Issue while starting "slapd"
by Monica_Rana
Hi All,
After successful installation of openldap 2.3.27 on Solaris 8, when i
try to start the ldap service, it throws the following error.
# ./slapd
ld.so.1: ./slapd: fatal: libdb-4.4.so: open failed: No such file or
directory
Killed
If anyone has any idea on what is causing this issue, please guide.
Regards,
Monica Rana
**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***
16 years, 11 months
slapd, bdb, 32-bit -> 64-bit
by Frode Nordahl
Hello,
I am trying to use a slapd BDB database created on a 32-bit intel
system on a 64-bit (amd64/EMT64) system. Running slapcat on the
database works fine, but when the server is started, ldapsearch is
unable to find anything.
I understand that there are architectural differences between a 32-
bit and 64-bit systems, but I don't think Berkeley DB have any
problems with having its data being interchanged between the platforms.
We are running OpenLDAP in a distributed environment where every
server has a local copy of the LDAP database for performance and
reliability reasons. The database is 6 GB, so it is non-trivial
export it to LDIF and import it again on the 64-bit systems. (It
takes way too long).
I am setting up one server to just be a spare LDAP slave so we
easilly can take it down and copy the database to any new system
added to the cluster without causing any downtime anywhere. But this
is not possible as long as I cannot use the same database on 32-bit
and 64-bit systems.
Would it be possible to make this work at all?
Could this be caused by a platform-dependent variable type being used
somewhere, rather than a fixed sized variable type, making slapd
interpret the same data diffrently on different platforms?
--
Frode Nordahl
16 years, 11 months
How was developers' day 2006
by Emiel van de Laar
Hi all,
How was the OpenLDAP developers' day? :)
I wasn't able to attend but am curious about
the discussions and presentations.
Could someone write a brief summary of the
highlights. Perhaps there are slides available
or audio/video.
Thanks in advance.
Regards,
Emiel van de Laar
16 years, 11 months
Re: Slapd.d Config File
by Pierangelo Masarati
Ted Johnson wrote:
> ----- Original Message ----
> From: Pierangelo Masarati <ando(a)sys-net.it>
> To: Ted Johnson <whatawonderfulworldweliveintoo(a)yahoo.com>
> Cc: OpenLDAP-software(a)openldap.org
> Sent: Sunday, October 15, 2006 5:28:09 PM
> Subject: Re: Slapd.d Config File
>
> Ted Johnson wrote:
> > * Does someone out there in OpenLDAP-land have a slapd.d conf file
> > they could share?
> Try "/usr/local/libexec/slapd -f slapd.conf -F ./slapd.d
> your-already-existing-empty-configuration-dir"
In my original mail I've never specified what path you were supposed to
find slapd in.
>
> Interesting. It complained there was no slapd binary.
Where your binaries are located, and what path you use is not relevant
to this discussion.
> Now, that worried me. I ran a search and found a binary here:
> /usr/local/libexec/slapd
> Now, since it wasn't in a bin dir, I didn't think that would work, but
> I didn't think it would hurt anything either, so I ran your command
> but with an absolute path to that binary, and violá! there were the files.
>
> > * Are the following still correct?
> > pidfile /var/run/ldap/slapd.pid
> > argsfile /var/run/ldap/slapd.args
> > modulepath /usr/lib/openldap
> > pam_ldap
> pam_ldap has never been a valid slapd.conf directive
>
> How does one include modules, then?
I don't understand what "pam_ldap" may have to do with slapd's modules.
Also, I don't understand why you talk about modules if you don't have
any idea of what they're supposed to do. Note that, unless you build
slapd with module support, and you build components as modules, they
will be statically built into slapd. The fact that you use statically
built-in or run-time loaded modules, in any case, has nothing to do with
a general discussion on using cn=config; I suggest to keep the two
discussions separate.
> Also, do you know of a good reference that would list all the modules
> with which OpenLDAP works and a description of them? Googled and got zip.
./configure --help.
>
> > sasl-host ldap.2012.vi
> > TLSRandFile /dev/random
> > TLSCipherSuite HIGH:MEDIUM:+SSLv2
> > TLSCertificateFile /etc/ssl/openldap/ldap.pem
> > TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem
> > TLSCACertificatePath /etc/ssl/openldap/
> > TLSCACertificateFile /etc/ssl/cacert.pem
> > TLSCACertificateFile /etc/ssl/openldap/ldap.pem
> > TLSVerifyClient demand # ([never]|allow|try|demand)
> a hash mark ('#') followed by text is interpreted as an argument to the
> command that starts the line, not as a comment (as I assume you mean it).
>
> No. Thanks.
>
> > loglevel 256
> > database bdb
> > suffix "dc=2012,dc=vi"
> > rootdn "cn=admin,dc=2012,dc=vi"
> > directory /var/lib/ldap
> > index objectClass eq,pres
> > access: to dn.base="/var/lib/ldap" by root read
> No colon (':') after "access" is allowed in the "access" access control
> directive
> > database monitor
> The above seems to be a collection of partially incorrect slapd.conf
> statements. Provided you fix what's wrong, it should be fine to
> generate the cn=config database following indications above. Note that
> you don't have to generate the cn=config database unless you intend to
> use it, and I suggest you don't until you understand all the
> implications and its general usefulness. From your message, it appears
> you didn't understand it yet, and you got the false perception that the
> traditional way of configuring slapd is no longer valid, which is
> absolutely not true.
>
> Well, I was just following directions ;) ***This list*** told me to
> ask my beginner questions at ldap(a)umich.edu.
The questions you just asked are OpenLDAP specific, and in fact you got
OpenLDAP specific answers (as good as mine can be, at least). I don't
see how that list could have helped you thru details of very recent
OpenLDAP development. I'm not saying you can't ask beginner's
questions; of course they're welcome as soon as they can lead to
improving your (and others') understanding of how things work. It seems
to me that starting with cn=config while you don't appear to have a
clear understanding of how OpenLDAP's slapd works sounds a bit too
ambitious. All in all, cn=config is a __very__ new feature. My point
is that there's tons of info out there about how to configure slapd via
slapd.conf(5), and yet too little about how to do it using cb=config
(and the most authoritative documentation for both is the Admin Guide
<http://www.openldap.org/doc/admin23/>). So I suggest you stick with
slapd.conf(5) by now; it's up to you to follow advice, though :).
> *That* list recommended all sorts of material to study. And there is a
> __lot__ of confusion created from following these divergent
> suggestions. Unfortunately, the documentation on openldap.org is
> __very__limited__ and needs to be supplemented.
The project is open; the FAQ
<http://www.openldap.org/faq/data/cache/1.html> is interactive, and
<http://www.openldap.org/devel/contributing.html> details how to
contribute, if you think the documentation needs to be supplemented.
Saying that may sound a bit offensive to all persons that spent their
spare time in writing a fair amount of documentation (> 3 MB of man
pages; 16 chapters of Admin Guide; ~2000 nodes of FAQ; ...). If you can
suggest specific improvements to specific portions of documentation,
feel free to post them; if all you have to say is "__very__limited__",
well... (silently counting to a billion...)
> Maybe easy for you guys, but I live on top of a mountain in the middle
> of nowhere in the Dominican Republic with my trusty satellite
> dish...and getting books here via Amazon takes longer than you'd think
> and costs a fortune. So, I have to rely on what's available
> online...and in this case, it's been disappointing, to say the least.
All documentation on OpenLDAP.org is plain HTML or txt (man pages), so
downloading it shouldn't be a big deal. Note that all the indications
you got so far from me have been taken from the Admin Guide
<http://www.openldap.org/doc/admin23/>. I don't know what documentation
you read so far, but if you didn't read (and understand) the Admin Guide
I strongly urge you to do so. Man pages like slapd.conf(5),
slapd.access(5) and backend (and overlay) specific pages, like
slapd-bdb(5) may be of help in understanding the details of each statement.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati(a)sys-net.it
------------------------------------------
16 years, 11 months
howto replication ldap
by chechu chechu
hi
I trying tu build replication, i got it in simple mode, but when I try
with ssl or ssl + sasl, i can't get it someone know where i can find a
howto for buildiong step to step or if someone want guide me to build
it...
thanks
16 years, 11 months
Slapd.d Config File
by Ted Johnson
74Hi;
After about 150 hours of researching LDAP/OpenLDAP, I have finally come to the realization, among many others, that I need to build a slapd.d configuration file, not a slapd.conf configuration file. There are differences, but the documentation I've read thus far unfortunately clouds the issues. I have the following questions:
* Does someone out there in OpenLDAP-land have a slapd.d conf file they could share? That would help me more than the rest of these questions.
* Do I want to include LDIF schema files, or SCHEMA schema files, or both?
* Which format do I use below: A or B?
A) include /usr/share/openldap/schema/core.schema
B) olcInclude /usr/share/openldap/schema/core.schema
Or is *this* correct?
C) include: file:///usr/local/etc/openldap/schema/core.ldif
* What is the difference between the attributeTypes/objectClasses in the *.schema files and the olcAttributeTypes/olcObjectClasses in the *.ldif files? What was the point in renaming them? To cut down on confusion? (I dare say it didn't.)
* Do I still need an ldap.conf file?
* Are the following still correct?
pidfile /var/run/ldap/slapd.pid
argsfile /var/run/ldap/slapd.args
modulepath /usr/lib/openldap
pam_ldap
sasl-host ldap.2012.vi
TLSRandFile /dev/random
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem
TLSCACertificatePath /etc/ssl/openldap/
TLSCACertificateFile /etc/ssl/cacert.pem
TLSCACertificateFile /etc/ssl/openldap/ldap.pem
TLSVerifyClient demand # ([never]|allow|try|demand)
loglevel 256
database bdb
suffix "dc=2012,dc=vi"
rootdn "cn=admin,dc=2012,dc=vi"
directory /var/lib/ldap
index objectClass eq,pres
access: to dn.base="/var/lib/ldap" by root read
database monitor
Pulling my hair out,
Ted
16 years, 11 months
Post-read to collect generated DN of back-config entries
by Pierangelo Masarati
Michael,
as we discussed few hours ago, you may use the postread control to
capture the DN of an entry that's just been added, since the "X-ORDERED
'SIBLINGS'" will add a leading {<digits>} to the distinguished value.
I've just committed a couple of fixes to HEAD that allow to
1) use the control (the absence of o_bd was causing access control to
fail in the internal search that looks up the freshly added data)
2) use "1.1" as requested attribute to just lookup the DN, if you're
fine with that; to make things more general, you might want to require
the entryDN instead.
The example code that adds the postread control and parses the result is
in clients/tools/common.c. Maybe it could be worth having a pair of
library calls much like we have for pagedResults:
ldap_create_page_control() and ldap_parse_page_control() (and their
building blocks) so that they can simply be called from within the
python wrapper.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati(a)sys-net.it
------------------------------------------
16 years, 11 months
RE: Install CA Certificate
by Aaron Smith
DOH! What a stupid mistake. That's exactly it. If I use the actual
OpenLdap ldapsearch, I can get it to work connecting to
ldaps://n1-wrath.sandbox.com:3269. Now I just need to get auth_ldap in
Apache to do the same! But at least I'm getting closer. Thanks.
--------------------------------------------------------------------
Aaron Smith Aaron.Smith(a)kzoo.edu
System Administrator (269) 337-7496
Kalamazoo College
-----Original Message-----
From: Aaron Richton [mailto:richton@nbcs.rutgers.edu]
Sent: Thursday, October 12, 2006 6:20 PM
To: Aaron Smith
Cc: openldap-software(a)openldap.org
Subject: Re: Install CA Certificate
> Where do I need to put a CA certificate so that Openldap can find it
> properly? I have openldap version 2.3.27 that was compiled using
> openssl support on a Solaris 10 machine. Trying to do secure LDAP
> transactions with ldapsearch results in
>
> SSL initialization failed: error -8192 (An I/O error occurred during
> security authorization.)
I'd try "-d -1" to see what the client is thinking, or possibly truss to
see if you and it are disagreeing as to the location of ldap.conf, and
(if
ldap.conf is getting opened properly) to see if the open() on the CACERT
is working.
With that said, I don't think I've ever seen a message like that from
OpenLDAP ldapsearch(1). Are you sure you aren't running Solaris 10's
/usr/bin/ldapsearch instead?
16 years, 11 months
RE: Install CA Certificate
by Aaron Smith
Ah, but I'm trying to get this client to connect to Active Directory on
a Microsoft Domain controller, not OpenLdap slapd. :) But Aaron
Richter found my problem.
--------------------------------------------------------------------
Aaron Smith Aaron.Smith(a)kzoo.edu
System Administrator (269) 337-7496
Kalamazoo College
-----Original Message-----
From: Francisco Saito [mailto:fksaito@gmail.com]
Sent: Friday, October 13, 2006 2:04 AM
To: Aaron Richton
Cc: Aaron Smith; openldap-software(a)openldap.org
Subject: Re: Install CA Certificate
Hello,
Can you show your slapd.conf? Your client side configuration looks ok.
But have you said to slapd where are the certs?
http://www.openldap.org/doc/admin23/tls.html
Thanks,
Francisco Saito
On 10/12/06, Aaron Richton <richton(a)nbcs.rutgers.edu> wrote:
> > Where do I need to put a CA certificate so that Openldap can find it
> > properly? I have openldap version 2.3.27 that was compiled using
> > openssl support on a Solaris 10 machine. Trying to do secure LDAP
> > transactions with ldapsearch results in
> >
> > SSL initialization failed: error -8192 (An I/O error occurred during
> > security authorization.)
>
> I'd try "-d -1" to see what the client is thinking, or possibly truss
to
> see if you and it are disagreeing as to the location of ldap.conf, and
(if
> ldap.conf is getting opened properly) to see if the open() on the
CACERT
> is working.
>
> With that said, I don't think I've ever seen a message like that from
> OpenLDAP ldapsearch(1). Are you sure you aren't running Solaris 10's
> /usr/bin/ldapsearch instead?
>
16 years, 11 months
ldap_modify No such object(32) matched DN
by Syed Khader
Hi,
I a newbie and i'm trying to implement openldap.
i'm trying to add a new ou=people under dc=test,dc=com using the following
ldapmodify -x -D "cn=Manager,dc=test,dc=com" -W -f
/root/Desktop/example.ldif
it says
modifying entry "dc=test,dc=com"
modifying entry "cn=Manager,dc=test,dc=com"
modifying entry "ou=people, dc=test,dc=com"
ldap_modify: No such object (32)
matched DN: dc=test,dc=com
My example.ldif file is as follows
dn: dc=test,dc=com
objectclass: dcObject
objectclass: organization
o: google
dc: test
dn: cn=Manager,dc=test,dc=com
objectclass: organizationalRole
cn: Manager
dn: ou=people, dc=test, dc=com
objectClass: organizationalUnit
ou=people
My Slapd.conf file is like this( just pasting what is required)
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
database bdb
suffix "dc=test,dc=com"
rootdn "cn=manager,dc=test,dc=com"
Am i missing any schema or anything wrong in my ldif file.
Plz Help :)
Thanks in advance.
Abdul.
16 years, 11 months
