Hi,
I tried to install OpenLDAP with Cyrus SASL support on Debian.
I'm running Debian 6.0.4, and until now I was using an 2.4.23 installation, from debian packages.
First attempt : installation of OpenLDAP 2.4.33 with default configure options. After installation, I converted slapd.conf to cn=config Then I dropped the database, and tried to rebuild a new one by loading a ldif file (like I'm used to do with my previous installation, from Debian packages) ldapadd -Y EXTERNAL -H ldapi:/// -f myfile.ldif ldapadd: not compiled with SASL support
Second attempt I installed Cyrus-SASL-2.1.26 (with default configure options) Then I installed OpenLDAP, "--with-cyrus-sasl" This time, I got the following message: ldapadd -Y EXTERNAL -H ldapi:/// -f myfile.ldif ldap_sasl_interactive_bind: Can't contact LDAP server (-1)
What step did I miss ?
B.
Benin Technologies wrote:
Hi,
I tried to install OpenLDAP with Cyrus SASL support on Debian.
I'm running Debian 6.0.4, and until now I was using an 2.4.23 installation, from debian packages.
First attempt : installation of OpenLDAP 2.4.33 with default configure options. After installation, I converted slapd.conf to cn=config Then I dropped the database, and tried to rebuild a new one by loading a ldif file (like I'm used to do with my previous installation, from Debian packages) ldapadd -Y EXTERNAL -H ldapi:/// -f myfile.ldif ldapadd: not compiled with SASL support
Second attempt I installed Cyrus-SASL-2.1.26 (with default configure options) Then I installed OpenLDAP, "--with-cyrus-sasl" This time, I got the following message: ldapadd -Y EXTERNAL -H ldapi:/// -f myfile.ldif ldap_sasl_interactive_bind: Can't contact LDAP server (-1)
What step did I miss ?
Is slapd online? # pidof slapd 2401
Is slapd listen on a socket? # grep ^SLAPD_SERVICES /etc/default/slapd SLAPD_SERVICES="ldap:/// ldapi:///"
B.
thanks, you pointed me in the right direction : actually I haven't installed the init scripts yet, and I started manually slapd without telling it to listen to a socket
with slapd -h "ldap:/// ldapi:///" I now got a step further
Now I got: root@ldap:/tmp# ldapadd -Y EXTERNAL -H ldapi:/// -f ldap1.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "olcDatabase=hdb,cn=config" ldap_add: Insufficient access (50)
I must have missed something else...
I'm doing all this under root, so it shouldn't be a question of file permission
Le 03/02/2013 12:44, harry.jede@arcor.de a écrit :
Benin Technologies wrote:
Hi,
I tried to install OpenLDAP with Cyrus SASL support on Debian.
I'm running Debian 6.0.4, and until now I was using an 2.4.23 installation, from debian packages.
First attempt : installation of OpenLDAP 2.4.33 with default configure options. After installation, I converted slapd.conf to cn=config Then I dropped the database, and tried to rebuild a new one by loading a ldif file (like I'm used to do with my previous installation, from Debian packages) ldapadd -Y EXTERNAL -H ldapi:/// -f myfile.ldif ldapadd: not compiled with SASL support
Second attempt I installed Cyrus-SASL-2.1.26 (with default configure options) Then I installed OpenLDAP, "--with-cyrus-sasl" This time, I got the following message: ldapadd -Y EXTERNAL -H ldapi:/// -f myfile.ldif ldap_sasl_interactive_bind: Can't contact LDAP server (-1)
What step did I miss ?
Is slapd online? # pidof slapd 2401
Is slapd listen on a socket? # grep ^SLAPD_SERVICES /etc/default/slapd SLAPD_SERVICES="ldap:/// ldapi:///"
B.
Benin Technologies wrote:
thanks, you pointed me in the right direction : actually I haven't installed the init scripts yet, and I started manually slapd without telling it to listen to a socket
with slapd -h "ldap:/// ldapi:///" I now got a step further
Now I got: root@ldap:/tmp# ldapadd -Y EXTERNAL -H ldapi:/// -f ldap1.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "olcDatabase=hdb,cn=config" ldap_add: Insufficient access (50)
I must have missed something else...
I'm doing all this under root, so it shouldn't be a question of file permission
Sounds reasonable.
Maybe you have an old config in place? Perhaps with some access control?
ok problem solved
I just added olcAuthzRegexp:{0} "gidNumber=0+uidNumber=0,cn=peercred, cn=external,cn=auth" "cn=config" to my "cn=config" database, in order to map root to "cn=config"
I just don't understand why my previous debian-package installation worked without this instruction in it's "cn=config".....
Le 03/02/2013 14:07, Benin Technologies a écrit :
thanks, you pointed me in the right direction : actually I haven't installed the init scripts yet, and I started manually slapd without telling it to listen to a socket
with slapd -h "ldap:/// ldapi:///" I now got a step further
Now I got: root@ldap:/tmp# ldapadd -Y EXTERNAL -H ldapi:/// -f ldap1.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "olcDatabase=hdb,cn=config" ldap_add: Insufficient access (50)
I must have missed something else...
I'm doing all this under root, so it shouldn't be a question of file permission
Le 03/02/2013 12:44, harry.jede@arcor.de a écrit :
Is slapd online? # pidof slapd 2401
Is slapd listen on a socket? # grep ^SLAPD_SERVICES /etc/default/slapd SLAPD_SERVICES="ldap:/// ldapi:///"
B.
openldap-technical@openldap.org
-
Benin Technologies -
harry.jede@arcor.de