[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cannot populate with smbldap-populate



so, i changed all the permissions in the /var/lib/ldap/*

chmod 0755 /var/lib/ldap/

I retried with slapindex with the same result:

from root:
sudo /usr/sbin/slapindex

WARNING!
Runnig as root!
There's a fair chance slapd will fail to start.
Check file permissions!

from normal user:
usr/sbin/slapindex
/etc/ldap/slapd.conf: line 20: invalid path: Permission denied
slapindex: bad configuration file!

I repeated strace and i didn't find errors

I repeated slapindex from root and from normal user but the result was the same as above.

I repeated smbldap-populate anc magically it runs!

Do you understand something of this chaos? I'd like to understand the why of this behavior.

Thanks


On 04/30/2012 08:51 AM, Stefano Malini wrote:
Hi,

please take a look of my permissions:

ls -l /var
drwxr-xr-x  13 openldap openldap  4096 Mar 20 09:47 var

ls -l /var/lib
drwxr-xr-x 31 openldap openldap 4096 Apr 28 16:38 lib

ls -l /var/lib/ldap
drwxr-xr-x 2 openldap openldap 4096 Apr 30 08:31 ldap

ls -l /var/lib/ldap/
root@amahoro:/# ls -l /var/lib/ldap/
total 11580
-rw-r----- 1 openldap openldap     4096 Apr 30 08:31 alock
-rw------- 1 openldap openldap     8192 Apr 29 11:47 cn.bdb
-rw------- 1 openldap openldap    24576 Apr 30 08:31 __db.001
-rw------- 1 openldap openldap   352256 Apr 30 08:38 __db.002
-rw------- 1 openldap openldap  2629632 Apr 30 08:38 __db.003
-rw------- 1 openldap openldap   163840 Apr 30 08:38 __db.004
-rw------- 1 openldap openldap   876544 Apr 30 08:38 __db.005
-rw------- 1 openldap openldap    32768 Apr 30 08:38 __db.006
-rw-r--r-- 1 openldap openldap       96 Apr 23 17:34 DB_CONFIG
-rw------- 1 openldap openldap     8192 Apr 28 14:23 dn2id.bdb
-rw------- 1 openldap openldap     8192 Apr 29 11:47 gidNumber.bdb
-rw------- 1 openldap openldap    32768 Apr 28 14:23 id2entry.bdb
-rw------- 1 openldap openldap 10485760 Apr 30 08:30 log.0000000001
-rw------- 1 openldap openldap     8192 Apr 29 11:47 mail.bdb
-rw------- 1 openldap openldap     8192 Apr 28 14:00 memberUid.bdb
-rw------- 1 openldap openldap     8192 Apr 28 11:52 objectClass.bdb
-rw------- 1 openldap openldap     8192 Apr 29 11:47 sambaSID.bdb
-rw------- 1 openldap openldap     8192 Apr 29 11:47 sn.bdb
-rw------- 1 openldap openldap     8192 Apr 29 11:47 uid.bdb
-rw------- 1 openldap openldap     8192 Apr 29 11:47 uidNumber.bdb

Are ok?

On 4/30/12, Quanah Gibson-Mount<quanah@zimbra.com>  wrote:


On Apr 29, 2012, at 3:27 AM, stefano malini<lozingalo@gmail.com>  wrote:

Hi,
other check:

using
sudo strace /usr/sbin/slapindex
i found the line:
open("/var/lib/ldap/DUMMY", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) =
-1 EACCES (Permission denied)
but in that directory there is not not "DUMMY"

What can i do? am blocked on this point

Thanks

Clearly the higher level directory permissions are wrong. Fix them.

--Quanah


On 04/29/2012 11:02 AM, Jonathan Clarke wrote:
On 29 avr. 2012, at 10:27, stefano malini<lozingalo@gmail.com>   wrote:

I used slapindex also, the output is:

stefano@amahoro:~$ /usr/sbin/slapindex
/etc/ldap/slapd.conf: line 20: invalid path: Permission denied
slapindex: bad configuration file!

Try running slapindex as the user "openldap". Also, make sure that you
run slapd as that user too.

Jonathan

This is my slapd.conf

#Basics
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/samba.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        256

modulepath      /usr/lib/ldap
moduleload      back_hdb

#Database configuration
database        hdb
suffix          "dc=amahoro,dc=bi"
rootdn          "cn=Manager,dc=amahoro,dc=bi"
rootpw          {SSHA}XBLZ+TknuZHW3dirN2SE2fj3mYka3tkG
directory       /var/lib/ldap<----------------------------- LINE 20
index           uid,uidNumber,gidNumber,memberUid       eq
index           cn,mail,surname,givenname       eq,subinitial
index           sambaSID        eq
index           sambaPrimaryGroupSID    eq


#ACLs
access to attrs=userPassword
        by anonymous auth
        by self write
        by * none

access to *
        by dn.base="uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" read
        by self write
        by * none


These are the permissions of /var/lib/ldap/are

drwxr-x--- 2 openldap openldap 4096 Apr 29 09:57 ldap

-rw-r--r-- 1 openldap openldap     4096 Apr 29 09:57 alock
-rw------- 1 openldap openldap     8192 Apr 28 12:18 cn.bdb
-rw------- 1 openldap openldap    24576 Apr 29 09:57 __db.001
-rw------- 1 openldap openldap   352256 Apr 29 09:57 __db.002
-rw------- 1 openldap openldap  2629632 Apr 29 09:57 __db.003
-rw------- 1 openldap openldap   163840 Apr 29 09:57 __db.004
-rw------- 1 openldap openldap   876544 Apr 29 09:57 __db.005
-rw------- 1 openldap openldap    32768 Apr 29 09:57 __db.006
-rw-r--r-- 1 openldap openldap       96 Apr 23 17:34 DB_CONFIG
-rw------- 1 openldap openldap     8192 Apr 28 14:23 dn2id.bdb
-rw------- 1 openldap openldap     8192 Apr 28 14:23 gidNumber.bdb
-rw------- 1 openldap openldap    32768 Apr 28 14:23 id2entry.bdb
-rw------- 1 openldap openldap 10485760 Apr 29 09:57 log.0000000001
-rw------- 1 openldap openldap     8192 Apr 28 12:18 mail.bdb
-rw------- 1 openldap openldap     8192 Apr 28 14:00 memberUid.bdb
-rw------- 1 openldap openldap     8192 Apr 28 11:52 objectClass.bdb
-rw------- 1 openldap openldap     8192 Apr 28 14:23 sambaSID.bdb
-rw------- 1 openldap openldap     8192 Apr 28 12:18 sn.bdb
-rw------- 1 openldap openldap     8192 Apr 28 12:18 uid.bdb
-rw------- 1 openldap openldap     8192 Apr 28 14:23 uidNumber.bdb

Whato do you think?

Thanks




On 04/28/2012 08:33 PM, stefano malini wrote:
anyone?

On 04/28/2012 11:30 AM, stefano malini wrote:
Hi,
i cannot end the populating process using smbldap-populate due to
this
errors:

root@amahoro:~# smbldap-populate
Populating LDAP directory for domain AMAHORO
(S-1-5-21-251852451-2940789264-3475694606)
(using builtin directory structure)

entry dc=amahoro,dc=bi already exist.
entry ou=Users,dc=amahoro,dc=bi already exist.
entry ou=Groups,dc=amahoro,dc=bi already exist.
entry ou=Computers,dc=amahoro,dc=bi already exist.
entry ou=Idmap,dc=amahoro,dc=bi already exist.
adding new entry: uid=root,ou=Users,dc=amahoro,dc=bi
failed to add entry: index generation failed at
/usr/sbin/smbldap-populate line 498,<GEN1>   line 58.
adding new entry: uid=nobody,ou=Users,dc=amahoro,dc=bi
failed to add entry: index generation failed at
/usr/sbin/smbldap-populate line 498,<GEN1>   line 89.
adding new entry: cn=Domain Admins,ou=Groups,dc=amahoro,dc=bi
failed to add entry: index generation failed at
/usr/sbin/smbldap-populate line 498,<GEN1>   line 101.
adding new entry: cn=Domain Users,ou=Groups,dc=amahoro,dc=bi
failed to add entry: index generation failed at
/usr/sbin/smbldap-populate line 498,<GEN1>   line 112.
adding new entry: cn=Domain Guests,ou=Groups,dc=amahoro,dc=bi
failed to add entry: index generation failed at
/usr/sbin/smbldap-populate line 498,<GEN1>   line 123.
adding new entry: cn=Domain Computers,ou=Groups,dc=amahoro,dc=bi
failed to add entry: index generation failed at
/usr/sbin/smbldap-populate line 498,<GEN1>   line 134.
adding new entry: cn=Administrators,ou=Groups,dc=amahoro,dc=bi
failed to add entry: index generation failed at
/usr/sbin/smbldap-populate line 498,<GEN1>   line 179.
adding new entry: cn=Account Operators,ou=Groups,dc=amahoro,dc=bi
failed to add entry: index generation failed at
/usr/sbin/smbldap-populate line 498,<GEN1>   line 201.
adding new entry: cn=Print Operators,ou=Groups,dc=amahoro,dc=bi
failed to add entry: index generation failed at
/usr/sbin/smbldap-populate line 498,<GEN1>   line 212.
adding new entry: cn=Backup Operators,ou=Groups,dc=amahoro,dc=bi
failed to add entry: index generation failed at
/usr/sbin/smbldap-populate line 498,<GEN1>   line 223.
adding new entry: cn=Replicators,ou=Groups,dc=amahoro,dc=bi
failed to add entry: index generation failed at
/usr/sbin/smbldap-populate line 498,<GEN1>   line 234.
entry sambaDomainName=AMAHORO,dc=amahoro,dc=bi already exist.
Updating
it...

Please provide a password for the domain root:
/usr/sbin/smbldap-passwd: user root doesn't exist

i don't find the error "index generation failed" on internet. Do you
know the problem?

Thanks