-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Thursday, August 29, 2013 3:10 PM To: Clint Petty Subject: RE: ldapadd "ldap_bind: Invalid credentials (49)"
--On Thursday, August 29, 2013 10:06 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
# /etc/init.d/slapd debug -1 -u ldap -F /usr/local/etc/openldap/slapd.d # -H ldapi:/// slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] Halting OpenLDAP... slapd: [INFO] Can't read PID file, to stop OpenLDAP try: /etc/init.d/slapd forcestop slapd: [INFO] No db_recover done slapd: [INFO] Launching OpenLDAP... slapd: [OK] File descriptor limit set to 1024 521fc4a1 @(#) $OpenLDAP: slapd 2.4.36 (Aug 21 2013 09:39:54) $ clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2.4.36/ servers/slapd 521fc4a1 /usr/local/openldap/etc/openldap/slapd.conf: line 5: unknown directive dn: >outside backend info and database definitions. 521fc4a1 slapd stopped. 521fc4a1 connections_destroy: nothing to destroy.
Hi Clint,
The point is to use a ">" with the text *I* wrote, not the text you write. That's standard quoting of replies (as you will see my email client does automatically).
In the above, you used /etc/init.d/slapd, rather than the slapd *binary*. The above indicates you are using an invalid slapd.conf file localted in /usr/local/openldap/etc/openldap. I thought you used cn=config?
You may need to examine /etc/default/slapd to see how to fix it to use cn=config? etc. At this point, you may want to ask the LTB project for guidance on configuring their servers correctly.
--Quanah
_________________________________________________________________
# /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// ldap_url_parse_ext(ldap://localhost/) ldap_init: trying /usr/local/openldap/etc/openldap/ldap.conf ldap_init: using /usr/local/openldap/etc/openldap/ldap.conf ldap_init: HOME env is /root ldap_init: trying /root/ldaprc ldap_init: trying /root/.ldaprc ldap_init: trying ldaprc ldap_init: LDAPCONF env is NULL ldap_init: LDAPRC env is NULL 521fc7d9 @(#) $OpenLDAP: slapd 2.4.36 (Aug 21 2013 09:39:54) $ clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2.4.36/servers/slapd ldap_pvt_gethostbyname_a: host=ip-10-15-2-169, r=0 521fc7d9 daemon_init: ldapi:/// 521fc7d9 daemon_init: listen on ldapi:/// 521fc7d9 daemon_init: 1 listeners to open... ldap_url_parse_ext(ldapi:///) 521fc7d9 daemon: listener initialized ldapi:/// 521fc7d9 daemon_init: 1 listeners opened ldap_create 521fc7d9 slapd init: initiated server. 521fc7d9 slap_sasl_init: initialized! 521fc7d9 bdb_back_initialize: initialize BDB backend 521fc7d9 bdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007) 521fc7d9 hdb_back_initialize: initialize HDB backend 521fc7d9 hdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007) 521fc7d9 mdb_back_initialize: initialize MDB backend 521fc7d9 mdb_back_initialize: MDB 0.9.7: (January 10, 2013) 521fc7d9 ==> translucent_initialize 521fc7d9 backend_startup_one: starting "cn=config" 521fc7d9 ldif_read_file: Permission denied for "/usr/local/etc/openldap/slapd.d/cn=config.ldif" 521fc7d9 send_ldap_result: conn=-1 op=0 p=0 521fc7d9 send_ldap_result: err=80 matched="" text="internal error (cannot read some entry file)" 521fc7d9 slapd destroy: freeing system resources. 521fc7d9 slapd stopped. 521fc7d9 connections_destroy: nothing to destroy. #
My /etc/default/slapd file looks like this:
#==================================================================== # Configuration example of OpenLDAP's init script #====================================================================
# IP and port to listen IP="*" SSLIP="*" PORT="389" SSLPORT="636"
# OpenLDAP directory and files SLAPD_PATH="/usr/local/openldap" SLAPD_PID_FILE="$SLAPD_PATH/var/run/slapd.pid" SLAPD_CONF="$SLAPD_PATH/etc/openldap/slapd.conf" SLAPD_CONF_DIR="" SLAPD_SERVICES="ldap://$IP:$PORT ldaps://$SSLIP:$SSLPORT" SLAPD_PARAMS="" SLAPD_BIN="$SLAPD_PATH/libexec/slapd" SLAPD_USER="ldap" SLAPD_GROUP="ldap" SLAPD_SYSLOG_LOCAL_USER="local4"
DATA_PATH="auto"
SLAPADD_BIN="$SLAPD_PATH/sbin/slapadd" SLAPADD_PARAMS="-q" SLAPCAT_BIN="$SLAPD_PATH/sbin/slapcat" SLAPINDEX_BIN="$SLAPD_PATH/sbin/slapindex" SLAPTEST_BIN="$SLAPD_PATH/sbin/slaptest"
SLURPD_PID_FILE="$SLAPD_PATH/var/run/slurpd.pid" SLURPD_PARAMS="" SLURPD_BIN="$SLAPD_PATH/libexec/slurpd"
# BerkeleyDB directory and files BDB_PATH="/usr/local/berkeleydb" DB_ARCHIVE_BIN="$BDB_PATH/bin/db_archive" DB_RECOVER_BIN="$BDB_PATH/bin/db_recover" RECOVER_AT_STARTUP="0"
# Backup BACKUP_AT_SHUTDOWN="0" BACKUP_PATH="/var/backups/openldap" BACKUP_SUFFIX="`date +%Y%m%d%H%M%S`.ldif" BACKUP_COMPRESS_EXT="" # gz, bz2, ... BACKUP_COMPRESS_BIN="" # /bin/gzip, /bin/bzip2, ... BACKUP_UNCOMPRESS_BIN="" # /bin/gunzip, /bin/bunzip2, ...
# Other TIMEOUT="30" # Max time to stop process FD_LIMIT="1024" # Max file descriptor DEBUG_LEVEL="256" # Debug loglevel SPECIAL_QUOTE="1" # Quote some command line parameters (eg: LDAP filters)
Clint