Harry Jede wrote:
Am Sonntag, 20. Juni 2010 schrieb sam:
Hi,
With the following setup:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/ obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i sasl cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation
I can't create password for ldap: hometest:openldap # slappasswd -h {MD5} -s password Password generation failed for scheme MD5: scheme not recognized
and:
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
slapd.conf file is shown below:
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema
#X.500 RFC1274 COSINE Pilot Schema include /usr/local/etc/openldap/schema/cosine.schema #For Addressbooks include /usr/local/etc/openldap/schema/inetorgperson.schema #For Authentication include /usr/local/etc/openldap/schema/nis.schema
TLSCACertificateFile /usr/local/etc/ssl/cacert.pem TLSCertificateFile /usr/local/etc/openldap/ssl/portal.ip6.com.au.pem TLSCertificateKeyFile /usr/local/etc/openldap/ssl/private/cakey.pem TLSCipherSuite HIGH
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org http://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb ##################################################################### ## # BDB database definitions ##################################################################### ##
database bdb suffix "dc=ip6,dc=com,dc=au" rootdn "cn=Manager,dc=ip6,dc=com,dc=au" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/db/openldap-data # Indices to maintain index objectClass eq
Can anyone tell me how to start openldap and how to assign password to it?
I do not know why your slapd is not starting. Have you added some data to your database? Who is the owner of /var/db/openldap-data?
Hi, thanks for the reply regarding to the problem of ldap is not starting. I haven't added any data to the ldap database yet, because I had problem of creating ldap password before. Should I add data to the ldap database before I can start ldap?
Thanks agian for your help Sam
Most people do not want the md5-scheme, they need the md5 algo from crypt. Try this:
slappasswd -c '$1$%.8s' -s secret {CRYPT}$1$HlW67YUS$DNY2T6859V9xh8frUpbXJ/
Read the man pages of slappasswd and slapd.conf.
But pay attention, that slappasswd is NOT reading the config file slpad.conf. This is at least true for my quite old version of slapd in Debian Lenny (slapd 2.4.11) :-( .
strace -e trace=file /usr/sbin/slappasswd -s secret 2>&1 | grep slapd.conf
returns nothing
Your help is very much appreciated.
Thanks Sam