Hi Guys! I don't know if it is possible, but.......
What I do: sudo apt-get install slapd ldap-utils
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif ldapadd -x -D cn=admin,dc=felipemeirelles,dc=com,dc=br -W -f frontend.example.com.ldif
*backend Base *felipemeirelles*:*
# Load dynamic backend modules dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/lib/ldap olcModuleload: back_hdb
# Database settings dn: olcDatabase=hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcSuffix: dc=felipemeirelles,dc=com,dc=br olcDbDirectory: /var/lib/ldap olcRootDN: cn=admin,dc=felipemeirelles,dc=com,dc=br olcRootPW: 123456 olcDbConfig: set_cachesize 0 2097152 0 olcDbConfig: set_lk_max_objects 1500 olcDbConfig: set_lk_max_locks 1500 olcDbConfig: set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcLastMod: TRUE olcDbCheckpoint: 512 30 olcAccess: to attrs=userPassword by dn="cn=admin,dc=felipemeirelles,dc=com,dc=br" write by anonymous auth by self write by * none olcAccess: to attrs=shadowLastChange by self write by * read olcAccess: to dn.base="" by * read olcAccess: to * by dn="cn=admin,dc=felipemeirelles,dc=com,dc=br" write by * read
*Frontend* *Base *felipemeirelles:
# Create top-level object in domain dn: dc=felipemeirelles,dc=com,dc=br objectClass: top objectClass: dcObject objectclass: organization o: Example Organization dc: felipemeirelles description: LDAP SIJ
# Admin user. dn: cn=admin,dc=felipemeirelles,dc=com,dc=br objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword: 123456
dn: ou=people,dc=felipemeirelles,dc=com,dc=br objectClass: organizationalUnit ou: people
dn: ou=groups,dc=felipemeirelles,dc=com,dc=br objectClass: organizationalUnit ou: groups
dn: uid=contato,ou=people,dc=felipemeirelles,dc=com,dc=br objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: contato sn: Contato givenName: Contato cn: Contato Contato displayName: Contato uidNumber: 1000 gidNumber: 10000 userPassword: 123456 gecos: Contato Contato loginShell: /bin/bash homeDirectory: /home/contato shadowExpire: -1 shadowFlag: 0 shadowWarning: 7 shadowMin: 8 shadowMax: 999999 shadowLastChange: 10877 mail: contato@felipemeirelles.com.br postalCode: 31000 l: Toulouse o: Example mobile: +33 (0)6 xx xx xx xx homePhone: +33 (0)5 xx xx xx xx title: System Administrator postalAddress: initials: JD
dn: cn=felipemeirelles,ou=groups,dc=felipemeirelles,dc=com,dc=br objectClass: posixGroup cn: felipemeirelles gidNumber: 10000
Ok ? This is my first base.
Now, i try added more:
ldapadd -Y EXTERNAL -H ldapi:/// -f backend_sij_com.example.com.ldif ldapadd -x -D cn=admin,dc=sij,dc=com,dc=br -W -f frontend_sij_com.example.com.ldif ldap_bind: Invalid credentials (49)
*BASE SIJ.COM.BR* ( Other backend: backend_sij_com.example.com.ldif )
# Load dynamic backend modules dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/lib/ldap olcModuleload: back_hdb
# Database settings dn: olcDatabase=hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcSuffix: dc=sij,dc=com,dc=br olcDbDirectory: /var/lib/ldap olcRootDN: cn=admin,dc=sij,dc=com,dc=br olcRootPW: 123456 olcDbConfig: set_cachesize 0 2097152 0 olcDbConfig: set_lk_max_objects 1500 olcDbConfig: set_lk_max_locks 1500 olcDbConfig: set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcLastMod: TRUE olcDbCheckpoint: 512 30 olcAccess: to attrs=userPassword by dn="cn=admin,dc=sij,dc=com,dc=br" write by anonymous auth by self write by * none olcAccess: to attrs=shadowLastChange by self write by * read olcAccess: to dn.base="" by * read olcAccess: to * by dn="cn=admin,dc=sij,dc=com,dc=br" write by * read
*Other FrontEnd: frontend_sij_com.example.com.ldif* # Create top-level object in domain dn: dc=sij,dc=com,dc=br objectClass: top objectClass: dcObject objectclass: organization o: Example Organization dc: sij description: LDAP SIJ
# Admin user. dn: cn=admin,dc=sij,dc=com,dc=br objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword: 123456
dn: ou=people,dc=sij,dc=com,dc=br objectClass: organizationalUnit ou: people
dn: ou=groups,dc=sij,dc=com,dc=br objectClass: organizationalUnit ou: groups
dn: uid=caho.lopes,ou=people,dc=sij,dc=com,dc=br objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: caho.lopes sn: caho givenName: Caho cn: Caho Lopes displayName: caho uidNumber: 1000 gidNumber: 10000 userPassword: testecahosij gecos: Caho Lopes loginShell: /bin/bash homeDirectory: /home/caho.lopes shadowExpire: -1 shadowFlag: 0 shadowWarning: 7 shadowMin: 8 shadowMax: 999999 shadowLastChange: 10877 mail: caho.lopes@sij.com.br postalCode: 31000 l: Toulouse o: Example mobile: +33 (0)6 xx xx xx xx homePhone: +33 (0)5 xx xx xx xx title: System Administrator postalAddress: initials: JD
dn: cn=sij,ou=groups,dc=sij,dc=com,dc=br objectClass: posixGroup cn: sij gidNumber: 10000
root@PythonAPP:~# ldapadd -d 65535 -x -D cn=admin,dc=sij,dc=com,dc=br -W -f frontend_sij_com.example.com.ldif ldap_create Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:389 ldap_new_socket: 4 ldap_prepare_socket: 4 ldap_connect_to_host: Trying ::1 389 ldap_pvt_connect: fd: 4 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x7f75c3f32540 ptr=0x7f75c3f32540 end=0x7f75c3f32570 len=48 0000: 30 2e 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 61 0....`).....cn=a 0010: 64 6d 69 6e 2c 64 63 3d 73 69 6a 2c 64 63 3d 63 dmin,dc=sij,dc=c 0020: 6f 6d 2c 64 63 3d 62 72 80 06 31 32 33 34 35 36 om,dc=br..123456 ber_scanf fmt ({i) ber: ber_dump: buf=0x7f75c3f32540 ptr=0x7f75c3f32545 end=0x7f75c3f32570 len=43 0000: 60 29 02 01 03 04 1c 63 6e 3d 61 64 6d 69 6e 2c `).....cn=admin, 0010: 64 63 3d 73 69 6a 2c 64 63 3d 63 6f 6d 2c 64 63 dc=sij,dc=com,dc 0020: 3d 62 72 80 06 31 32 33 34 35 36 =br..123456 ber_flush2: 48 bytes to sd 4 0000: 30 2e 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 61 0....`).....cn=a 0010: 64 6d 69 6e 2c 64 63 3d 73 69 6a 2c 64 63 3d 63 dmin,dc=sij,dc=c 0020: 6f 6d 2c 64 63 3d 62 72 80 06 31 32 33 34 35 36 om,dc=br..123456 ldap_write: want=48, written=48 0000: 30 2e 02 01 01 60 29 02 01 03 04 1c 63 6e 3d 61 0....`).....cn=a 0010: 64 6d 69 6e 2c 64 63 3d 73 69 6a 2c 64 63 3d 63 dmin,dc=sij,dc=c 0020: 6f 6d 2c 64 63 3d 62 72 80 06 31 32 33 34 35 36 om,dc=br..123456 ldap_result ld 0x7f75c3f2a2b0 msgid 1 wait4msg ld 0x7f75c3f2a2b0 msgid 1 (infinite timeout) wait4msg continue ld 0x7f75c3f2a2b0 msgid 1 all 1 ** ld 0x7f75c3f2a2b0 Connections: * host: localhost port: 389 (default) refcnt: 2 status: Connected last used: Wed Jul 20 17:53:53 2011
** ld 0x7f75c3f2a2b0 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x7f75c3f2a2b0 request count 1 (abandoned 0) ** ld 0x7f75c3f2a2b0 Response Queue: Empty ld 0x7f75c3f2a2b0 response count 0 ldap_chkResponseList ld 0x7f75c3f2a2b0 msgid 1 all 1 ldap_chkResponseList returns ld 0x7f75c3f2a2b0 NULL ldap_int_select read1msg: ld 0x7f75c3f2a2b0 msgid 1 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 01 61 07 0a 0....a.. ldap_read: want=6, got=6 0000: 01 31 04 00 04 00 .1.... ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x7f75c3f33920 ptr=0x7f75c3f33920 end=0x7f75c3f3392c len=12 0000: 02 01 01 61 07 0a 01 31 04 00 04 00 ...a...1.... read1msg: ld 0x7f75c3f2a2b0 msgid 1 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x7f75c3f33920 ptr=0x7f75c3f33923 end=0x7f75c3f3392c len=9 0000: 61 07 0a 01 31 04 00 04 00 a...1.... read1msg: ld 0x7f75c3f2a2b0 0 new referrals read1msg: mark request completed, ld 0x7f75c3f2a2b0 msgid 1 request done: ld 0x7f75c3f2a2b0 msgid 1 res_errno: 49, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x7f75c3f33920 ptr=0x7f75c3f33923 end=0x7f75c3f3392c len=9 0000: 61 07 0a 01 31 04 00 04 00 a...1.... ber_scanf fmt (}) ber: ber_dump: buf=0x7f75c3f33920 ptr=0x7f75c3f3392c end=0x7f75c3f3392c len=0
ldap_msgfree ldap_err2string ldap_bind: Invalid credentials (49)
In the slapd -D, the log:
..... 0000: 30 2e 02 01 01 60 29 02 0....`). ldap_read: want=40, got=40 0000: 01 03 04 1c 63 6e 3d 61 64 6d 69 6e 2c 64 63 3d ....cn=admin,dc= 0010: 73 69 6a 2c 64 63 3d 63 6f 6d 2c 64 63 3d 62 72 sij,dc=com,dc=br 0020: 80 06 31 32 33 34 35 36 ..123456 *ldap_read: want=8 error=Resource temporarily unavailable* ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1.... ldap_bind: Invalid credentials (49)
*Help ?*
Thanks! ldap_read: want=8, got=0
--On Wednesday, July 20, 2011 6:00 PM -0300 Édnei ednei.felipe.rodrigues@gmail.com wrote:
Hi Guys! I don't know if it is possible, but.......
It is possible to have as many bases on the server as you want. There are two ways to do this:
a) Configure the server to use "" as its base, which allows you to use a single database for all the bases.
or
b) Configure unique databases for each base you want to use.
It looks like you were trying to use option(b). However, you failed to give the second database its own unique location, which will never work.
There are numerous errors in your attempt to add a second database.
1) You tried to re-add the module load for back-hdb, which is unnecessary since you've already done this.
2) You said your second HDB config database is actually the same as the first config database: olcDatabase: {1}hdb
that should be:
olcDatabase: {2}hdb
3) You re-used the existing database directory, which will cause immediate database corruption:
olcDbDirectory: /var/lib/ldap
that should be:
olcDbDirectory: /some/other/location
I would *highly* advise you read the OpenLDAP admin guide and spend some time comprehending the cn=config database for LDAP configuration. However, all of your above errors are not specific to cn=config.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Thank you for your feedback.
Well, i really don't understand ldap base.But when you explained how to:
# Load dynamic backend modules #dn: cn=module,cn=config #objectClass: olcModuleList #cn: module #olcModulepath: /usr/lib/ldap #olcModuleload: back_hdb
# Database settings dn: olcDatabase=hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig *olcDatabase: {2}hdb* olcSuffix: dc=sij,dc=com,dc=br *olcDbDirectory: /var/lib/ldap/other_base* olcRootDN: cn=admin,dc=sij,dc=com,dc=br olcRootPW: 123456 olcDbConfig: set_cachesize 0 2097152 0 olcDbConfig: set_lk_max_objects 1500 olcDbConfig: set_lk_max_locks 1500 olcDbConfig: set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcLastMod: TRUE olcDbCheckpoint: 512 30 olcAccess: to attrs=userPassword by dn="cn=admin,dc=sij,dc=com,dc=br" write by anonymous auth by self write by * none olcAccess: to attrs=shadowLastChange by self write by * read olcAccess: to dn.base="" by * read olcAccess: to * by dn="cn=admin,dc=sij,dc=com,dc=br" write by * read
So...
*root@PythonAPP:~# ldapadd -Y EXTERNAL -H ldapi:/// -f backend_sij_com.example.com.ldif * *SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "olcDatabase=hdb,cn=config"* * root@PythonAPP:~# vim frontend_sij_com.example.com.ldif *
*root@PythonAPP:~# ldapadd -x -D cn=admin,dc=sij,dc=com,dc=br -W -f frontend_sij_com.example.com.ldif Enter LDAP Password: adding new entry "dc=sij,dc=com,dc=br"
adding new entry "cn=admin,dc=sij,dc=com,dc=br"
adding new entry "ou=people,dc=sij,dc=com,dc=br"
adding new entry "ou=groups,dc=sij,dc=com,dc=br"
adding new entry "uid=caho.lopes,ou=people,dc=sij,dc=com,dc=br"
adding new entry "cn=sij,ou=groups,dc=sij,dc=com,dc=br" * Very good, was a great help.
Now, to my understanding, With this configuration, i have two bases, right ? Two different tree ?
Thank so much.
Ps: I am reading: http://www.openldap.org/doc/admin24/slapdconf2.html
On 20-07-2011 19:08, Quanah Gibson-Mount wrote:
--On Wednesday, July 20, 2011 6:00 PM -0300 Édnei ednei.felipe.rodrigues@gmail.com wrote:
Hi Guys! I don't know if it is possible, but.......
It is possible to have as many bases on the server as you want. There are two ways to do this:
a) Configure the server to use "" as its base, which allows you to use a single database for all the bases.
or
b) Configure unique databases for each base you want to use.
It looks like you were trying to use option(b). However, you failed to give the second database its own unique location, which will never work.
There are numerous errors in your attempt to add a second database.
- You tried to re-add the module load for back-hdb, which is
unnecessary since you've already done this.
- You said your second HDB config database is actually the same as
the first config database: olcDatabase: {1}hdb
that should be:
olcDatabase: {2}hdb
- You re-used the existing database directory, which will cause
immediate database corruption:
olcDbDirectory: /var/lib/ldap
that should be:
olcDbDirectory: /some/other/location
I would *highly* advise you read the OpenLDAP admin guide and spend some time comprehending the cn=config database for LDAP configuration. However, all of your above errors are not specific to cn=config.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
On Thu, 21 Jul 2011, Édnei wrote:
Now, to my understanding, With this configuration, i have two bases, right ? Two different tree ?
Looks like it to a glance. But you might as well check. Try:
$ ldapsearch -xH ldap://localhost/ -s base -b "" namingContexts
and make sure they both show up.
On 21-07-2011 10:20, Aaron Richton wrote:
Looks like it to a glance. But you might as well check. Try:
Exactly!
root@PythonAPP:~# ldapsearch -xH ldap://localhost/ -s base -b "" namingContexts # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: namingContexts #
# dn: *namingContexts: dc=felipemeirelles,dc=com,dc=br namingContexts: dc=sij,dc=com,dc=br*
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Thank you so much!! Is solved!
openldap-technical@openldap.org
-
Aaron Richton -
Quanah Gibson-Mount -
Édnei