I used slapindex also, the output is:

stefano@amahoro:~$ /usr/sbin/slapindex /etc/ldap/slapd.conf: line 20: invalid path: Permission denied slapindex: bad configuration file!

This is my slapd.conf

#Basics include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema

pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256

modulepath /usr/lib/ldap moduleload back_hdb

#Database configuration database hdb suffix "dc=amahoro,dc=bi" rootdn "cn=Manager,dc=amahoro,dc=bi" rootpw {SSHA}XBLZ+TknuZHW3dirN2SE2fj3mYka3tkG directory /var/lib/ldap <----------------------------- LINE 20 index uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial index sambaSID eq index sambaPrimaryGroupSID eq

#ACLs access to attrs=userPassword by anonymous auth by self write by * none

access to * by dn.base="uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" read by self write by * none

These are the permissions of /var/lib/ldap/are

drwxr-x--- 2 openldap openldap 4096 Apr 29 09:57 ldap

-rw-r--r-- 1 openldap openldap 4096 Apr 29 09:57 alock -rw------- 1 openldap openldap 8192 Apr 28 12:18 cn.bdb -rw------- 1 openldap openldap 24576 Apr 29 09:57 __db.001 -rw------- 1 openldap openldap 352256 Apr 29 09:57 __db.002 -rw------- 1 openldap openldap 2629632 Apr 29 09:57 __db.003 -rw------- 1 openldap openldap 163840 Apr 29 09:57 __db.004 -rw------- 1 openldap openldap 876544 Apr 29 09:57 __db.005 -rw------- 1 openldap openldap 32768 Apr 29 09:57 __db.006 -rw-r--r-- 1 openldap openldap 96 Apr 23 17:34 DB_CONFIG -rw------- 1 openldap openldap 8192 Apr 28 14:23 dn2id.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 gidNumber.bdb -rw------- 1 openldap openldap 32768 Apr 28 14:23 id2entry.bdb -rw------- 1 openldap openldap 10485760 Apr 29 09:57 log.0000000001 -rw------- 1 openldap openldap 8192 Apr 28 12:18 mail.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:00 memberUid.bdb -rw------- 1 openldap openldap 8192 Apr 28 11:52 objectClass.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 sambaSID.bdb -rw------- 1 openldap openldap 8192 Apr 28 12:18 sn.bdb -rw------- 1 openldap openldap 8192 Apr 28 12:18 uid.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 uidNumber.bdb

Whato do you think?

Thanks

On 04/28/2012 08:33 PM, stefano malini wrote:

anyone?

On 04/28/2012 11:30 AM, stefano malini wrote:

...

Hi, i cannot end the populating process using smbldap-populate due to this errors:

root@amahoro:~# smbldap-populate Populating LDAP directory for domain AMAHORO (S-1-5-21-251852451-2940789264-3475694606) (using builtin directory structure)

entry dc=amahoro,dc=bi already exist. entry ou=Users,dc=amahoro,dc=bi already exist. entry ou=Groups,dc=amahoro,dc=bi already exist. entry ou=Computers,dc=amahoro,dc=bi already exist. entry ou=Idmap,dc=amahoro,dc=bi already exist. adding new entry: uid=root,ou=Users,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, <GEN1> line 58. adding new entry: uid=nobody,ou=Users,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, <GEN1> line 89. adding new entry: cn=Domain Admins,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, <GEN1> line 101. adding new entry: cn=Domain Users,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, <GEN1> line 112. adding new entry: cn=Domain Guests,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, <GEN1> line 123. adding new entry: cn=Domain Computers,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, <GEN1> line 134. adding new entry: cn=Administrators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, <GEN1> line 179. adding new entry: cn=Account Operators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, <GEN1> line 201. adding new entry: cn=Print Operators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, <GEN1> line 212. adding new entry: cn=Backup Operators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, <GEN1> line 223. adding new entry: cn=Replicators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498, <GEN1> line 234. entry sambaDomainName=AMAHORO,dc=amahoro,dc=bi already exist. Updating it...

Please provide a password for the domain root: /usr/sbin/smbldap-passwd: user root doesn't exist

i don't find the error "index generation failed" on internet. Do you know the problem?

Thanks

after start slapd, ps -aux gives this line:

openldap 3314 0.0 0.4 41676 4536 ? Ssl 11:19 0:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap.

i tried to run the command

su -c slapindex openldap

but it asks me the password but i haven't it. Do i have to set a password for openldap?

On 04/29/2012 11:02 AM, Jonathan Clarke wrote:

On 29 avr. 2012, at 10:27, stefano malinilozingalo@gmail.com wrote:

...

I used slapindex also, the output is:

stefano@amahoro:~$ /usr/sbin/slapindex /etc/ldap/slapd.conf: line 20: invalid path: Permission denied slapindex: bad configuration file!

Try running slapindex as the user "openldap". Also, make sure that you run slapd as that user too.

Jonathan

...

This is my slapd.conf

#Basics include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema

pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256

modulepath /usr/lib/ldap moduleload back_hdb

#Database configuration database hdb suffix "dc=amahoro,dc=bi" rootdn "cn=Manager,dc=amahoro,dc=bi" rootpw {SSHA}XBLZ+TknuZHW3dirN2SE2fj3mYka3tkG directory /var/lib/ldap<----------------------------- LINE 20 index uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial index sambaSID eq index sambaPrimaryGroupSID eq

#ACLs access to attrs=userPassword by anonymous auth by self write by * none

access to * by dn.base="uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" read by self write by * none

These are the permissions of /var/lib/ldap/are

drwxr-x--- 2 openldap openldap 4096 Apr 29 09:57 ldap

-rw-r--r-- 1 openldap openldap 4096 Apr 29 09:57 alock -rw------- 1 openldap openldap 8192 Apr 28 12:18 cn.bdb -rw------- 1 openldap openldap 24576 Apr 29 09:57 __db.001 -rw------- 1 openldap openldap 352256 Apr 29 09:57 __db.002 -rw------- 1 openldap openldap 2629632 Apr 29 09:57 __db.003 -rw------- 1 openldap openldap 163840 Apr 29 09:57 __db.004 -rw------- 1 openldap openldap 876544 Apr 29 09:57 __db.005 -rw------- 1 openldap openldap 32768 Apr 29 09:57 __db.006 -rw-r--r-- 1 openldap openldap 96 Apr 23 17:34 DB_CONFIG -rw------- 1 openldap openldap 8192 Apr 28 14:23 dn2id.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 gidNumber.bdb -rw------- 1 openldap openldap 32768 Apr 28 14:23 id2entry.bdb -rw------- 1 openldap openldap 10485760 Apr 29 09:57 log.0000000001 -rw------- 1 openldap openldap 8192 Apr 28 12:18 mail.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:00 memberUid.bdb -rw------- 1 openldap openldap 8192 Apr 28 11:52 objectClass.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 sambaSID.bdb -rw------- 1 openldap openldap 8192 Apr 28 12:18 sn.bdb -rw------- 1 openldap openldap 8192 Apr 28 12:18 uid.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 uidNumber.bdb

Whato do you think?

Thanks

On 04/28/2012 08:33 PM, stefano malini wrote:

...

anyone?

On 04/28/2012 11:30 AM, stefano malini wrote:

...

Hi, i cannot end the populating process using smbldap-populate due to this errors:

root@amahoro:~# smbldap-populate Populating LDAP directory for domain AMAHORO (S-1-5-21-251852451-2940789264-3475694606) (using builtin directory structure)

entry dc=amahoro,dc=bi already exist. entry ou=Users,dc=amahoro,dc=bi already exist. entry ou=Groups,dc=amahoro,dc=bi already exist. entry ou=Computers,dc=amahoro,dc=bi already exist. entry ou=Idmap,dc=amahoro,dc=bi already exist. adding new entry: uid=root,ou=Users,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 58. adding new entry: uid=nobody,ou=Users,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 89. adding new entry: cn=Domain Admins,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 101. adding new entry: cn=Domain Users,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 112. adding new entry: cn=Domain Guests,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 123. adding new entry: cn=Domain Computers,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 134. adding new entry: cn=Administrators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 179. adding new entry: cn=Account Operators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 201. adding new entry: cn=Print Operators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 212. adding new entry: cn=Backup Operators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 223. adding new entry: cn=Replicators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 234. entry sambaDomainName=AMAHORO,dc=amahoro,dc=bi already exist. Updating it...

Please provide a password for the domain root: /usr/sbin/smbldap-passwd: user root doesn't exist

i don't find the error "index generation failed" on internet. Do you know the problem?

Thanks

On Apr 29, 2012, at 3:27 AM, stefano malini lozingalo@gmail.com wrote:

Hi, other check:

using sudo strace /usr/sbin/slapindex i found the line: open("/var/lib/ldap/DUMMY", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = -1 EACCES (Permission denied) but in that directory there is not not "DUMMY"

What can i do? am blocked on this point

Thanks

Clearly the higher level directory permissions are wrong. Fix them.

--Quanah

On 04/29/2012 11:02 AM, Jonathan Clarke wrote:

...

On 29 avr. 2012, at 10:27, stefano malinilozingalo@gmail.com wrote:

...

I used slapindex also, the output is:

stefano@amahoro:~$ /usr/sbin/slapindex /etc/ldap/slapd.conf: line 20: invalid path: Permission denied slapindex: bad configuration file!

Try running slapindex as the user "openldap". Also, make sure that you run slapd as that user too.

Jonathan

...

This is my slapd.conf

#Basics include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema

pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256

modulepath /usr/lib/ldap moduleload back_hdb

#Database configuration database hdb suffix "dc=amahoro,dc=bi" rootdn "cn=Manager,dc=amahoro,dc=bi" rootpw {SSHA}XBLZ+TknuZHW3dirN2SE2fj3mYka3tkG directory /var/lib/ldap<----------------------------- LINE 20 index uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial index sambaSID eq index sambaPrimaryGroupSID eq

#ACLs access to attrs=userPassword by anonymous auth by self write by * none

access to * by dn.base="uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" read by self write by * none

These are the permissions of /var/lib/ldap/are

drwxr-x--- 2 openldap openldap 4096 Apr 29 09:57 ldap

-rw-r--r-- 1 openldap openldap 4096 Apr 29 09:57 alock -rw------- 1 openldap openldap 8192 Apr 28 12:18 cn.bdb -rw------- 1 openldap openldap 24576 Apr 29 09:57 __db.001 -rw------- 1 openldap openldap 352256 Apr 29 09:57 __db.002 -rw------- 1 openldap openldap 2629632 Apr 29 09:57 __db.003 -rw------- 1 openldap openldap 163840 Apr 29 09:57 __db.004 -rw------- 1 openldap openldap 876544 Apr 29 09:57 __db.005 -rw------- 1 openldap openldap 32768 Apr 29 09:57 __db.006 -rw-r--r-- 1 openldap openldap 96 Apr 23 17:34 DB_CONFIG -rw------- 1 openldap openldap 8192 Apr 28 14:23 dn2id.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 gidNumber.bdb -rw------- 1 openldap openldap 32768 Apr 28 14:23 id2entry.bdb -rw------- 1 openldap openldap 10485760 Apr 29 09:57 log.0000000001 -rw------- 1 openldap openldap 8192 Apr 28 12:18 mail.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:00 memberUid.bdb -rw------- 1 openldap openldap 8192 Apr 28 11:52 objectClass.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 sambaSID.bdb -rw------- 1 openldap openldap 8192 Apr 28 12:18 sn.bdb -rw------- 1 openldap openldap 8192 Apr 28 12:18 uid.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 uidNumber.bdb

Whato do you think?

Thanks

On 04/28/2012 08:33 PM, stefano malini wrote:

...

anyone?

On 04/28/2012 11:30 AM, stefano malini wrote:

...

Hi, i cannot end the populating process using smbldap-populate due to this errors:

root@amahoro:~# smbldap-populate Populating LDAP directory for domain AMAHORO (S-1-5-21-251852451-2940789264-3475694606) (using builtin directory structure)

entry dc=amahoro,dc=bi already exist. entry ou=Users,dc=amahoro,dc=bi already exist. entry ou=Groups,dc=amahoro,dc=bi already exist. entry ou=Computers,dc=amahoro,dc=bi already exist. entry ou=Idmap,dc=amahoro,dc=bi already exist. adding new entry: uid=root,ou=Users,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 58. adding new entry: uid=nobody,ou=Users,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 89. adding new entry: cn=Domain Admins,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 101. adding new entry: cn=Domain Users,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 112. adding new entry: cn=Domain Guests,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 123. adding new entry: cn=Domain Computers,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 134. adding new entry: cn=Administrators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 179. adding new entry: cn=Account Operators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 201. adding new entry: cn=Print Operators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 212. adding new entry: cn=Backup Operators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 223. adding new entry: cn=Replicators,ou=Groups,dc=amahoro,dc=bi failed to add entry: index generation failed at /usr/sbin/smbldap-populate line 498,<GEN1> line 234. entry sambaDomainName=AMAHORO,dc=amahoro,dc=bi already exist. Updating it...

Please provide a password for the domain root: /usr/sbin/smbldap-passwd: user root doesn't exist

i don't find the error "index generation failed" on internet. Do you know the problem?

Thanks

so, i changed all the permissions in the /var/lib/ldap/*

chmod 0755 /var/lib/ldap/

I retried with slapindex with the same result:

from root: sudo /usr/sbin/slapindex

WARNING! Runnig as root! There's a fair chance slapd will fail to start. Check file permissions!

from normal user: usr/sbin/slapindex /etc/ldap/slapd.conf: line 20: invalid path: Permission denied slapindex: bad configuration file!

I repeated strace and i didn't find errors

I repeated slapindex from root and from normal user but the result was the same as above.

I repeated smbldap-populate anc magically it runs!

Do you understand something of this chaos? I'd like to understand the why of this behavior.

Thanks

On 04/30/2012 08:51 AM, Stefano Malini wrote:

Hi,

please take a look of my permissions:

ls -l /var drwxr-xr-x 13 openldap openldap 4096 Mar 20 09:47 var

ls -l /var/lib drwxr-xr-x 31 openldap openldap 4096 Apr 28 16:38 lib

ls -l /var/lib/ldap drwxr-xr-x 2 openldap openldap 4096 Apr 30 08:31 ldap

ls -l /var/lib/ldap/ root@amahoro:/# ls -l /var/lib/ldap/ total 11580 -rw-r----- 1 openldap openldap 4096 Apr 30 08:31 alock -rw------- 1 openldap openldap 8192 Apr 29 11:47 cn.bdb -rw------- 1 openldap openldap 24576 Apr 30 08:31 __db.001 -rw------- 1 openldap openldap 352256 Apr 30 08:38 __db.002 -rw------- 1 openldap openldap 2629632 Apr 30 08:38 __db.003 -rw------- 1 openldap openldap 163840 Apr 30 08:38 __db.004 -rw------- 1 openldap openldap 876544 Apr 30 08:38 __db.005 -rw------- 1 openldap openldap 32768 Apr 30 08:38 __db.006 -rw-r--r-- 1 openldap openldap 96 Apr 23 17:34 DB_CONFIG -rw------- 1 openldap openldap 8192 Apr 28 14:23 dn2id.bdb -rw------- 1 openldap openldap 8192 Apr 29 11:47 gidNumber.bdb -rw------- 1 openldap openldap 32768 Apr 28 14:23 id2entry.bdb -rw------- 1 openldap openldap 10485760 Apr 30 08:30 log.0000000001 -rw------- 1 openldap openldap 8192 Apr 29 11:47 mail.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:00 memberUid.bdb -rw------- 1 openldap openldap 8192 Apr 28 11:52 objectClass.bdb -rw------- 1 openldap openldap 8192 Apr 29 11:47 sambaSID.bdb -rw------- 1 openldap openldap 8192 Apr 29 11:47 sn.bdb -rw------- 1 openldap openldap 8192 Apr 29 11:47 uid.bdb -rw------- 1 openldap openldap 8192 Apr 29 11:47 uidNumber.bdb

Are ok?

On 4/30/12, Quanah Gibson-Mountquanah@zimbra.com wrote:

...

On Apr 29, 2012, at 3:27 AM, stefano malinilozingalo@gmail.com wrote:

...

Hi, other check:

using sudo strace /usr/sbin/slapindex i found the line: open("/var/lib/ldap/DUMMY", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = -1 EACCES (Permission denied) but in that directory there is not not "DUMMY"

What can i do? am blocked on this point

Thanks

Clearly the higher level directory permissions are wrong. Fix them.

--Quanah

...

On 04/29/2012 11:02 AM, Jonathan Clarke wrote:

...

On 29 avr. 2012, at 10:27, stefano malinilozingalo@gmail.com wrote:

...

I used slapindex also, the output is:

stefano@amahoro:~$ /usr/sbin/slapindex /etc/ldap/slapd.conf: line 20: invalid path: Permission denied slapindex: bad configuration file!

Try running slapindex as the user "openldap". Also, make sure that you run slapd as that user too.

Jonathan

...

This is my slapd.conf

#Basics include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema

pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256

modulepath /usr/lib/ldap moduleload back_hdb

#Database configuration database hdb suffix "dc=amahoro,dc=bi" rootdn "cn=Manager,dc=amahoro,dc=bi" rootpw {SSHA}XBLZ+TknuZHW3dirN2SE2fj3mYka3tkG directory /var/lib/ldap<----------------------------- LINE 20 index uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial index sambaSID eq index sambaPrimaryGroupSID eq

#ACLs access to attrs=userPassword by anonymous auth by self write by * none

access to * by dn.base="uid=nslcd_proc,ou=System,dc=amahoro,dc=bi" read by self write by * none

These are the permissions of /var/lib/ldap/are

drwxr-x--- 2 openldap openldap 4096 Apr 29 09:57 ldap

-rw-r--r-- 1 openldap openldap 4096 Apr 29 09:57 alock -rw------- 1 openldap openldap 8192 Apr 28 12:18 cn.bdb -rw------- 1 openldap openldap 24576 Apr 29 09:57 __db.001 -rw------- 1 openldap openldap 352256 Apr 29 09:57 __db.002 -rw------- 1 openldap openldap 2629632 Apr 29 09:57 __db.003 -rw------- 1 openldap openldap 163840 Apr 29 09:57 __db.004 -rw------- 1 openldap openldap 876544 Apr 29 09:57 __db.005 -rw------- 1 openldap openldap 32768 Apr 29 09:57 __db.006 -rw-r--r-- 1 openldap openldap 96 Apr 23 17:34 DB_CONFIG -rw------- 1 openldap openldap 8192 Apr 28 14:23 dn2id.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 gidNumber.bdb -rw------- 1 openldap openldap 32768 Apr 28 14:23 id2entry.bdb -rw------- 1 openldap openldap 10485760 Apr 29 09:57 log.0000000001 -rw------- 1 openldap openldap 8192 Apr 28 12:18 mail.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:00 memberUid.bdb -rw------- 1 openldap openldap 8192 Apr 28 11:52 objectClass.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 sambaSID.bdb -rw------- 1 openldap openldap 8192 Apr 28 12:18 sn.bdb -rw------- 1 openldap openldap 8192 Apr 28 12:18 uid.bdb -rw------- 1 openldap openldap 8192 Apr 28 14:23 uidNumber.bdb

Whato do you think?

Thanks

On 04/28/2012 08:33 PM, stefano malini wrote:

...

anyone?

On 04/28/2012 11:30 AM, stefano malini wrote: > Hi, > i cannot end the populating process using smbldap-populate due to > this > errors: > > root@amahoro:~# smbldap-populate > Populating LDAP directory for domain AMAHORO > (S-1-5-21-251852451-2940789264-3475694606) > (using builtin directory structure) > > entry dc=amahoro,dc=bi already exist. > entry ou=Users,dc=amahoro,dc=bi already exist. > entry ou=Groups,dc=amahoro,dc=bi already exist. > entry ou=Computers,dc=amahoro,dc=bi already exist. > entry ou=Idmap,dc=amahoro,dc=bi already exist. > adding new entry: uid=root,ou=Users,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 58. > adding new entry: uid=nobody,ou=Users,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 89. > adding new entry: cn=Domain Admins,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 101. > adding new entry: cn=Domain Users,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 112. > adding new entry: cn=Domain Guests,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 123. > adding new entry: cn=Domain Computers,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 134. > adding new entry: cn=Administrators,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 179. > adding new entry: cn=Account Operators,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 201. > adding new entry: cn=Print Operators,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 212. > adding new entry: cn=Backup Operators,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 223. > adding new entry: cn=Replicators,ou=Groups,dc=amahoro,dc=bi > failed to add entry: index generation failed at > /usr/sbin/smbldap-populate line 498,<GEN1> line 234. > entry sambaDomainName=AMAHORO,dc=amahoro,dc=bi already exist. > Updating > it... > > Please provide a password for the domain root: > /usr/sbin/smbldap-passwd: user root doesn't exist > > i don't find the error "index generation failed" on internet. Do you > know the problem? > > Thanks

sorry, what do you mean with "config database". do you mean DB_CONFIG file in /var/lib/ldap/?

On 04/30/2012 05:33 PM, Quanah Gibson-Mount wrote:

--On Monday, April 30, 2012 9:38 AM +0200 zingalo lozingalo@gmail.com wrote:

...

so, i changed all the permissions in the /var/lib/ldap/*

chmod 0755 /var/lib/ldap/

I retried with slapindex with the same result:

from root: sudo /usr/sbin/slapindex

WARNING! Runnig as root! There's a fair chance slapd will fail to start. Check file permissions!

from normal user: usr/sbin/slapindex /etc/ldap/slapd.conf: line 20: invalid path: Permission denied slapindex: bad configuration file!

You're running slapindex incorrectly. Clearly your setup uses cn=config, so you need to provide the "-F" option with the path to your config database.

--Quanah

--

Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.

---

Zimbra :: the leader in open source messaging and collaboration

i use slapd.conf. I changed after installing, i deleted slapd.d, created slapd.conf and modified /etc/default/slapd file as follow:

# Default location of the slapd.conf file or slapd.d cn=config directory. If # empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to # /etc/ldap/slapd.conf). SLAPD_CONF=/etc/ldap/slapd.conf

# System account to run the slapd server under. If empty the server # will run as root. SLAPD_USER="openldap"

# System group to run the slapd server under. If empty the server will # run in the primary group of its user. SLAPD_GROUP="openldap"

# Path to the pid file of the slapd server. If not set the init.d script # will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf by # default) SLAPD_PIDFILE=

# slapd normally serves ldap only on all TCP-ports 389. slapd can also # service requests on TCP-port 636 (ldaps) and requests via unix # sockets. # Example usage: # SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" SLAPD_SERVICES="ldap:/// ldapi:///"

# If SLAPD_NO_START is set, the init script will not start or restart # slapd (but stop will still work). Uncomment this if you are # starting slapd via some other means or if you don't want slapd normally # started at boot. #SLAPD_NO_START=1

# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists, # the init script will not start or restart slapd (but stop will still # work). Use this for temporarily disabling startup of slapd (when doing # maintenance, for example, or through a configuration management system) # when you don't want to edit a configuration file. SLAPD_SENTINEL_FILE=/etc/ldap/noslapd

# For Kerberos authentication (via SASL), slapd by default uses the system # keytab file (/etc/krb5.keytab). To use a different keytab file, # uncomment this line and change the path. #export KRB5_KTNAME=/etc/krb5.keytab

# Additional options to pass to slapd SLAPD_OPTIONS=""

Is there something wrong in whole configuration?

On 04/30/2012 06:11 PM, Quanah Gibson-Mount wrote:

--On Monday, April 30, 2012 5:45 PM +0200 zingalo lozingalo@gmail.com wrote:

...

sorry, what do you mean with "config database". do you mean DB_CONFIG file in /var/lib/ldap/?

No. I'm talking about the cn=config configuration database:

http://www.openldap.org/software/man.cgi?query=slapd-config&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html

--Quanah

--

Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.

---

Zimbra :: the leader in open source messaging and collaboration

I changed the permissions and the owner from root to openldap:

-rwxr-xr-x 1 openldap openldap 869 Apr 29 10:47 slapd.conf

but the slapindex command output is:

stefano@amahoro:~$ /usr/sbin/slapindex /etc/ldap/slapd.conf: line 20: invalid path: Permission denied slapindex: bad configuration file!

On 04/30/2012 06:47 PM, Quanah Gibson-Mount wrote:

--On Monday, April 30, 2012 6:26 PM +0200 zingalo lozingalo@gmail.com wrote:

...

i use slapd.conf. I changed after installing, i deleted slapd.d, created slapd.conf and modified /etc/default/slapd file as follow:

# Default location of the slapd.conf file or slapd.d cn=config directory. # If empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback # to /etc/ldap/slapd.conf). SLAPD_CONF=/etc/ldap/slapd.conf

Then the permissions on this file are wrong.

/etc/ldap/slapd.conf: line 20: invalid path: Permission denied

is a pretty clear explanation of that fact.

--Quanah

--

Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.

---

Zimbra :: the leader in open source messaging and collaboration

On 04/30/2012 07:20 PM, Quanah Gibson-Mount wrote:

Please stop top posting.

ok, sorry!

line 20 in slapd.conf is:

directory "/var/lib/ldap"

yes, but at the moment i don't know that reason!

On 04/30/2012 07:48 PM, Quanah Gibson-Mount wrote:

--On Monday, April 30, 2012 7:27 PM +0200 zingalo lozingalo@gmail.com wrote:

...

On 04/30/2012 07:20 PM, Quanah Gibson-Mount wrote:

...

Please stop top posting.

ok, sorry!

line 20 in slapd.conf is:

directory "/var/lib/ldap"

Then slapindex was not able to access that directory for whatever reason.

--Quanah

--

Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.

---

Zimbra :: the leader in open source messaging and collaboration

On 30/04/2012 2:00 PM, zingalo wrote:

stefano@amahoro:~$ /usr/sbin/slapindex /etc/ldap/slapd.conf: line 20: invalid path: Permission denied slapindex: bad configuration file!

Are you attempting to run slapindex there as user "stefano" instead of user "openldap"?