LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 07-29-2008, 02:18 PM   #1
AoiShikaku
LQ Newbie
 
Registered: Jul 2008
Posts: 3

Rep: Reputation: 0
Setting up LDAP on RHEL4 with Webmin - slapd will not start.


Mkay so I'll try to speed this up and still be informative as possible so to avoid any questions later on.

OS: RedHat Enterprise Lunix 4 (RHEL4)
- Installed Webmin
- Installed OpenLDAP stuff through Webmin (client, server, user and group settings, etc.)
- Installed OpenLDAP stuff from RPM on RHEL4 disc (I did remove the ones from Webmin before doing so)
- Using some stock settings to set it up (ex= cn=Manager,dc=example,dc=com)

In short - just want create a user account with details then have the computer-name automatically added/resolved when connecting onto the domain.

I'm new to LDAP and its configuration. So I might be replying on more issues later on if I can't find a resource on the net.

Any answers with Webmin would be a bonus for me =D


THE ISSUE
got the LDAP Server configured (so I think) and when I try to start it (through webmin or terminal "service ldap start") I get these errors

Through terminal:
Quote:
[root@redhatbox5 openldap]# service ldap start
Checking configuration files for : config file testing succeeded
Starting slapd: [FAILED]
[root@redhatbox5 openldap]#
Through Webmin
Quote:
Failed to start LDAP server : /usr/sbin/slapd failed :
"slapd -d -1" output
Quote:
[root@redhatbox5 /]# slapd -d -1
@(#) $OpenLDAP: slapd 2.2.13 (Aug 19 2004 21:22:15) $
root@porky.build.redhat.com:/usr/src/build/440386-i386/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: bind(6) failed errno=98 (Address already in use)
daemon: bind(6) failed errno=98 (Address already in use)
slap_open_listener: failed on ldap:///
slapd stopped.
connections_destroy: nothing to destroy.

Here is what my slap.conf looks like
Quote:
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema

# Allow LDAPv2 client connections. This is NOT the default.
allow bind_anon_dn

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args

# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la

# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema

# Allow LDAPv2 client connections. This is NOT the default.
allow bind_anon_dn

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args

# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la

# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database bdb
suffix dc=example,dc=com
rootdn cn=Manager,dc=example,dc=com
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap

# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
rootpw {crypt}52VNMTtThnWumSsTR0SHFY

Last edited by AoiShikaku; 07-29-2008 at 03:27 PM.
 
Old 07-29-2008, 11:35 PM   #2
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 4&5, Fedora 10, CentOS 5.4, IPCop
Posts: 569

Rep: Reputation: 55
I get the same error if I try to use the slapd -d -1 command when ldap is already running. The error output is identical.

It looks to me like you already have ldap running, or you have other processes running on the ldap ports.

Try "service ldap status" to see if ldap is running or not. Perhaps "service ldap restart" might be useful too.

Ian
 
Old 07-30-2008, 12:19 AM   #3
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
or

ps aux | grep slap
 
Old 07-30-2008, 09:51 AM   #4
AoiShikaku
LQ Newbie
 
Registered: Jul 2008
Posts: 3

Original Poster
Rep: Reputation: 0
Man, I've been stuck on that error for a long time. Thanks for the replies =D

I stopped the service and started the service through webmin and I finally got past that problem, but....


NEW PROBLEM:
Under trees I want to create a new DN with a dummy user account using Webmin. When I am done with what I want it to do I click on create and receive this error:
Quote:
Failed to create new tree : No user to login as has been configured
When I try to browse the database I get this error:
Quote:
The LDAP browser cannot be used : No user to login as has been configured
Under the Schemas tab I have Core, Consine, OpenLDAP, Inetorgperson, and NIS running

I tried to setup the LDAP users and groups, but I wasn't able to create a new user or a new group. (no existing ones there also)

My LDAP client is still on the same computer and I'm still trying to get that setup to talk to the LDAP server.

I dont know what I am missing here or what I should do. Can someone please point me in the correct direction. Such a pain troubleshooting something when you dont know where you are =p
 
Old 07-30-2008, 12:44 PM   #5
MartyHeyman
LQ Newbie
 
Registered: Jul 2008
Posts: 1

Rep: Reputation: 0
Lightbulb OpenLDAP Release Level for Red Hat

We noticed that the version of OpenLDAP provided by the Red Hat release you are using is 2.2. OpenLDAP 2.4 is now available and OpenLDAP 2.3 is the most common production level. We would highly recommend you upgrade to either of those substantially improved and more capable releases. The easy way to do it is to install Symas OpenLDAP which is a binary package (RPMs available) including OpenLDAP, BDB, OpenSSL, and Cyrus SASL at coordinated patch levels. The package is tested as a unit and installs without interfering with other copies of libraries on your systems. Free downloads are available as is commercial support. See us at www dot symas dot com.
 
Old 07-30-2008, 03:36 PM   #6
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Why don't you try migrating existing users across to make sure your basic setup is working. It may well be the data you are trying to insert is incorrect. See http://www.linuxhomenetworking.com/w...DAP_and_RADIUS as a good example howto (and yes, it works).

Also, I gave up on webmin ages ago, but there are some good ldap utilities like phpldapadmin and ldapam (account manager) that are specifically designed for ldap
 
Old 07-31-2008, 04:01 PM   #7
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 4&5, Fedora 10, CentOS 5.4, IPCop
Posts: 569

Rep: Reputation: 55
I second the suggestion to use something other than Webmin. I like Webmin for many reasons, but LDAP isn't one of them. I now use phpldapadmin to manage my LDAP system.
 
Old 12-15-2008, 01:31 AM   #8
webman
LQ Newbie
 
Registered: Dec 2008
Posts: 1

Rep: Reputation: 0
Witch type of the webmin can i install,my sysytem is still rhel4,thanks.
Where can I download?

Last edited by webman; 12-15-2008 at 01:32 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SLAPD wont start xkape Fedora 1 11-13-2006 01:12 PM
LDAP authentication from RHEL4 to AD acid_kewpie Linux - Enterprise 0 06-08-2006 10:10 AM
webmin - LDAP paul_mat Linux - Newbie 3 06-07-2005 05:01 PM
webmin/ldap issues labratmatt Linux - Software 0 01-17-2005 10:20 PM
LDAP: slapd is not listening! jjge Linux - Software 6 01-10-2004 10:02 AM


All times are GMT -5. The time now is 11:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration