I'm having problems getting the rootDN working when using slapd-config form of configuration, while the "exact" same configuration using slapd.conf works fine. Here are my stripped down test versions of the two configurations (hashed password is 'secret' from slappasswd):
slapd.d/cn=e2config.ldif: ------------------------- dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/openldap/run/slapd.args olcPidFile: /var/openldap/run/slapd.pid
dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema
include: file:///var/openldap/schema/core.ldif include: file:///var/openldap/schema/cosine.ldif
dn: olcDatabase=frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: frontend
dn: olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: mdb olcMaxsize: 1073741824 olcSuffix: dc=com olcRootDN: cn=reader,dc=com olcRootPW: {SSHA}RIC5hnBuWr4t857KR+dzTEOF/ekQaIVx olcDbDirectory: /var/openldap/data olcDbIndex: objectClass eq olcDbIndex: dc eq olcDbIndex: cn eq
slapd.conf: ----------- include /var/openldap/schema/core.schema include /var/openldap/schema/cosine.schema
backend mdb
pidfile /var/openldap/run/slapd.pid argsfile /var/openldap/run/slapd.args
database mdb maxsize 1073741824 suffix dc=com rootdn cn=reader,dc=com rootpw {SSHA}RIC5hnBuWr4t857KR+dzTEOF/ekQaIVx directory /var/openldap/data index objectClass eq index dc eq index cn eq
When I run a simple search for slapd running with the slapd.conf configuration I get:
$ ldapsearch -D cn=reader,dc=com -w secret -x -LLL -b dc=com -s base dc=* dn: dc=com objectClass: top objectClass: domain dc: com
But when I run the same search with the slapd.d configuration I get:
$ ldapsearch -D cn=reader,dc=com -w secret -x -LLL -b dc=com -s base dc=* ldap_bind: Invalid DN syntax (34) additional info: invalid DN
Debug output on the server side isn't giving much info in addition to what's already displayed on the client:
57bf52df conn=1000 op=0 do_bind: invalid dn (cn=reader,dc=com)
Any help on what I might be doing wrong is greatly appreciated. Oh yeah, I'm using version 2.4.44.
Thanks, Dave
Am Thu, 25 Aug 2016 15:26:56 -0500 schrieb Dave Schneider Dave.Schneider@e2open.com:
I'm having problems getting the rootDN working when using slapd-config form of configuration, while the "exact" same configuration using slapd.conf works fine. Here are my stripped down test versions of the two configurations (hashed password is 'secret' from slappasswd):
[...]
I am not willing to debug your configuration, but I would just delete the cn=config database and run as root:
slaptest(8) -f /path/to/slapd.conf -F /path/to/slapd.d/
and compare the result.
-Dieter
Thanks, running the command you suggested to generate the slapd.d directory from does produce a working system. I realized a mistake I was making was trying to use the config ldif file as-is in the slapd.d directory, rather than passing it to slapadd to initialize the contents of the directory (process described in the Quick Start section). However, that wasn't working for me either so I took a step back and tried to start at the beginning by following the step-by-step instructions in the Quick Start section of the doc. Aside from using a different installation prefix than /usr/local, the source slapd.ldif file I'm using is identical to the one in the doc (unedited from the install). Yet when I initially ran the slapadd command (step 9) I got:
# /e2open/app/openldap/sbin/slapadd -F /e2open/app/openldap/etc/cn=config -l /e2open/app/openldap/etc/openldap/slapd.ldif 57c1af30 invalid config directory /e2open/app/openldap/etc/cn=config, error 2 slapadd: bad configuration directory!
Assuming there was just a missed step in the doc that you needed to create the directory specified by the -F option, I created it but now the command returns:
Available database(s) do not allow slapadd
Running with full debug doesn't seem to shed any additional light on what the problem is. How can I find out more about what this error indicates? As far as I can tell I'm now following the quick start process exactly as documented and yet I'm still failing to get it configured. Thanks in advance for any pointers.
Dave
On 08/26/2016 02:45 PM, Dieter Klünter wrote:
Am Thu, 25 Aug 2016 15:26:56 -0500 schrieb Dave Schneider Dave.Schneider@e2open.com:
I'm having problems getting the rootDN working when using slapd-config form of configuration, while the "exact" same configuration using slapd.conf works fine. Here are my stripped down test versions of the two configurations (hashed password is 'secret' from slappasswd):
[...]
I am not willing to debug your configuration, but I would just delete the cn=config database and run as root:
slaptest(8) -f /path/to/slapd.conf -F /path/to/slapd.d/
and compare the result.
-Dieter
--On Saturday, August 27, 2016 4:04 PM -0500 Dave Schneider Dave.Schneider@e2open.com wrote:
# /e2open/app/openldap/sbin/slapadd -F /e2open/app/openldap/etc/cn=config # -l /e2open/app/openldap/etc/openldap/slapd.ldif 57c1af30 invalid config directory /e2open/app/openldap/etc/cn=config,
That's a bug in the quickstart guide. It should be -F /path/etc/slapd.d. Fixed already in master, will appear in the next release.
--Quanah
--
Quanah Gibson-Mount
Thanks, but I got the same behavior whether using cn=config as the directory name or slapd.d. If the directory doesn't exist I get the "invalid config directory" error and if it does exist I get the "Available database(s) do not allow slapadd" error.
On 08/27/2016 03:26 PM, Quanah Gibson-Mount wrote:
--On Saturday, August 27, 2016 4:04 PM -0500 Dave Schneider Dave.Schneider@e2open.com wrote:
# /e2open/app/openldap/sbin/slapadd -F /e2open/app/openldap/etc/cn=config # -l /e2open/app/openldap/etc/openldap/slapd.ldif 57c1af30 invalid config directory /e2open/app/openldap/etc/cn=config,
That's a bug in the quickstart guide. It should be -F /path/etc/slapd.d. Fixed already in master, will appear in the next release.
--Quanah
--
Quanah Gibson-Mount
--On Saturday, August 27, 2016 4:30 PM -0500 Dave Schneider Dave.Schneider@e2open.com wrote:
Thanks, but I got the same behavior whether using cn=config as the directory name or slapd.d. If the directory doesn't exist I get the "invalid config directory" error and if it does exist I get the "Available database(s) do not allow slapadd" error.
If you're adding the config db, see the "-n" option to slapadd.
I.e., your command should be
.../slapadd -F /path -n 0 -l /path/to/file.ldif
--Quanah
--
Quanah Gibson-Mount
Thanks a lot, that was it. Is that also included in the updated quick start doc?
On 08/27/2016 06:07 PM, Quanah Gibson-Mount wrote:
If you're adding the config db, see the "-n" option to slapadd.
I.e., your command should be
.../slapadd -F /path -n 0 -l /path/to/file.ldif
--Quanah
--
Quanah Gibson-Mount
--On Saturday, August 27, 2016 7:14 PM -0500 Dave Schneider Dave.Schneider@e2open.com wrote:
Thanks a lot, that was it. Is that also included in the updated quick start doc?
It is now. ;) Will be in the next release and website push as well.
--Quanah
On 08/27/2016 06:07 PM, Quanah Gibson-Mount wrote:
If you're adding the config db, see the "-n" option to slapadd.
I.e., your command should be
.../slapadd -F /path -n 0 -l /path/to/file.ldif
--Quanah
--
Quanah Gibson-Mount
--
Quanah Gibson-Mount
openldap-technical@openldap.org
-
Dave Schneider -
Dieter Klünter -
Quanah Gibson-Mount