On Sun, 2 Nov 2014 13:40:56 +0100 Dieter Klünter dieter@dkluenter.de wrote:
Am Sun, 2 Nov 2014 05:46:07 -0500 schrieb Jerry jerry@seibercom.net:
On Sat, 1 Nov 2014 22:08:38 +0100 Dieter Klünter dieter@dkluenter.de wrote:
Am Sat, 1 Nov 2014 14:29:10 -0400 schrieb Jerry jerry@seibercom.net:
I am running OpenLDAP on a FreeBSD-10 amd 64 machine. It is installed via the FreeBSD ports system and I compile it on my machine.
I recently wanted to switch from BDB since versions greater than 6 are not acceptable to OpenLDAP. I wanted to use "mdb", but I just cannot seem to get it configured correctly.
I changed the "database bdb" to "database mdb" but when I try to start openLDAP, I get this error:
Starting slapd Unrecognized database type (mdb) Warning: failed to start slapd
I removed the existing database, so it should be starting up with a clean environment, but the problem continues.
This is probably a problem specific to FreeBSD. If any user of FreeBSD has this working, I would love to see how they configured it. Feel free to contact me off list if it is more convenient.
Probably OpenLDAP has not been built with static back-mdb but with back-mdb module. You may check with ./slapd -VVV, this will show all built-in modules.
This is the output:
@(#) $OpenLDAP: slapd 2.4.40 (Oct 28 2014 06:27:00) $ gerard@scorpio.seibercom.net:/usr/ports/net/openldap24-server/work/openldap-2.4.40/servers/slapd
Included static overlays: syncprov Included static backends: config ldif relay
Remembering that this is a FreeBSD-10 system, what should I do? This is the configuration of the port:
/usr/ports/net/openldap24-server $ make showconfig ===> The following configuration options are available for openldap-server-2.4.40: ACCESSLOG=off: With In-Directory Access Logging overlay ACI=off: Per-object ACI (experimental) AUDITLOG=off: With Audit Logging overlay BDB=on: With BerkeleyDB backend (DEPRECATED) COLLECT=off: With Collect overy Services overlay CONSTRAINT=off: With Attribute Constraint overlay DDS=off: With Dynamic Directory Services overlay DEREF=off: With Dereference overlay DNSSRV=off: With Dnssrv backend DYNACL=off: Run-time loadable ACL (experimental) DYNAMIC_BACKENDS=on: Build dynamic backends DYNGROUP=off: With Dynamic Group overlay DYNLIST=off: With Dynamic List overlay FETCH=off: Enable fetch(3) support GSSAPI=off: With GSSAPI support (implies SASL support) MDB=on: With Memory-Mapped DB backend
^^^^^^^^^This is the important part, back-mdb has been built as module. Include back-mdb into the module load part of your slapd configuraton.
Okay, this is what my slapd.conf file looks like now. It is the one installed by FreeBSD when openldap is installed via its port's system. I removed personal information.
# See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb # moduleload back_hdb # moduleload back_ldap
# Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING!
####################################################################### # BDB database definitions #######################################################################
database bdb #database mdb suffix "REMOVED" rootdn "REMOVED" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw "REMOVED" # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/db/openldap-data #maxsize 1073741824 # Indices to maintain index objectClass eq index cn,sn,mail,o eq,sub index givenName,displayName eq,sub index ou eq,sub
What change should I make? I apologize, but I am new at this and could really use some help.