Harry Jede wrote:
Am Sonntag, 20. Juni 2010 schrieb sam:
Hi,
With the following setup:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/ obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i sasl cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation
I can't create password for ldap: hometest:openldap # slappasswd -h {MD5} -s password Password generation failed for scheme MD5: scheme not recognized
and:
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
slapd.conf file is shown below:
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema
#X.500 RFC1274 COSINE Pilot Schema include /usr/local/etc/openldap/schema/cosine.schema #For Addressbooks include /usr/local/etc/openldap/schema/inetorgperson.schema #For Authentication include /usr/local/etc/openldap/schema/nis.schema
TLSCACertificateFile /usr/local/etc/ssl/cacert.pem TLSCertificateFile /usr/local/etc/openldap/ssl/portal.ip6.com.au.pem TLSCertificateKeyFile /usr/local/etc/openldap/ssl/private/cakey.pem TLSCipherSuite HIGH
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org http://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb ##################################################################### ## # BDB database definitions ##################################################################### ##
database bdb suffix "dc=ip6,dc=com,dc=au" rootdn "cn=Manager,dc=ip6,dc=com,dc=au" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/db/openldap-data # Indices to maintain index objectClass eq
Can anyone tell me how to start openldap and how to assign password to it?
I do not know why your slapd is not starting. Have you added some data to your database? Who is the owner of /var/db/openldap-data?
Hi, thanks for the reply regarding to the problem of ldap is not starting. I haven't added any data to the ldap database yet, because I had problem of creating ldap password before. Should I add data to the ldap database before I can start ldap?
Thanks agian for your help Sam
Most people do not want the md5-scheme, they need the md5 algo from crypt. Try this:
slappasswd -c '$1$%.8s' -s secret {CRYPT}$1$HlW67YUS$DNY2T6859V9xh8frUpbXJ/
Read the man pages of slappasswd and slapd.conf.
But pay attention, that slappasswd is NOT reading the config file slpad.conf. This is at least true for my quite old version of slapd in Debian Lenny (slapd 2.4.11) :-( .
strace -e trace=file /usr/sbin/slappasswd -s secret 2>&1 | grep slapd.conf
returns nothing
Your help is very much appreciated.
Thanks Sam
Hi,
With the following configuration:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i cyrus cyrus-imapd-2.3.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
I got the following error when I tried to add from initial.ldif file into the ldap database:
hometest:openldap # ldapadd -x -D "cn=Manager,dc=ip6,dc=com,dc=au" -W -f initial.ldif Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Here is the content of initial.ldif file:
hometest:openldap # cat initial.ldif dn: dc=ip6,dc=com,dc=au objectClass: top objectClass: dcObject objectClass: organization o: IP6 Networks dc: ip6
# super user node dn: cn=root,dc=ip6,dc=com,dc=au objectclass: organizationalRole objectclass: simpleSecurityObject cn: root description: LDAP administrator userPassword: {MD5}cW2LX0AjZxSBzv/mflD3xQ==
Can anyone tell me how resolve this issue?
Your help is very much appreciated.
Thanks Sam
I tried to start slapd , the error shown it is caused by the TLS error:
Jun 21 18:53:42 hometest slapd[1709]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd Jun 21 18:53:42 hometest slapd[1709]: main: TLS init def ctx failed: -1 Jun 21 18:53:42 hometest slapd[1709]: slapd stopped. Jun 21 18:53:42 hometest slapd[1709]: connections_destroy: nothing to destroy.
Thanks Sam
sam wrote:
Hi,
With the following configuration:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i cyrus cyrus-imapd-2.3.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
I got the following error when I tried to add from initial.ldif file into the ldap database:
hometest:openldap # ldapadd -x -D "cn=Manager,dc=ip6,dc=com,dc=au" -W -f initial.ldif Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Here is the content of initial.ldif file:
hometest:openldap # cat initial.ldif dn: dc=ip6,dc=com,dc=au objectClass: top objectClass: dcObject objectClass: organization o: IP6 Networks dc: ip6
# super user node dn: cn=root,dc=ip6,dc=com,dc=au objectclass: organizationalRole objectclass: simpleSecurityObject cn: root description: LDAP administrator userPassword: {MD5}cW2LX0AjZxSBzv/mflD3xQ==
Can anyone tell me how resolve this issue?
Your help is very much appreciated.
Thanks Sam
--On Monday, June 21, 2010 06:44:10 PM +1000 sam sam@ip6.com.au wrote:
Hi,
With the following configuration:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i cyrus cyrus-imapd-2.3.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
I got the following error when I tried to add from initial.ldif file into the ldap database:
hometest:openldap # ldapadd -x -D "cn=Manager,dc=ip6,dc=com,dc=au" -W -f initial.ldif Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Here is the content of initial.ldif file:
hometest:openldap # cat initial.ldif dn: dc=ip6,dc=com,dc=au objectClass: top objectClass: dcObject objectClass: organization o: IP6 Networks dc: ip6
# super user node dn: cn=root,dc=ip6,dc=com,dc=au objectclass: organizationalRole objectclass: simpleSecurityObject cn: root description: LDAP administrator userPassword: {MD5}cW2LX0AjZxSBzv/mflD3xQ==
Can anyone tell me how resolve this issue?
Your help is very much appreciated.
Thanks Sam
Sounds like the slapd server is not running at all. And if you are going to add entries with ldapadd the daemon needs to be running. But, since this is an initial load just added the entries with slapadd and then start the server.
Bill
Bill MacAllister wrote:
--On Monday, June 21, 2010 06:44:10 PM +1000 sam sam@ip6.com.au wrote:
Hi,
With the following configuration:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i cyrus cyrus-imapd-2.3.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
I got the following error when I tried to add from initial.ldif file into the ldap database:
hometest:openldap # ldapadd -x -D "cn=Manager,dc=ip6,dc=com,dc=au" -W -f initial.ldif Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Here is the content of initial.ldif file:
hometest:openldap # cat initial.ldif dn: dc=ip6,dc=com,dc=au objectClass: top objectClass: dcObject objectClass: organization o: IP6 Networks dc: ip6
# super user node dn: cn=root,dc=ip6,dc=com,dc=au objectclass: organizationalRole objectclass: simpleSecurityObject cn: root description: LDAP administrator userPassword: {MD5}cW2LX0AjZxSBzv/mflD3xQ==
Can anyone tell me how resolve this issue?
Your help is very much appreciated.
Thanks Sam
Sounds like the slapd server is not running at all. And if you are going to add entries with ldapadd the daemon needs to be running. But, since this is an initial load just added the entries with slapadd and then start the server.
Bill
Hi Bill,
Thanks for your suggestion, I used the slapadd command,
hometest:openldap # slapadd -v -l initial.ldif bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au". added: "dc=ip6,dc=com,dc=au" (00000001) added: "cn=root,dc=ip6,dc=com,dc=au" (00000002) _#################### 100.00% eta none elapsed none fast! Closing DB...
I am not sure whether this is the error or problem.
then tried to start slapd, I still got the same problem:
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
error in log file:
Jun 21 19:39:53 hometest slapd[1813]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd Jun 21 19:39:53 hometest slapd[1813]: main: TLS init def ctx failed: -1 Jun 21 19:39:53 hometest slapd[1813]: slapd stopped. Jun 21 19:39:53 hometest slapd[1813]: connections_destroy: nothing to destroy.
Thanks Sam
sam wrote:
Bill MacAllister wrote:
--On Monday, June 21, 2010 06:44:10 PM +1000 sam sam@ip6.com.au wrote:
Hi,
With the following configuration:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i cyrus cyrus-imapd-2.3.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
I got the following error when I tried to add from initial.ldif file into the ldap database:
hometest:openldap # ldapadd -x -D "cn=Manager,dc=ip6,dc=com,dc=au" -W -f initial.ldif Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Here is the content of initial.ldif file:
hometest:openldap # cat initial.ldif dn: dc=ip6,dc=com,dc=au objectClass: top objectClass: dcObject objectClass: organization o: IP6 Networks dc: ip6
# super user node dn: cn=root,dc=ip6,dc=com,dc=au objectclass: organizationalRole objectclass: simpleSecurityObject cn: root description: LDAP administrator userPassword: {MD5}cW2LX0AjZxSBzv/mflD3xQ==
Can anyone tell me how resolve this issue?
Your help is very much appreciated.
Thanks Sam
Sounds like the slapd server is not running at all. And if you are going to add entries with ldapadd the daemon needs to be running. But, since this is an initial load just added the entries with slapadd and then start the server.
Bill
Hi Bill,
Thanks for your suggestion, I used the slapadd command,
hometest:openldap # slapadd -v -l initial.ldif bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au". added: "dc=ip6,dc=com,dc=au" (00000001) added: "cn=root,dc=ip6,dc=com,dc=au" (00000002) _#################### 100.00% eta none elapsed none fast! Closing DB...
I am not sure whether this is the error or problem.
then tried to start slapd, I still got the same problem:
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
error in log file:
Jun 21 19:39:53 hometest slapd[1813]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd
Jun 21 19:39:53 hometest slapd[1813]: main: TLS init def ctx failed: -1 Jun 21 19:39:53 hometest slapd[1813]: slapd stopped. Jun 21 19:39:53 hometest slapd[1813]: connections_destroy: nothing to destroy.
Thanks Sam
After I removed the TLS configuration in slapd.conf file, I managed to start slapd.
Jun 21 20:36:37 hometest slapd[2092]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd Jun 21 20:36:38 hometest slapd[2093]: bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au". Jun 21 20:36:38 hometest slapd[2093]: slapd starting
here, what is this DB_CONFIG file?
Thanks Sam
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
error in log file:
Jun 21 19:39:53 hometest slapd[1813]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd
Jun 21 19:39:53 hometest slapd[1813]: main: TLS init def ctx failed: -1 Jun 21 19:39:53 hometest slapd[1813]: slapd stopped. Jun 21 19:39:53 hometest slapd[1813]: connections_destroy: nothing to destroy.
Thanks Sam
After I removed the TLS configuration in slapd.conf file, I managed to start slapd.
Jun 21 20:36:37 hometest slapd[2092]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd
Jun 21 20:36:38 hometest slapd[2093]: bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au". Jun 21 20:36:38 hometest slapd[2093]: slapd starting
here, what is this DB_CONFIG file?
Thanks Sam
OK, I got that fixed:
# netstat -an | egrep '389|636' tcp4 0 0 192.168.1.20.636 *.* LISTEN tcp4 0 0 192.168.1.20.389 *.* LISTEN
But I am still getting the following warning:
bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au".
How to configure DB_CONFIG file for this issue?
Thanks Sam
It's merely reminding you that you might want one have one. Put a blank file in your BDB directory with that name.
It's purely a BDB thing - nothing to do with OpenLDAP.
There are article 'out there' on what might go in the file, but in many cases you don't need to tune anything - seriously.
Caveat: I'm no expert.
Thanks, - chris
Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces+chris.jacobs=apollogrp.edu@OpenLDAP.org openldap-technical-bounces+chris.jacobs=apollogrp.edu@OpenLDAP.org To: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Mon Jun 21 05:30:44 2010 Subject: Re: Can't start ldap or can't create ldap database.
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
error in log file:
Jun 21 19:39:53 hometest slapd[1813]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd
Jun 21 19:39:53 hometest slapd[1813]: main: TLS init def ctx failed: -1 Jun 21 19:39:53 hometest slapd[1813]: slapd stopped. Jun 21 19:39:53 hometest slapd[1813]: connections_destroy: nothing to destroy.
Thanks Sam
After I removed the TLS configuration in slapd.conf file, I managed to start slapd.
Jun 21 20:36:37 hometest slapd[2092]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd
Jun 21 20:36:38 hometest slapd[2093]: bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au". Jun 21 20:36:38 hometest slapd[2093]: slapd starting
here, what is this DB_CONFIG file?
Thanks Sam
OK, I got that fixed:
# netstat -an | egrep '389|636' tcp4 0 0 192.168.1.20.636 *.* LISTEN tcp4 0 0 192.168.1.20.389 *.* LISTEN
But I am still getting the following warning:
bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au".
How to configure DB_CONFIG file for this issue?
Thanks Sam
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Chris Jacobs Chris.Jacobs@apollogrp.edu writes:
R> It's merely reminding you that you might want one have one. Put a blank file in your BDB directory with that name.
It's purely a BDB thing - nothing to do with OpenLDAP.
There are article 'out there' on what might go in the file, but in many cases you don't need to tune anything - seriously.
Caveat: I'm no expert.
If you are happy with 256 Kb cache size you don't any settings, as this is the BerkeleyDB default setting. But most people do have more than an few entries in the database.
-Dieter
On 21 juin 10, at 14:30, sam wrote:
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
error in log file:
Jun 21 19:39:53 hometest slapd[1813]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/ net/openldap24-server/work/openldap-2.4.22/servers/slapd Jun 21 19:39:53 hometest slapd[1813]: main: TLS init def ctx failed: -1 Jun 21 19:39:53 hometest slapd[1813]: slapd stopped. Jun 21 19:39:53 hometest slapd[1813]: connections_destroy: nothing to destroy.
Thanks Sam
After I removed the TLS configuration in slapd.conf file, I managed to start slapd.
Jun 21 20:36:37 hometest slapd[2092]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/ net/openldap24-server/work/openldap-2.4.22/servers/slapd Jun 21 20:36:38 hometest slapd[2093]: bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au". Jun 21 20:36:38 hometest slapd[2093]: slapd starting
here, what is this DB_CONFIG file?
Thanks Sam
OK, I got that fixed:
# netstat -an | egrep '389|636' tcp4 0 0 192.168.1.20.636 *.* LISTEN tcp4 0 0 192.168.1.20.389 *.* LISTEN
But I am still getting the following warning:
bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/ openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au".
How to configure DB_CONFIG file for this issue?
On FreeBSD, the following should work: cp /usr/local/etc/openldap/DB_CONFIG.example /var/db/openldap-data/ DB_CONFIG chown ldap:ldap /var/db/openldap-data/DB_CONFIG
However, you should read at least the admin guide http://www.openldap.org/doc/admin24/ and http://www.openldap.org/faq/data/cache/1072.html.
Thierry
Thierry Lacoste wrote:
On 21 juin 10, at 14:30, sam wrote:
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
error in log file:
Jun 21 19:39:53 hometest slapd[1813]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd
Jun 21 19:39:53 hometest slapd[1813]: main: TLS init def ctx failed: -1 Jun 21 19:39:53 hometest slapd[1813]: slapd stopped. Jun 21 19:39:53 hometest slapd[1813]: connections_destroy: nothing to destroy.
Thanks Sam
After I removed the TLS configuration in slapd.conf file, I managed to start slapd.
Jun 21 20:36:37 hometest slapd[2092]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd
Jun 21 20:36:38 hometest slapd[2093]: bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au". Jun 21 20:36:38 hometest slapd[2093]: slapd starting
here, what is this DB_CONFIG file?
Thanks Sam
OK, I got that fixed:
# netstat -an | egrep '389|636' tcp4 0 0 192.168.1.20.636 *.* LISTEN tcp4 0 0 192.168.1.20.389 *.* LISTEN
But I am still getting the following warning:
bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au".
How to configure DB_CONFIG file for this issue?
On FreeBSD, the following should work: cp /usr/local/etc/openldap/DB_CONFIG.example /var/db/openldap-data/DB_CONFIG chown ldap:ldap /var/db/openldap-data/DB_CONFIG
However, you should read at least the admin guide http://www.openldap.org/doc/admin24/ and http://www.openldap.org/faq/data/cache/1072.html.
Thierry
Thanks, that works well.
Very appreciate that. Sam
On 21/06/2010 12:52, sam wrote:
sam wrote:
Bill MacAllister wrote:
--On Monday, June 21, 2010 06:44:10 PM +1000 sam sam@ip6.com.au wrote:
Hi,
With the following configuration:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i cyrus cyrus-imapd-2.3.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
I got the following error when I tried to add from initial.ldif file into the ldap database:
hometest:openldap # ldapadd -x -D "cn=Manager,dc=ip6,dc=com,dc=au" -W -f initial.ldif Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Here is the content of initial.ldif file:
hometest:openldap # cat initial.ldif dn: dc=ip6,dc=com,dc=au objectClass: top objectClass: dcObject objectClass: organization o: IP6 Networks dc: ip6
# super user node dn: cn=root,dc=ip6,dc=com,dc=au objectclass: organizationalRole objectclass: simpleSecurityObject cn: root description: LDAP administrator userPassword: {MD5}cW2LX0AjZxSBzv/mflD3xQ==
Can anyone tell me how resolve this issue?
Your help is very much appreciated.
Thanks Sam
Sounds like the slapd server is not running at all. And if you are going to add entries with ldapadd the daemon needs to be running. But, since this is an initial load just added the entries with slapadd and then start the server.
Bill
Hi Bill,
Thanks for your suggestion, I used the slapadd command,
hometest:openldap # slapadd -v -l initial.ldif bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au". added: "dc=ip6,dc=com,dc=au" (00000001) added: "cn=root,dc=ip6,dc=com,dc=au" (00000002) _#################### 100.00% eta none elapsed none fast! Closing DB...
I am not sure whether this is the error or problem.
then tried to start slapd, I still got the same problem:
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
error in log file:
Jun 21 19:39:53 hometest slapd[1813]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd
Jun 21 19:39:53 hometest slapd[1813]: main: TLS init def ctx failed: -1 Jun 21 19:39:53 hometest slapd[1813]: slapd stopped. Jun 21 19:39:53 hometest slapd[1813]: connections_destroy: nothing to destroy.
Thanks Sam
After I removed the TLS configuration in slapd.conf file, I managed to start slapd.
Jun 21 20:36:37 hometest slapd[2092]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd
Jun 21 20:36:38 hometest slapd[2093]: bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au". Jun 21 20:36:38 hometest slapd[2093]: slapd starting
here, what is this DB_CONFIG file?
See http://www.openldap.org/faq/data/cache/1072.html.
Note also that directives in DB_CONFIG can now be (advantageously) set up from slapd.conf or slapd-config via the dbconfig parameter.
Jonathan
sam sam@ip6.com.au writes:
sam wrote:
Bill MacAllister wrote:
--On Monday, June 21, 2010 06:44:10 PM +1000 sam sam@ip6.com.au wrote:
Hi,
[...]
Jun 21 20:36:37 hometest slapd[2092]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd Jun 21 20:36:38 hometest slapd[2093]: bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au". Jun 21 20:36:38 hometest slapd[2093]: slapd starting
here, what is this DB_CONFIG file?
http://www.openldap.org/faq/data/cache/1072.html
-Dieter
--On Monday, June 21, 2010 08:52:44 PM +1000 sam sam@ip6.com.au wrote:
sam wrote:
Bill MacAllister wrote:
--On Monday, June 21, 2010 06:44:10 PM +1000 sam sam@ip6.com.au wrote:
Hi,
With the following configuration:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i cyrus cyrus-imapd-2.3.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
I got the following error when I tried to add from initial.ldif file into the ldap database:
hometest:openldap # ldapadd -x -D "cn=Manager,dc=ip6,dc=com,dc=au" -W -f initial.ldif Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Here is the content of initial.ldif file:
hometest:openldap # cat initial.ldif dn: dc=ip6,dc=com,dc=au objectClass: top objectClass: dcObject objectClass: organization o: IP6 Networks dc: ip6
# super user node dn: cn=root,dc=ip6,dc=com,dc=au objectclass: organizationalRole objectclass: simpleSecurityObject cn: root description: LDAP administrator userPassword: {MD5}cW2LX0AjZxSBzv/mflD3xQ==
Can anyone tell me how resolve this issue?
Your help is very much appreciated.
Thanks Sam
Sounds like the slapd server is not running at all. And if you are going to add entries with ldapadd the daemon needs to be running. But, since this is an initial load just added the entries with slapadd and then start the server.
Bill
Hi Bill,
Thanks for your suggestion, I used the slapadd command,
hometest:openldap # slapadd -v -l initial.ldif bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au". added: "dc=ip6,dc=com,dc=au" (00000001) added: "cn=root,dc=ip6,dc=com,dc=au" (00000002) _#################### 100.00% eta none elapsed none fast! Closing DB...
I am not sure whether this is the error or problem.
then tried to start slapd, I still got the same problem:
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
error in log file:
Jun 21 19:39:53 hometest slapd[1813]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd
Jun 21 19:39:53 hometest slapd[1813]: main: TLS init def ctx failed: -1 Jun 21 19:39:53 hometest slapd[1813]: slapd stopped. Jun 21 19:39:53 hometest slapd[1813]: connections_destroy: nothing to destroy.
Thanks Sam
After I removed the TLS configuration in slapd.conf file, I managed to start slapd.
Jun 21 20:36:37 hometest slapd[2092]: @(#) $OpenLDAP: slapd 2.4.22 (Jan 1 2002 00:24:15) $ root@hometest.ip6.com.au:/usr/ports/net/openldap24-server/work/openldap-2.4.22/servers/slapd Jun 21 20:36:38 hometest slapd[2093]: bdb_db_open: warning - no DB_CONFIG file found in directory /var/db/openldap-data: (2). Expect poor performance for suffix "dc=ip6,dc=com,dc=au". Jun 21 20:36:38 hometest slapd[2093]: slapd starting
here, what is this DB_CONFIG file?
It is the bdb configuration file. You can find information about it in many places on the web. Here is a document from the OpenLDAP site that discusses it.
http://www.openldap.org/faq/data/cache/1072.html
Unless you tune cache sizes and add some indexes OpenLDAP will be slow for all but the smallest databases.
Bill
openldap-technical@openldap.org
-
Bill MacAllister -
Chris Jacobs -
Dieter Kluenter -
Jonathan Clarke -
sam -
Thierry Lacoste