Dear members,
I was trying to use slapd with configurations within itself, i mean: not using /etc/openldap/slapd.conf.
Since i could not get authentication working i decided to switch configuration to /etc/opendalp/slapd.conf, and
everything worked. My doube is what kinf of error i am doing ? Could some tell me?
Here is my ldap.ldif:
################################# # # # Global configuration settings # # # #################################
dn: cn=config objectClass: olcGlobal cn: config olcIdleTimeout: 64 olcLogLevel: -1 olcReferral: ldap://root.openldap.org
############################ # # # Included file directives # # # ############################
dn: cn=include{0},cn=config objectClass: olcIncludeFile cn: include{0} olcInclude: /etc/openldap/schema/core.schema
dn: cn=include{1},cn=config objectClass: olcIncludeFile cn: include{1} olcInclude: /etc/openldap/schema/cosine.schema
dn: cn=include{2},cn=config objectClass: olcIncludeFile cn: include{2} olcInclude: /etc/openldap/schema/corba.schema
dn: cn=include{3},cn=config objectClass: olcIncludeFile cn: include{3} olcInclude: /etc/openldap/schema/dyngroup.schema
dn: cn=include{4},cn=config objectClass: olcIncludeFile cn: include{4} olcInclude: /etc/openldap/schema/inetorgperson.schema
dn: cn=include{5},cn=config objectClass: olcIncludeFile cn: include{5} olcInclude: /etc/openldap/schema/java.schema
dn: cn=include{6},cn=config objectClass: olcIncludeFile cn: include{6} olcInclude: /etc/openldap/schema/misc.schema
dn: cn=include{7},cn=config objectClass: olcIncludeFile cn: include{7} olcInclude: /etc/openldap/schema/nis.schema
dn: cn=include{8},cn=config objectClass: olcIncludeFile cn: include{8} olcInclude: /etc/openldap/schema/openldap.schema
dn: cn=include{9},cn=config objectClass: olcIncludeFile cn: include{9} olcInclude: /etc/openldap/schema/ppolicy.schema
############################################################### # # # If openldap was compiled with support for modules, then ... # # # ###############################################################
dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/local/libexec/openldap olcModuleLoad: back_ldbm.la
#dn: cn=module{1},cn=config #objectClass: olcModuleList #cn: module{1} #olcModulePath: /usr/local/libexec/openldap #olcModuleLoad: back_ldap.la
################ # # # Schema entry # # # ################
dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: cn=schema
#################### # # # Backend # # # ####################
dn: olcBackend=ldbm,cn=config objectClass: olcBackendConfig olcBackend: ldbm
############# # # # Databases # # # #############
dn: olcDatabase=ldbm,cn=config objectClass: olcDatabaseConfig objectClass: olcLdbmConfig olcDatabase: ldbm olcSuffix: "dc=cpd,dc=ufv,dc=br" olcDbDirectory: /asd/var/ldap olcDbIndex: objectClass eq olcAccess: to * by users read olcRootDN: "cn=Manager,dc=cpd,dc=ufv,dc=br" olcRootPW: {SSHA}q1mH0pWNnHF0+K4hV5yOV4I7p/VfIIYs
END OF ldap.ldif
Now, my slapd.conf
sioux@etosha$ cat /etc/openldap/slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: modulepath /usr/local/libexec/openldap # moduleload back_bdb.la moduleload back_ldap.la moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la
# Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING!
####################################################################### # BDB database definitions #######################################################################
database ldbm suffix "dc=cpd,dc=ufv,dc=br" rootdn "cn=Manager,dc=cpd,dc=ufv,dc=br" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}q1mH0pWNnHF0+K4hV5yOV4I7p/VfIIYs # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/openldap-data # Indices to maintain index objectClass eq
OpenLDAP works if i am using the slapd.conf, but if i choose -F /x/y/z it does not work.
Thanks a lot for your time and cooperation, best regards
John Nietzsche wrote:
I was trying to use slapd with configurations within itself, i mean: not using /etc/openldap/slapd.conf.
Since i could not get authentication working i decided to switch configuration to /etc/opendalp/slapd.conf, and
^^^ Is this a typo?
everything worked.
How about just converting your slapd.conf with slaptest?
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.conf.d
Ciao, Michael.
Hi John,
On Thu, Sep 04, 2008 at 05:51:43PM -0300, John Nietzsche wrote:
I was trying to use slapd with configurations within itself, i mean: not using /etc/openldap/slapd.conf.
Since i could not get authentication working i decided to switch configuration to /etc/opendalp/slapd.conf, and
everything worked. My doube is what kinf of error i am doing ? Could some tell me?
I haven't looked at your ldif files, but you can convert a slapd.conf file into a slapd.d/ directory with the following command:
slaptest -f slapd.conf -F slapd.d/
What version of OpenLDAP?
You're also using ldbm which has been dropped completely from 2.4 and is not recommended in 2.2
On 9/4/08, John Nietzsche john.nietzsche@gmail.com wrote:
Dear members,
I was trying to use slapd with configurations within itself, i mean: not using /etc/openldap/slapd.conf.
Since i could not get authentication working i decided to switch configuration to /etc/opendalp/slapd.conf, and
everything worked. My doube is what kinf of error i am doing ? Could some tell me?
Here is my ldap.ldif:
################################# # # # Global configuration settings # # # #################################
dn: cn=config objectClass: olcGlobal cn: config olcIdleTimeout: 64 olcLogLevel: -1 olcReferral: ldap://root.openldap.org
############################ # # # Included file directives # # # ############################
dn: cn=include{0},cn=config objectClass: olcIncludeFile cn: include{0} olcInclude: /etc/openldap/schema/core.schema
dn: cn=include{1},cn=config objectClass: olcIncludeFile cn: include{1} olcInclude: /etc/openldap/schema/cosine.schema
dn: cn=include{2},cn=config objectClass: olcIncludeFile cn: include{2} olcInclude: /etc/openldap/schema/corba.schema
dn: cn=include{3},cn=config objectClass: olcIncludeFile cn: include{3} olcInclude: /etc/openldap/schema/dyngroup.schema
dn: cn=include{4},cn=config objectClass: olcIncludeFile cn: include{4} olcInclude: /etc/openldap/schema/inetorgperson.schema
dn: cn=include{5},cn=config objectClass: olcIncludeFile cn: include{5} olcInclude: /etc/openldap/schema/java.schema
dn: cn=include{6},cn=config objectClass: olcIncludeFile cn: include{6} olcInclude: /etc/openldap/schema/misc.schema
dn: cn=include{7},cn=config objectClass: olcIncludeFile cn: include{7} olcInclude: /etc/openldap/schema/nis.schema
dn: cn=include{8},cn=config objectClass: olcIncludeFile cn: include{8} olcInclude: /etc/openldap/schema/openldap.schema
dn: cn=include{9},cn=config objectClass: olcIncludeFile cn: include{9} olcInclude: /etc/openldap/schema/ppolicy.schema
############################################################### # # # If openldap was compiled with support for modules, then ... # # # ###############################################################
dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/local/libexec/openldap olcModuleLoad: back_ldbm.la
#dn: cn=module{1},cn=config #objectClass: olcModuleList #cn: module{1} #olcModulePath: /usr/local/libexec/openldap #olcModuleLoad: back_ldap.la
################ # # # Schema entry # # # ################
dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: cn=schema
#################### # # # Backend # # # ####################
dn: olcBackend=ldbm,cn=config objectClass: olcBackendConfig olcBackend: ldbm
############# # # # Databases # # # #############
dn: olcDatabase=ldbm,cn=config objectClass: olcDatabaseConfig objectClass: olcLdbmConfig olcDatabase: ldbm olcSuffix: "dc=cpd,dc=ufv,dc=br" olcDbDirectory: /asd/var/ldap olcDbIndex: objectClass eq olcAccess: to * by users read olcRootDN: "cn=Manager,dc=cpd,dc=ufv,dc=br" olcRootPW: {SSHA}q1mH0pWNnHF0+K4hV5yOV4I7p/VfIIYs
END OF ldap.ldif
Now, my slapd.conf
sioux@etosha$ cat /etc/openldap/slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: modulepath /usr/local/libexec/openldap # moduleload back_bdb.la moduleload back_ldap.la moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la
# Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING!
####################################################################### # BDB database definitions #######################################################################
database ldbm suffix "dc=cpd,dc=ufv,dc=br" rootdn "cn=Manager,dc=cpd,dc=ufv,dc=br" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}q1mH0pWNnHF0+K4hV5yOV4I7p/VfIIYs # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/openldap-data # Indices to maintain index objectClass eq
OpenLDAP works if i am using the slapd.conf, but if i choose -F /x/y/z it does not work.
Thanks a lot for your time and cooperation, best regards
--On Friday, September 05, 2008 9:19 AM +0100 Gavin Henry gavin.henry@gmail.com wrote:
What version of OpenLDAP?
You're also using ldbm which has been dropped completely from 2.4 and is not recommended in 2.2
I wouldn't recommend it from OpenLDAP 2.1 forward. ;)
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-software@openldap.org
-
Gavin Henry -
John Nietzsche -
Mathias Gug -
Michael Ströder -
Quanah Gibson-Mount