Hi,
With the following setup:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/ obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i sasl cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation
I can't create password for ldap: hometest:openldap # slappasswd -h {MD5} -s password Password generation failed for scheme MD5: scheme not recognized
and:
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
slapd.conf file is shown below:
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema
#X.500 RFC1274 COSINE Pilot Schema include /usr/local/etc/openldap/schema/cosine.schema #For Addressbooks include /usr/local/etc/openldap/schema/inetorgperson.schema #For Authentication include /usr/local/etc/openldap/schema/nis.schema
TLSCACertificateFile /usr/local/etc/ssl/cacert.pem TLSCertificateFile /usr/local/etc/openldap/ssl/portal.ip6.com.au.pem TLSCertificateKeyFile /usr/local/etc/openldap/ssl/private/cakey.pem TLSCipherSuite HIGH
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org http://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb ####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=ip6,dc=com,dc=au" rootdn "cn=Manager,dc=ip6,dc=com,dc=au" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/db/openldap-data # Indices to maintain index objectClass eq
Can anyone tell me how to start openldap and how to assign password to it?
Your help is very much appreciated.
Thanks Sam
-
--On Sunday, June 20, 2010 11:20 AM +1000 sam sam@ip6.com.au wrote:
Hi,
With the following setup:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/ obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i sasl cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation
I can't create password for ldap: hometest:openldap # slappasswd -h {MD5} -s password Password generation failed for scheme MD5: scheme not recognized
It wasn't built with MD5 support. If it is, it works:
[zimbra@freelancer ~]$ /opt/zimbra/openldap/sbin/slappasswd -h {MD5} -s blah {MD5}bx7QAqtVlYWQFOvwlRUi2Q==
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
Run slapd -d -1 to see why it failed to start.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Hi Gibson,
Thank you for your response. How can I build Openldap with MD5 support? Would the following make options work?
--enable-modules --enable-crypt
Thanks Sam
Quanah Gibson-Mount wrote:
--On Sunday, June 20, 2010 11:20 AM +1000 sam sam@ip6.com.au wrote:
Hi,
With the following setup:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/ obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i sasl cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation
I can't create password for ldap: hometest:openldap # slappasswd -h {MD5} -s password Password generation failed for scheme MD5: scheme not recognized
It wasn't built with MD5 support. If it is, it works:
[zimbra@freelancer ~]$ /opt/zimbra/openldap/sbin/slappasswd -h {MD5} -s blah {MD5}bx7QAqtVlYWQFOvwlRUi2Q==
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
Run slapd -d -1 to see why it failed to start.
--Quanah
sam wrote:
Hi Gibson,
Thank you for your response. How can I build Openldap with MD5 support? Would the following make options work?
Quanah's post leapt to a premature conclusion. You should first check to see if using quotes works "{MD5}" since curly brackets are special in most command shells.
And of course, you should pay attention to the docs since the slappasswd(8) manpage already warns you that quotes will probably be needed.
--enable-modules --enable-crypt
Thanks Sam
Quanah Gibson-Mount wrote:
--On Sunday, June 20, 2010 11:20 AM +1000 samsam@ip6.com.au wrote:
Hi,
With the following setup:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.auhttp://hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/ obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i sasl cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation
I can't create password for ldap: hometest:openldap # slappasswd -h {MD5} -s password Password generation failed for scheme MD5: scheme not recognized
It wasn't built with MD5 support. If it is, it works:
[zimbra@freelancer ~]$ /opt/zimbra/openldap/sbin/slappasswd -h {MD5} -s blah {MD5}bx7QAqtVlYWQFOvwlRUi2Q==
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
Run slapd -d -1 to see why it failed to start.
--Quanah
Hi Gibson,
I just ave the password command working, but it failed at the the final step, please see below:
# slappasswd -h {MD5} New password: Re-enter new password: Password generation failed for scheme MD5: scheme not recognized
What have I missed?
Thanks Sam
Quanah Gibson-Mount wrote:
--On Sunday, June 20, 2010 11:20 AM +1000 sam sam@ip6.com.au wrote:
Hi,
With the following setup:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/ obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i sasl cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation
I can't create password for ldap: hometest:openldap # slappasswd -h {MD5} -s password Password generation failed for scheme MD5: scheme not recognized
It wasn't built with MD5 support. If it is, it works:
[zimbra@freelancer ~]$ /opt/zimbra/openldap/sbin/slappasswd -h {MD5} -s blah {MD5}bx7QAqtVlYWQFOvwlRUi2Q==
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
Run slapd -d -1 to see why it failed to start.
--Quanah
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/20/10 08:21, sam wrote:
Hi Gibson,
I just ave the password command working, but it failed at the the final step, please see below:
# slappasswd -h {MD5} New password: Re-enter new password: Password generation failed for scheme MD5: scheme not recognized
What have I missed?
Thanks Sam
The very same thing as in the beginning. Your OpenLDAP/crypt is missing MD5 (scheme) support.
The answer is probably here: http://www.mail-archive.com/openldap-software@openldap.org/msg07304.html
Yes, --enable-crypt could/should do.
Please, don't top-post. It's quite ... annoying.
Regards, Zdenek
- -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla@turnovfree.net jabber: stybla@jabber.turnovfree.net
Quanah Gibson-Mount wrote:
--On Sunday, June 20, 2010 11:20 AM +1000 sam sam@ip6.com.au wrote:
Hi,
With the following setup:
hometest:openldap # uname -a FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 root@hometest.ip6.com.au:/usr/ obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i sasl cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation
I can't create password for ldap: hometest:openldap # slappasswd -h {MD5} -s password Password generation failed for scheme MD5: scheme not recognized
It wasn't built with MD5 support. If it is, it works:
[zimbra@freelancer ~]$ /opt/zimbra/openldap/sbin/slappasswd -h {MD5} -s blah {MD5}bx7QAqtVlYWQFOvwlRUi2Q==
hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd
Run slapd -d -1 to see why it failed to start.
--Quanah
Zdenek Styblik wrote:
On 06/20/10 08:21, sam wrote:
# slappasswd -h {MD5} New password: Re-enter new password: Password generation failed for scheme MD5: scheme not recognized
What have I missed?
Yes, --enable-crypt could/should do.
AFAIK --enable-crypt is for using hashed password values generated by crypt(3) (password scheme {CRYPT}). But {MD5} is a built-in password scheme. I've built slapd with --enable-crypt=no and {MD5} still works for me (whereas {CRYPT} does not then).
$ slappasswd -h "{CRYPT}" -s test Password generation failed for scheme {CRYPT}: scheme not recognized $ slappasswd -h "{MD5}" -s test {MD5}CY9rzUYh03PK3k6DJie09g==
Maybe the shell is (partially) consuming the curly brackets {} for whatever reason? It works without quotes for me using bash though.
Ciao, Michael.
openldap-technical@openldap.org
-
Howard Chu -
Michael Ströder -
Quanah Gibson-Mount -
sam -
Zdenek Styblik