[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Invalid credentials
- To: Dave Beach <drbeach4@gmail.com>
- Subject: Re: Invalid credentials
- From: Ryan Tandy <ryan@nardis.ca>
- Date: Sun, 21 Feb 2016 09:47:53 -0800
- Cc: openldap-technical@openldap.org
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nardis.ca; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=Qysqp7fB+WHQwqm25NObgN1VMuAflEyf1EaFr53ILQY=; b=ojLk8b9MBSWPFHVl9pvgJYSLcyKF3iStX+nIUyJpU/dM0lIbfXX+cwqnlDpGoHKATE TFHpS22sb+HeONFuU0PN+3qrKQP6JTdODibLohUtSiGfoKj2vf+7IaSQncoR7OCad+IW UrB13e6V2Kr9EhqxzwDzcdbhR7Aw7ugP/ngBY=
- In-reply-to: <004801d16cb9$35b79bb0$a126d310$@gmail.com>
- Mail-followup-to: Dave Beach <drbeach4@gmail.com>, openldap-technical@openldap.org
- References: <001201d16b94$285e5e20$791b1a60$@gmail.com> <DA06CE5AA35A4905CC681854@192.168.1.9> <003e01d16c06$776a8c10$663fa430$@gmail.com> <CACsf_wx3Xd50ALD2q5+aJrMSZsAVf-S8C6cG4ne5uFLXtJj_kQ@mail.gmail.com> <004801d16cb9$35b79bb0$a126d310$@gmail.com>
- User-agent: Mutt/1.5.23 (2014-03-12)
On Sun, Feb 21, 2016 at 10:04:48AM -0500, Dave Beach wrote:
###########
# syslog start #
###########
Feb 21 07:47:03 drbgate slapd[1242]: @(#) $OpenLDAP: slapd (Jan 16 2016 23:00:08) $#012#011root@chimera:/tmp/buildd/openldap-2.4.40+dfsg/debian/build/servers/slapd
Feb 21 07:47:03 drbgate slapd[1242]: daemon: bind(11) failed errno=2 (No such file or directory)
This looks like a Debian bug, actually.
The default pidfile location is /var/run/slapd/slapd.pid, and the init
script does "mkdir $(dirname $pidfile)" during startup.
(In case you want to compare, the default template is in
/usr/share/slapd/slapd.conf.)
However, your pidfile is set to /var/run/slapd.pid, so probably nothing
is creating /var/run/slapd. This is a problem since on modern systems
/var/run is a symlink to /run which is a tmpfs...
Would you please report this in the Debian bug tracker?
A workaround to get you going would be to change your pidfile setting to
/var/run/slapd/slapd.pid.
No matter in the short term (that problem is down the priority list), I can simply start it manually with slapd -t /etc/ldap/slapd.conf; slapd starts, here's the syslog snippet:
Assuming that's the exact command you actually ran, slapd is now running
as root instead of openldap, and that's only going to exacerbate any
permissions problems you might have.
To restore sanity, you may want to
chown -R openldap:openldap /var/lib/ldap /etc/ldap/slapd.conf
(and /etc/ldap/slapd.d, if it exists)
and use something more like this for future manual runs of slapd:
slapd -h 'ldap:// ldapi://' -u openldap -g openldap -f /etc/ldap/slapd.conf
password-hash {SMD5}
Hmm, time to upgrade to a more secure hash... Current default is SSHA
and there are even better possibilities in some contrib modules (the
sha2 module is included in the Debian package).
############################
# bdb database definitions #
############################
database bdb
And time to upgrade to MDB backend as well, but obviously with lower
priority, after the current fire has been put out. :)
rootpw {SMD5}jucQ+foqlF7O/VLmLllThlYH5zY=
FTR, putting the plaintext password there works as well - not
recommended for production, of course, but helpful for ruling things out
during testing.
I take from this response ("no such object") that it could not find the entry.
Where am I going wrong?
I don't see anything obviously wrong with the above.
I assume you've ensured that the parent entry dc=drbhome,dc=ca exists.
I have no evidence that indexing is your problem, but in an odd
situation like yours, I might re-index just to rule that out:
sudo -u openldap slapindex -f /etc/ldap/slapd.conf -q