Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I'm trying to set up openLDAP on fedora 12 and am have not luck authenticating the root user after starting the service. I'm hoping someone with more experience might be willing to help. I left all the settings as default and get the following when I do a simple search:
I've tried substituting several different output strings from slappasswd, but all with the same result.
Finally, here is the slap.conf file:
Code:
[root@claudius ~]# grep -v ^# /etc/openldap/slapd.conf|cat -s
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=my-domain,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=my-domain,dc=com"
rootpw {SSHA}7QH+zdRtuIpyJb9scodYkn1uUKIvQ8W6
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
database monitor
access to *
by dn.exact="cn=Manager,dc=my-domain,dc=com" read
by * none
As you can see, all the setting are default except the password, of which I've tried several types.
The ldif was imported because slapadd does not care about credentials. I suspected the problem was due to the ACL:
Quote:
access to *
by dn.exact="cn=Manager,dc=my-domain,dc=com" read
by * none
that does not allow "cn=Manager,dc=my-domain,dc=com" to write to the directory.
So are you sure that the rootpw you're using is correct?
You can stop slapd and then run it from CLI in debug mode to watch the output and see if you can find the reason why you get the "Invalid Credentials" error:
Code:
slapd -d -1
Just out of curiosity, why aren't you using the directory server that comes with Fedora?
I believe the ACL you mentioned is for the "monitor" database. The comments in the slap.conf file seem to indicate that I should be able to leave the general ACL undefined.
Code:
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
As for the the correct password, I've tried several passwords, typing them all very meticulously. I'm pretty sure I've ruled that out.
I may go and use Fedora's Directory server. To be honest, this is my first Linux directory server and I wasn't aware that Fedora had a separate directory project.
You can try to change the order of the included schema files and see if it makes any difference. At least core.schema should come first:
Code:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
Thanks for all your help bathory. I found the problem. I came across some info in the documentation about how the openldap server reads the settings files. Apparently the newest version of openldap reads the settings from the slapd.d directory. Any changes made to slapd.conf are ignored unless there is no slapd.d directory, in which case a new directory and setting file is created from the settings in slapd.conf. You can force the daemon to read the slapd.conf file and overwrite the slapd.d directory files, which is how I was able to resolve the problem.
-f slapd-config-file
Specifies the slapd configuration file. The default is
/usr/local/etc/openldap/slapd.conf.
-F slapd-config-directory
Specifies the slapd configuration directory. The default is
/usr/local/etc/openldap/slapd.d. If both -f and -F are speci-
fied, the config file will be read and converted to config
directory format and written to the specified directory. If
neither option is specified, slapd will attempt to read the
default config directory before trying to use the default config
file. If a valid config directory exists then the default config
file is ignored. All of the slap tools that use the config
options observe this same behavior.
So to force the config file to be read, just use the -f option.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
