Hi all,
New to the list and (Open)LDAP so apologies if I'm missing the obvious. I've gone through the Admin Guide and some other docs I found online but I still have problems converting a slapd.conf to the cn=config format on a CentOS 6.3 x86_64 box with openldap-2.4.23-26.el6_3.2
$ cat ~/slapd.conf.new
# general parameters include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema allow bind_v2 loglevel 296 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args password-hash {SSHA} modulepath /usr/lib64/openldap TLSCipherSuite HIGH TLSCACertificatePath /etc/openldap/certs TLSCertificateFile ""OpenLDAP Server"" TLSCertificateKeyFile /etc/openldap/certs/password lastmod on
# databases database config rootdn "cn=admin,cn=config" rootpw {SSHA}LDeTJEEBhqypKL2FpQuFc2j4Na1TLTRW access to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
# enable server status monitoring (cn=monitor) database monitor access to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.exact="cn=admin,dc=example,dc=com" read by * none
database hdb suffix "dc=example,dc=com" rootdn "cn=admin,dc=example,dc=com" rootpw {SSHA}LDeTJEEBhqypKL2FpQuFc2j4Na1TLTRW mode 600 checkpoint 512 30 cachesize 2097152 index uid pres,eq index cn,sn,mail pres,eq,approx,sub index objectClass eq
directory /var/lib/ldap
Steps I did:
# service slapd stop # rm -rf /var/lib/ldap/* # rm -rf /etc/openldap/slapd.d/* # cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG # echo "" | slapadd -v -d 448 -f ./slapd.conf.new # slaptest -v -d 448 -f ./slapd.conf.new -F /etc/openldap/slapd.d
The last step just hangs and does not do anything even after waiting 45 minutes.
Anyone know what I'm doing wrong? Pointers most appreciated.
Thanks! Patrick
--On Wednesday, October 03, 2012 11:10 PM +0200 Patrick Lists openldap-list@puzzled.xs4all.nl wrote:
# echo "" | slapadd -v -d 448 -f ./slapd.conf.new
What is this step for? Seems pointless.
Also, I would strongly advise you to use a current OpenLDAP release.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
On 10/03/2012 11:24 PM, Quanah Gibson-Mount wrote:
--On Wednesday, October 03, 2012 11:10 PM +0200 Patrick Lists openldap-list@puzzled.xs4all.nl wrote:
# echo "" | slapadd -v -d 448 -f ./slapd.conf.new
What is this step for? Seems pointless.
Thank you for your quick reply. Without this command I would get the following error:
bdb_db_open: database "dc=example,dc=com": db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2).
I googled that error and found that command which would fix/prevent that error at http://spectlog.com/content/Minimal_LDAP_configuration_on_RHEL6_in_stages_an...
Also, I would strongly advise you to use a current OpenLDAP release.
Thanks for the tip. I would prefer to stay wit what upstream provides but if that means that things won't work than I'll try the latest and greatest. Off to build 2.4.32.
Regards, Patrick
Patrick Lists wrote:
New to the list and (Open)LDAP so apologies if I'm missing the obvious. I've gone through the Admin Guide and some other docs I found online but I still have problems converting a slapd.conf to the cn=config format on a CentOS 6.3 x86_64 box with openldap-2.4.23-26.el6_3.2
There have been numerous fixes since 2.4.23 to the config conversion. Please re-test with a recent OpenLDAP version.
Ciao, Michael.
On 10/03/2012 11:31 PM, Michael Ströder wrote:
Patrick Lists wrote:
New to the list and (Open)LDAP so apologies if I'm missing the obvious. I've gone through the Admin Guide and some other docs I found online but I still have problems converting a slapd.conf to the cn=config format on a CentOS 6.3 x86_64 box with openldap-2.4.23-26.el6_3.2
There have been numerous fixes since 2.4.23 to the config conversion. Please re-test with a recent OpenLDAP version.
Thank you for your quick reply. You are the 2nd person recommending I upgrade so I'll give 2.4.32 a try.
OT: I wonder how users of Red Hat RHEL handle this as it's not very common to roll your own because iirc Red Hat will only support their own packages.
Regards, Patrick
--On Wednesday, October 03, 2012 11:42 PM +0200 Patrick Lists openldap-list@puzzled.xs4all.nl wrote:
On 10/03/2012 11:31 PM, Michael Ströder wrote:
Patrick Lists wrote:
New to the list and (Open)LDAP so apologies if I'm missing the obvious. I've gone through the Admin Guide and some other docs I found online but I still have problems converting a slapd.conf to the cn=config format on a CentOS 6.3 x86_64 box with openldap-2.4.23-26.el6_3.2
There have been numerous fixes since 2.4.23 to the config conversion. Please re-test with a recent OpenLDAP version.
Thank you for your quick reply. You are the 2nd person recommending I upgrade so I'll give 2.4.32 a try.
OT: I wonder how users of Red Hat RHEL handle this as it's not very common to roll your own because iirc Red Hat will only support their own packages.
A lot do, because using RH's package is untenable, given the how vastly out of date they are.
I will note pre-built packages are already available at http://ltb-project.org/wiki/download#openldap
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
On 10/03/2012 11:58 PM, Quanah Gibson-Mount wrote: [snip]
OT: I wonder how users of Red Hat RHEL handle this as it's not very common to roll your own because iirc Red Hat will only support their own packages.
A lot do, because using RH's package is untenable, given the how vastly out of date they are.
I will note pre-built packages are already available at http://ltb-project.org/wiki/download#openldap
Thanks for the tip. Just found them and am comparing them with the Fedora one. Seems the Fedora one carries a ton of patches while the ltb one is vanilla. Will first try to rebuild the Fedora one on CentOS and if that does not work then I'll go for the tlb one.
Regards, Patrick
On 4/10/2012 1:18 πμ, Patrick Lists wrote:
Seems the Fedora one carries a ton of patches while the ltb one is vanilla.
Out of curiosity, coz I am using LTB OpenLDAP RPMs on many CentOS 5/6 machines: What kind of patches are available in Fedora builds which are not available in LTB?
LTB, as far as I know, is fully up to date, includes all overlays, TLS, even SLAPI support, except it is using a slightly older (correctly patched and properly running) BerkleyDB: v4.6.21.
From openldap-ltb.spec:
./configure --enable-ldap --enable-debug --prefix=%{ldapserverdir} --libdir=%{ldapserverdir}/%{_lib} --with-tls --with-cyrus-sasl --enable-spasswd --enable-overlays --enable-modules --enable-slapi --enable-meta --enable-crypt
Regards, Nick
On 10/04/2012 02:52 PM, Nick Milas wrote:
On 4/10/2012 1:18 πμ, Patrick Lists wrote:
Seems the Fedora one carries a ton of patches while the ltb one is vanilla.
Out of curiosity, coz I am using LTB OpenLDAP RPMs on many CentOS 5/6 machines: What kind of patches are available in Fedora builds which are not available in LTB?
LTB, as far as I know, is fully up to date, includes all overlays, TLS, even SLAPI support, except it is using a slightly older (correctly patched and properly running) BerkleyDB: v4.6.21.
From openldap-ltb.spec:
./configure --enable-ldap --enable-debug --prefix=%{ldapserverdir} --libdir=%{ldapserverdir}/%{_lib} --with-tls --with-cyrus-sasl --enable-spasswd --enable-overlays --enable-modules --enable-slapi --enable-meta --enable-crypt
You can find the SRPM with the 18 or so patches at:
http://kojipkgs.fedoraproject.org//packages/openldap/2.4.32/3.fc17/src/openl...
And the changelog is at:
http://koji.fedoraproject.org/koji/buildinfo?buildID=354325
Regards, Patrick
Thank you for your quick reply. You are the 2nd person recommending I upgrade so I'll give 2.4.32 a try.
OT: I wonder how users of Red Hat RHEL handle this as it's not very common to roll your own because iirc Red Hat will only support their own packages.
Are you really going to call Red Hat for OpenLDAP support? I wouldn't.
John
openldap-technical@openldap.org
-
John Madden -
Michael Ströder -
Nick Milas -
Patrick Lists -
Quanah Gibson-Mount