start openldap and how to assign password
to it?
I do not know why your slapd is not starting.
Have you added some data to your database?
Who is the owner of /var/db/openldap-data?

Hi, thanks for the reply regarding to the problem of ldap is not starting.
I haven't added any data to the ldap database yet, because I had problem of creating ldap password before.
Should I add data to the ldap database before I can start ldap?

Thanks agian for your help
Sam


Most people do not want the md5-scheme, they need the md5 algo from crypt. Try this:

 slappasswd -c '$1$%.8s' -s secret
{CRYPT}$1$HlW67YUS$DNY2T6859V9xh8frUpbXJ/

Read the man pages of slappasswd and slapd.conf.

But pay attention, that slappasswd is NOT reading the config file slpad.conf. This is at least true for my quite old version of slapd in Debian Lenny (slapd 2.4.11) :-( .

strace -e trace=file /usr/sbin/slappasswd -s secret 2>&1 | grep slapd.conf

returns nothing



Your help is very much appreciated.

Thanks
Sam

-