so, i changed all the permissions in the /var/lib/ldap/*
chmod 0755 /var/lib/ldap/
I retried with slapindex with the same result:
from root: sudo /usr/sbin/slapindex
WARNING! Runnig as root! There's a fair chance slapd will fail to start. Check file permissions!
from normal user: usr/sbin/slapindex /etc/ldap/slapd.conf: line 20: invalid path: Permission denied slapindex: bad configuration file!
I repeated strace and i didn't find errors
I repeated slapindex from root and from normal user but the result was the same as above.
I repeated smbldap-populate anc magically it runs!
Do you understand something of this chaos? I'd like to understand the why of this behavior.
Thanks
On 04/30/2012 08:51 AM, Stefano Malini wrote:
Hi,
please take a look of my permissions:
ls -l /var drwxr-xr-x 13 openldap openldap 4096 Mar 20 09:47 var
ls -l /var/lib drwxr-xr-x 31 openldap openldap 4096 Apr 28 16:38 lib
ls -l /var/lib/ldap drwxr-xr-x 2 openldap openldap 4096 Apr 30 08:31 ldap
ls -l /var/lib/ldap/ root@amahoro:/# ls -l /var/lib/ldap/ total 11580 -rw-r----- 1 openldap openldap 4096 Apr 30 08:31 alock -rw------- 1 openldap openldap 8192 Apr 29 11:47 cn.bdb -rw------- 1 openldap openldap 24576 Apr 30 08:31 __db.001 -rw------- 1 openldap openldap 352256 Apr 30 08:38 __db.002 -rw------- 1 openldap openldap 2629632 Apr 30 08:38 __db.003 -rw------- 1 openldap openldap 163840 Apr 30 08:38 __db.004 -rw------- 1 openldap openldap 876544 Apr 30 08:38 __db.005 -rw------- 1 openldap openldap 32768 Apr 30 08:38 __db.006 -rw-r--r-- 1 openldap openldap 96 Apr 23 17:34 DB_CONFIG -rw------- 1 openldap openldap 8192 Apr 28 14:23 dn2id.bdb -rw------- 1 openldap openldap 8192 Apr 29 11:47 gidNumber.bdb -rw------- 1 openldap openldap 32768 Apr 28 14:23 id2entry.bdb -rw------- 1 openldap openldap 10485760 Apr 30 08:30 log.0000000001 -rw------- 1 openldap openldap 8192 Apr 29 11:47 mail.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:00 memberUid.bdb -rw------- 1 openldap openldap 8192 Apr 28 11:52 objectClass.bdb -rw------- 1 openldap openldap 8192 Apr 29 11:47 sambaSID.bdb -rw------- 1 openldap openldap 8192 Apr 29 11:47 sn.bdb -rw------- 1 openldap openldap 8192 Apr 29 11:47 uid.bdb -rw------- 1 openldap openldap 8192 Apr 29 11:47 uidNumber.bdb
Are ok?
On 4/30/12, Quanah Gibson-Mountquanah@zimbra.com wrote:
On Apr 29, 2012, at 3:27 AM, stefano malinilozingalo@gmail.com wrote:
Hi, other check:
using sudo strace /usr/sbin/slapindex i found the line: open("/var/lib/ldap/DUMMY", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = -1 EACCES (Permission denied) but in that directory there is not not "DUMMY"
What can i do? am blocked on this point
Thanks
Clearly the higher level directory permissions are wrong. Fix them.
--Quanah
On 04/29/2012 11:02 AM, Jonathan Clarke wrote:
On 29 avr. 2012, at 10:27, stefano malinilozingalo@gmail.com wrote:
I used slapindex also, the output is:
stefano@amahoro:~$ /usr/sbin/slapindex /etc/ldap/slapd.conf: line 20: invalid path: Permission denied slapindex: bad configuration file!
Try running slapindex as the user "openldap". Also, make sure that you run slapd as that user too.
Jonathan
This is my slapd.conf
#Basics include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256
modulepath /usr/lib/ldap moduleload back_hdb
#Database configuration database hdb suffix "dc=amahoro,dc=bi" rootdn "cn=Manager,dc=amahoro,dc=bi" rootpw {SSHA}XBLZ+TknuZHW3dirN2SE2fj3mYka3tkG directory /var/lib/ldap<----------------------------- LINE 20 index uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial index sambaSID eq index sambaPrimaryGroupSID eq
#ACLs access to attrs=userPassword by anonymous auth by self write by * none
access to * by dn.base="uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" read by self write by * none
These are the permissions of /var/lib/ldap/are
drwxr-x--- 2 openldap openldap 4096 Apr 29 09:57 ldap
-rw-r--r-- 1 openldap openldap 4096 Apr 29 09:57 alock -rw------- 1 openldap openldap 8192 Apr 28 12:18 cn.bdb -rw------- 1 openldap openldap 24576 Apr 29 09:57 __db.001 -rw------- 1 openldap openldap 352256 Apr 29 09:57 __db.002 -rw------- 1 openldap openldap 2629632 Apr 29 09:57 __db.003 -rw------- 1 openldap openldap 163840 Apr 29 09:57 __db.004 -rw------- 1 openldap openldap 876544 Apr 29 09:57 __db.005 -rw------- 1 openldap openldap 32768 Apr 29 09:57 __db.006 -rw-r--r-- 1 openldap openldap 96 Apr 23 17:34 DB_CONFIG -rw------- 1 openldap openldap 8192 Apr 28 14:23 dn2id.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 gidNumber.bdb -rw------- 1 openldap openldap 32768 Apr 28 14:23 id2entry.bdb -rw------- 1 openldap openldap 10485760 Apr 29 09:57 log.0000000001 -rw------- 1 openldap openldap 8192 Apr 28 12:18 mail.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:00 memberUid.bdb -rw------- 1 openldap openldap 8192 Apr 28 11:52 objectClass.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 sambaSID.bdb -rw------- 1 openldap openldap 8192 Apr 28 12:18 sn.bdb -rw------- 1 openldap openldap 8192 Apr 28 12:18 uid.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 uidNumber.bdb
Whato do you think?
Thanks
On 04/28/2012 08:33 PM, stefano malini wrote:
anyone?
On 04/28/2012 11:30 AM, stefano malini wrote: > Hi, > i cannot end the populating process using smbldap-populate due to > this > errors: > > root@amahoro:~# smbldap-populate > Populating LDAP directory for domain AMAHORO > (S-1-5-21-251852451-2940789264-3475694606) > (using builtin directory structure) > > entry dc=amahoro,dc=bi already exist. > entry ou=Users,dc=amahoro,dc=bi already exist. > entry ou=Groups,dc=amahoro,dc=bi already exist. > entry ou=Computers,dc=amahoro,dc=bi already exist. > entry ou=Idmap,dc=amahoro,dc=bi already exist. > adding new entry: uid=root,ou=Users,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 58. > adding new entry: uid=nobody,ou=Users,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 89. > adding new entry: cn=Domain Admins,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 101. > adding new entry: cn=Domain Users,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 112. > adding new entry: cn=Domain Guests,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 123. > adding new entry: cn=Domain Computers,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 134. > adding new entry: cn=Administrators,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 179. > adding new entry: cn=Account Operators,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 201. > adding new entry: cn=Print Operators,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 212. > adding new entry: cn=Backup Operators,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 223. > adding new entry: cn=Replicators,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 234. > entry sambaDomainName=AMAHORO,dc=amahoro,dc=bi already exist. > Updating > it... > > Please provide a password for the domain root: > /usr/sbin/smbldap-passwd: user root doesn't exist > > i don't find the error "index generation failed" on internet. Do you > know the problem? > > Thanks