--On Friday, August 30, 2013 5:21 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
I renamed /usr/local/openldap/etc/openldap/slapd.conf to /usr/local/openldap/etc/openldap/slapd.conf.example, since I am using cn=config.
I ran the following slapadd command: # slapadd -F /usr/local/etc/openldap/slapd.d -n 0 -l /tmp/ldif slapadd: line 1: database #0 (cn=config) not configured to hold "dc=myplace,dc=local"; no database configured for that naming context _ 0.88% eta none elapsed none spd 1.4 M/s Closing DB... #
It appears somewhere in my cn=config directory structure there is an entry "dc=myplace,dc=local" that should reflect my company. I searched for this entry in my /usr/local/etc/openldap/slapd.d directory structure, however is not in any of those files. How can I change this?
Hi Clint,
The complaint here is that the ldif file you are loading is for "dc=mycompany,dc=local", and your slapd configuration is not configured to load such a database. I suggest you examine the LDIF file you are attempting to load to see if it matches what you expect it to contain.
--Quanah
Hi Quanah,
My LDIF file looks like this: # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/RADIUS-LDAPv3.schema include /etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args
# Load dynamic backend modules: # modulepath /usr/local/openldap/libexec/openldap # moduleload back_bdb.la # moduleload back_hdb.la # moduleload back_ldap.la moduleload syncprov.la
# Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING!
####################################################################### # BDB database definitions #######################################################################
database bdb suffix dc=luthresearch,dc=net rootdn dc=luthresearch,dc=net
# Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/openldap/var/openldap-data #directory /var/lib/ldap # Indices to maintain #index objectClass eq index objectclass,entryCSN,entryUUID eq
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
serverID 2 syncrepl rid=002 provider=ldap://10.15.2.199 bindmethod=simple binddn="cn=Manager,dc=luthresearch,dc=net" credentials=secret searchbase="dc=luthresearch,dc=net" schemachecking=on type=refreshAndPersist retry="60 +" mirrormode on
======================================================
# /usr/local/openldap/sbin/slaptest -uf /usr/local/openldap/etc/openldap/slapd.conf.InUse -F /usr/local/etc/openldap/slapd.d config file testing succeeded #
However, still not able to add the database:
# slapadd -F /usr/local/etc/openldap/slapd.d -n 0 -l /tmp/ldif slapadd: line 1: database #0 (cn=config) not configured to hold "dc=myplace,dc=local"; no database configured for that naming context _ 0.88% eta none elapsed none spd 2.5 M/s Closing DB...
Still references "dc=myplace,dc=local"? ----------------------------------------
When I start slapd in debug mode, I get this: 5220e9a9 slapd startup: initiated. 5220e9a9 backend_startup_one: starting "cn=config" 5220e9a9 config_back_db_open Backend ACL: access to * by * none
5220e9a9 config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 5220e9a9 backend_startup_one: starting "dc=luthresearch,dc=net" 5220e9a9 bdb_db_open: "dc=luthresearch,dc=net" 5220e9a9 bdb_db_open: database "dc=luthresearch,dc=net": database already in use. 5220e9a9 backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-1) 5220e9a9 slapd shutdown: initiated 5220e9a9 ====> bdb_cache_release_all 5220e9a9 slapd destroy: freeing system resources. 5220e9a9 syncinfo_free: rid=002 5220e9a9 slapd stopped. #
Clint