LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 06-17-2009, 07:28 AM   #1
copro
LQ Newbie
 
Registered: Jun 2009
Posts: 3

Rep: Reputation: 0
Rhel4 : Ldap


High everybody, I'm new here so I will introduce myself before posting my question

I'm 25years old/young ;-) live in Belgium and work as a solution consultant /technical support enigneer. I'm not a expert in linux coz I'm used to work in a all microsoft environment but in my spare time I like to modify/improve my home network.

Last week I started configuring a new server so I could use LDAP and SQUID to control and define internet usage per user at home
and that is where I'm stuck right now :s
It might be strange to use (outdated) RHEL4 for this, but since the compagny where I work now also uses this distro I think it's a good way for me to replenish my linux-knowhow

I've installed all needed packages needed via terminal
=> ldap clients / server etc, glibc gcc, db4 ...

I used rpm packages and installed them using the rpm -ivh ... command, even though it is possible to use a graphical installer with rpm's, I still prefer terminal use for servers coz it gives more info if something goes wrong and with it I keep my knowledge of *nix commands alive :-)

and now for the problem :
I can't seem to start ldap, I had a series of problems first that I could solve myself eg: bad entry's in config files, folder ownerships and such
but now I am stuck coz I don't know what the bloody problem is

this is the output I get from my ldap logfile

-----------------------------------------------------
@(#) $OpenLDAP: slapd 2.2.13 (Apr 20 2005 18:32:13) $ root@decompose.build.redhat.com:/usr/src/build/557148-i386/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd

bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
main: TLS init def ctx failed: -1
slapd stopped.
------------------------------------------------------

now I'm not a novice so I searched the weird wide web for the errorcode "TLS init def ctx failed: -1" but all I got was that my BerkeleyDB wasn't installed correctly, and that can't be the problem coz BDB was installed correctly from the start

slapd.conf
----------
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
# Uncomment the NIS schema to support Linux login authentication
include /etc/openldap/schema/nis.schema
#include /etc/openldap/schema/redhat/rfc822-MailMember.schema
#include /etc/openldap/schema/redhat/autofs.schema
#include /etc/openldap/schema/redhat/kerberosobject.schema

# Define global ACLs to disable default read access.


#allow bind_v2

loglevel -1

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args

# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
moduleload back_bdb.la
# To allow TLS-enabled connections, create /usr/share/ssl/certs/slapd.pem
# and uncomment the following lines.
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

#######################################################################
# ldbm database definitions / in dit geval is het een BerkeleyDB
#######################################################################

database dbd
suffix "dc=isabel, dc=be"

#hier staat de root of superuser
rootdn "cn=SiteAdmin, dc=isabel, dc=be"
rootpw isabel

#directory moet bestaan voor de ldap server gestart wordt
directory /var/lib/ldap/isabel-be

#unieke ID
index uid eq

#toelaten zoekopdrachten op naam, email, enz ...
index cn,gn,mail eq,sub

#toelaten variaties in zoekopdrachten
index sn eq,sub

#optimalisatie departementdoorzoekingen
index ou eq

#toon gebruik van de standaard index parameter
index default eq,sub

#ontbrekend indenties - gebruik default eq,sub
index telephonenumber

cachesize 10000
checkpoint 128 15


--------------------
I'v altered the service script in /etc/init.d/ so that I got some output from the script itself but it makes me none the wiser

/etc/init.d/ldap restart
Stopping slapd: [FAILED]
+ user=ldap
++ id -u ldap
+ ldapuid=55
++ sed 's,^directory,,'
++ grep '^directory' /etc/openldap/slapd.conf
+ for dbdir in '`grep ^directory /etc/openldap/slapd.conf | sed s,^directory,,`'
++ find /var/lib/ldap/isabel-be/ -not -uid 55 -and '(' -name '*.dbb' -or -name '*.gdbm' -or -name '*.bdb' ')'
+ echo -n 'Checking configuration files for slapd: '
Checking configuration files for slapd: + /usr/sbin/slaptest
slaptest: bad configuration file!
+ RETVAL=1
+ test 1 -eq 0
+ failure
+ rc=1
+ '[' -z '' ']'
+ initlog -q -n /etc/init.d/ldap -s '' -e 2
+ '[' color '!=' verbose -a -z '' ']'
+ echo_failure
+ '[' color = color ']'
+ echo -en '\033[60G'
+ echo -n '['
[+ '[' color = color ']'
+ echo -en '\033[0;31m'
+ echo -n FAILED
FAILED+ '[' color = color ']'
+ echo -en '\033[0;39m'
+ echo -n ']'
]+ echo -ne '\r'
+ return 1
+ '[' -x /usr/bin/rhgb-client ']'
+ /usr/bin/rhgb-client --details=yes
+ return 1
+ exit 1
---------------------------------------

Does anyone have experience with this problem, or has found a sollution, or could point me in the right direction?

thanks in advance
copro
 
Old 06-17-2009, 04:58 PM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,899

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Quote:
main: TLS init def ctx failed: -1
Quote:
Checking configuration files for slapd: + /usr/sbin/slaptest
slaptest: bad configuration file!
Are you sure you're using the correct slapd.conf? Because you get an error about TLS, but the TLS part is commented out in the slapd.conf you've posted.
Since slaptest (using /etc/openldap/slapd.conf) complains, you should try to run slapd or slaptest (as root) from command line and see if you get more info. Could be a permissions problem.
Code:
slapd -f /etc/openldap/slapd.conf -d255
slaptest -f /usr/local/etc/openldap/slapd.conf -d 255
 
Old 06-19-2009, 03:42 AM   #3
copro
LQ Newbie
 
Registered: Jun 2009
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
Are you sure you're using the correct slapd.conf? Because you get an error about TLS, but the TLS part is commented out in the slapd.conf you've posted.
Since slaptest (using /etc/openldap/slapd.conf) complains, you should try to run slapd or slaptest (as root) from command line and see if you get more info. Could be a permissions problem.
Code:
slapd -f /etc/openldap/slapd.conf -d255
slaptest -f /usr/local/etc/openldap/slapd.conf -d 255
thnx for the tip

I've run the commands and indeed the first config file had problems with it. What they are I still have to find out.

Now if I run "service ldap start" I get less errors, and a few of them I solved immediatly like directory's that didn't exist yet and permissions that had to be set. for the purpose of getting my ldap running I coppied the /usr/local/etc/openldap/slapd.conf to the /etc/openldap/ directory.

the errro that I still have in my ldap log file is

-----------------------------


Jun 19 08:22:36 loadpc6 slapd[2438]: @(#) $OpenLDAP: slapd 2.2.13 (Apr 20 2005 18:32:13) $ root@decompose.build.redhat.com:/usr/src/build/557148-i386/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd
Jun 19 08:22:36 loadpc6 slapd[2438]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Jun 19 08:22:36 loadpc6 slapd[2438]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Jun 19 08:22:36 loadpc6 slapd[2438]: bdb_db_init: Initializing BDB database
Jun 19 08:22:36 loadpc6 slapd[2438]: main: TLS init def ctx failed: -1
Jun 19 08:22:36 loadpc6 slapd[2438]: slapd stopped.
Jun 19 08:22:36 loadpc6 slapd[2438]: connections_destroy: nothing to destroy.

---------------------------


this was my old ldap.conf

---------------------------
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
# Uncomment the NIS schema to support Linux login authentication
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema

# Define global ACLs to disable default read access.
#allow bind_v2
loglevel -1
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
moduleload back_bdb.la
# To allow TLS-enabled connections, create /usr/share/ssl/certs/slapd.pem
# and uncomment the following lines.
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
#######################################################################
# ldbm database definitions / in dit geval is het een BerkeleyDB
#######################################################################

#database dbd
database ldbm
suffix "dc=isabel, dc=be"
#hier staat de root of superuser
rootdn "cn=SiteAdmin, dc=isabel, dc=be"
rootpw isabel
#directory moet bestaan voor de ldap server gestart wordt
directory /var/lib/ldap/isabel-be
#unieke ID
index uid eq
#toelaten zoekopdrachten op naam, email, enz ...
index cn,gn,mail eq,sub
#toelaten variaties in zoekopdrachten
index sn eq,sub
#optimalisatie departementdoorzoekingen
index ou eq
#toon gebruik van de standaard index parameter
index default eq,sub
#ontbrekend indenties - gebruik default eq,sub
index telephonenumber

cachesize 10000
checkpoint 128 15
---------------------------

and this is the new (and short) one I copied

---------------------------
#######################################################################
# BDB database definitions
#######################################################################

database bdb
suffix "dc=ISABEL,dc=BE"
rootdn "cn=root,dc=ISABEL,dc=BE"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw isabel
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap/isabel-be
# Indices to maintain
index objectClass eq
---------------------------

and when I run the service ldap start command again I still get that weird output, but now it contains a lot of green text

---------------------------
[root@loadpc6 openldap]# service ldap start
+ user=ldap
++ id -u ldap
+ ldapuid=55
++ grep '^directory' /etc/openldap/slapd.conf
++ sed 's,^directory,,'
+ for dbdir in '`grep ^directory /etc/openldap/slapd.conf | sed s,^directory,,`'
++ find /var/lib/ldap/isabel-be/ -not -uid 55 -and '(' -name '*.dbb' -or -name '*.gdbm' -or -name '*.bdb' ')'
+ echo -n 'Checking configuration files for : '
Checking configuration files for : + /usr/sbin/slaptest
config file testing succeeded
+ RETVAL=0
+ test 0 -eq 0
+ success
+ '[' -z '' ']'
+ initlog -q -n /etc/init.d/ldap -s '' -e 1
+ '[' color '!=' verbose -a -z '' ']'
+ echo_success
+ '[' color = color ']'
+ echo -en '\033[60G'
+ echo -n '[ '
[ + '[' color = color ']'
+ echo -en '\033[0;32m'
+ echo -n OK
OK+ '[' color = color ']'
+ echo -en '\033[0;39m'
+ echo -n ' ]'
]+ echo -ne '\r'
+ return 0
+ return 0
++ basename /usr/sbin/slapd
+ prog=slapd
+ echo -n 'Starting slapd: '
Starting slapd: + grep -q '^TLS' /etc/openldap/slapd.conf
+ daemon /usr/sbin/slapd -u ldap -h ldap:///
+ local gotbase= force=
+ local base= user= nice= bg= pid=
+ nicelevel=0
+ '[' /usr/sbin/slapd '!=' /usr/sbin/slapd ']'
+ '[' -z '' ']'
+ base=slapd
+ '[' -f /var/run/slapd.pid ']'
+ '[' -n '' -a -z '' ']'
+ ulimit -S -c 0
+ '[' -n '' ']'
+ '[' color = verbose -a -z '' ']'
+ '[' -z '' ']'
+ initlog -q -c '/usr/sbin/slapd -u ldap -h ldap:///'
+ '[' 1 -eq 0 ']'
+ failure 'slapd startup'
+ rc=1
+ '[' -z '' ']'
+ initlog -q -n /etc/init.d/ldap -s 'slapd startup' -e 2
+ '[' color '!=' verbose -a -z '' ']'
+ echo_failure
+ '[' color = color ']'
+ echo -en '\033[60G'
+ echo -n '['
[+ '[' color = color ']'
+ echo -en '\033[0;31m'
+ echo -n FAILED #
FAILED+ '[' color = color ']' # this is still in a red color
+ echo -en '\033[0;39m' #
+ echo -n ']'
]+ echo -ne '\r'
+ return 1
+ '[' -x /usr/bin/rhgb-client ']'
+ /usr/bin/rhgb-client --details=yes
+ return 1
+ RETVAL=1
+ echo

+ '[' 1 -eq 0 ']'
+ '[' 1 -eq 0 ']'
+ return 1
+ exit 1
---------------------------


I know that the password is in cleartext and that there are probably some other security issues, but that doesn't matter coz this is my trial&error fase just to get the ldap service running. If anybody has a good step by step guidline for ldap on a clean install from scratch, this could be very helpfull but all the tutorials I found were about just installing it, and nothing about the other requirements like eg : gcc, berkeleyDB and such or about the config files and how to test everything.
 
Old 06-19-2009, 04:01 AM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,899

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Quote:
Now if I run "service ldap start" I get less errors, and a few of them I solved immediatly like directory's that didn't exist yet and permissions that had to be set. for the purpose of getting my ldap running I coppied the /usr/local/etc/openldap/slapd.conf to the /etc/openldap/ directory.
From the above I assume that you've installed openldap from source (hence slapd.conf is in /usr/local/etc/openldap)
Using "service ldap start" you are trying to start the openldap that came with your OS. That's why it's not working. Copy the the "old" slapd.conf that contains objectclasses etc in /usr/local/etc/openldap amd try to start slapd running:
Code:
/usr/local/libexec/slapd -d255
 
Old 06-22-2009, 02:12 AM   #5
copro
LQ Newbie
 
Registered: Jun 2009
Posts: 3

Original Poster
Rep: Reputation: 0
It works :-) thnx man !!!
All worked out fine, now I just have to do some tweaking and its done
A million gazillion thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up LDAP on RHEL4 with Webmin - slapd will not start. AoiShikaku Red Hat 7 12-15-2008 01:31 AM
authenticating through one ldap server that uses other ldap servers & active director dreamm Linux - Server 1 02-21-2007 08:22 AM
LXer: LDAP Series Part IV - Installing OpenLDAP on Debian Plus Some LDAP Commentary LXer Syndicated Linux News 0 10-31-2006 06:54 PM
remote backup from RHEL4 to another RHEL4? dkgoalie Linux - Newbie 2 10-27-2006 11:14 PM
LDAP authentication from RHEL4 to AD acid_kewpie Linux - Enterprise 0 06-08-2006 10:10 AM


All times are GMT -5. The time now is 04:58 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration