[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: ldapadd "ldap_bind: Invalid credentials (49)"
--On Friday, August 30, 2013 5:21 PM +0000 Clint Petty
<cpetty@luthresearch.com> wrote:
> I renamed /usr/local/openldap/etc/openldap/slapd.conf to
> /usr/local/openldap/etc/openldap/slapd.conf.example, since I am using
> cn=config.
>
> I ran the following slapadd command:
># slapadd -F /usr/local/etc/openldap/slapd.d -n 0 -l /tmp/ldif
> slapadd: line 1: database #0 (cn=config) not configured to hold
> "dc=myplace,dc=local"; no database configured for that naming context _
> 0.88% eta none elapsed none spd 1.4 M/s Closing DB...
>#
>
> It appears somewhere in my cn=config directory structure there is an
> entry "dc=myplace,dc=local" that should reflect my company. I searched
> for this entry in my /usr/local/etc/openldap/slapd.d directory structure,
> however is not in any of those files. How can I change this?
> Hi Clint,
>
> The complaint here is that the ldif file you are loading is for
> "dc=mycompany,dc=local", and your slapd configuration is not configured to
> load such a database. I suggest you examine the LDIF file you are
> attempting to load to see if it matches what you expect it to contain.
>
> --Quanah
Hi Quanah,
My LDIF file looks like this:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/RADIUS-LDAPv3.schema
include /etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/openldap/var/run/slapd.pid
argsfile /usr/local/openldap/var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/openldap/libexec/openldap
# moduleload back_bdb.la
# moduleload back_hdb.la
# moduleload back_ldap.la
moduleload syncprov.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix dc=luthresearch,dc=net
rootdn dc=luthresearch,dc=net
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/openldap/var/openldap-data
#directory /var/lib/ldap
# Indices to maintain
#index objectClass eq
index objectclass,entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
serverID 2
syncrepl rid=002
provider=ldap://10.15.2.199
bindmethod=simple
binddn="cn=Manager,dc=luthresearch,dc=net"
credentials=secret
searchbase="dc=luthresearch,dc=net"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
======================================================
# /usr/local/openldap/sbin/slaptest -uf /usr/local/openldap/etc/openldap/slapd.conf.InUse -F /usr/local/etc/openldap/slapd.d
config file testing succeeded
#
However, still not able to add the database:
# slapadd -F /usr/local/etc/openldap/slapd.d -n 0 -l /tmp/ldif
slapadd: line 1: database #0 (cn=config) not configured to hold "dc=myplace,dc=local"; no database configured for that naming context
_ 0.88% eta none elapsed none spd 2.5 M/s
Closing DB...
Still references "dc=myplace,dc=local"?
----------------------------------------
When I start slapd in debug mode, I get this:
5220e9a9 slapd startup: initiated.
5220e9a9 backend_startup_one: starting "cn=config"
5220e9a9 config_back_db_open
Backend ACL: access to *
by * none
5220e9a9 config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context
5220e9a9 backend_startup_one: starting "dc=luthresearch,dc=net"
5220e9a9 bdb_db_open: "dc=luthresearch,dc=net"
5220e9a9 bdb_db_open: database "dc=luthresearch,dc=net": database already in use.
5220e9a9 backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-1)
5220e9a9 slapd shutdown: initiated
5220e9a9 ====> bdb_cache_release_all
5220e9a9 slapd destroy: freeing system resources.
5220e9a9 syncinfo_free: rid=002
5220e9a9 slapd stopped.
#
Clint