ldap cannot carry slapd.conf changes or did not use /etc/openldap/slapd.conf
Hi Everyone,
I'm new to this forum and to linux, can anyone give me inputs on my problem with ldap, this would really be a big help. I am setting up LDAP server, i set slapd.conf(dc=proldap,dc=com) and start ldap it is OK but when i check using ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts result is : namingContexts: dc=my-domain,dc=com it seems that it did not use my slapd.conf so i tried removing my slapd.conf from /etc/openldap and start slapd again and it did start with no errors. and when i do ldapsearch again still uses dc=my-domain,dc=com I tried searching about this in google and found no answers, my reference in setting up ldap is the link below. but it seemed that it always uses another configuration not the one i modified I'm using Fedora12, ldap version 2.4.19 i installed ldap by yum install http://www.linuxhomenetworking.com/w...DAP_and_RADIUS http://www.openldap.org/doc/admin24/quickstart.html thanks in advance |
You probably already have entries in the ldap database with dn: dc=my-domain,dc=com. By changing the suffix in slapd.conf, doesn't change the entries in the database.
|
You can start slapd and point it to your configuration file with -f parameter. Otherwise, post up your init script - /etc/init.d/ldap (or /etc/init.d/openldap, ...)
|
Quote:
Hi Blue Ice, i'm using the default sample DB_CONFIG as my database. Thanks for the quick reply, anyway i'm setting this up in my VMware ESX should not matter right? heres my init script : #!/bin/bash # # slapd This shell script takes care of starting and stopping # ldap servers (slapd). # # chkconfig: - 27 73 # description: LDAP stands for Lightweight Directory Access Protocol, used \ # for implementing the industry standard directory services. # processname: slapd # config: /etc/openldap/slapd.conf # pidfile: /var/run/slapd.pid ### BEGIN INIT INFO # Provides: slapd # Required-Start: $network $local_fs # Required-Stop: $network $local_fs # Should-Start: # Should-Stop: # Default-Start: # Default-Stop: # Short-Description: starts and stopd OpenLDAP server daemon # Description: LDAP stands for Lightweight Directory Access Protocol, used # for implementing the industry standard directory services. ### END INIT INFO # Source function library. . /etc/init.d/functions # Define default values of options allowed in /etc/sysconfig/ldap SLAPD_LDAP="yes" SLAPD_LDAPI="no" SLAPD_LDAPS="no" SLAPD_URLS="" SLAPD_SHUTDOWN_TIMEOUT=3 # OPTIONS, SLAPD_OPTIONS and KTB5_KTNAME are not defined # Source an auxiliary options file if we have one if [ -r /etc/sysconfig/ldap ] ; then . /etc/sysconfig/ldap fi slapd=/usr/sbin/slapd slaptest=/usr/sbin/slaptest lockfile=/var/lock/subsys/slapd configdir=/etc/openldap/slapd.d/ configfile=/etc/openldap/slapd.conf pidfile=/var/run/slapd.pid slapd_pidfile=/var/run/openldap/slapd.pid RETVAL=0 # # Pass commands given in $2 and later to "test" run as user given in $1. # function testasuser() { local user= cmd= user="$1" shift cmd="$@" if test x"$user" != x ; then if test x"$cmd" != x ; then /sbin/runuser -f -m -s /bin/sh -c "test $cmd" -- "$user" else false fi else false fi } # # Check for read-access errors for the user given in $1 for a service named $2. # If $3 is specified, the command is run if "klist" can't be found. # function checkkeytab() { local user= service= klist= default= user="$1" service="$2" default="${3:-false}" if test -x /usr/kerberos/bin/klist ; then klist=/usr/kerberos/bin/klist elif test -x /usr/bin/klist ; then klist=/usr/bin/klist fi KRB5_KTNAME="${KRB5_KTNAME:-/etc/krb5.keytab}" export KRB5_KTNAME if test -s "$KRB5_KTNAME" ; then if test x"$klist" != x ; then if LANG=C $klist -k "$KRB5_KTNAME" | tail -n 4 | awk '{print $2}' | grep -q ^"$service"/ ; then if ! testasuser "$user" -r ${KRB5_KTNAME:-/etc/krb5.keytab} ; then true else false fi else false fi else $default fi else false fi } function configtest() { local user= ldapuid= dbdir= file= # Check for simple-but-common errors. user=ldap prog=`basename ${slapd}` ldapuid=`id -u $user` # Unaccessible database files. slaptestflags="" dbdirs="" if [ -d $configdir ]; then for configfile in `ls -1 $configdir/cn\=config/olcDatabase*.ldif`; do dbdirs=$dbdirs" "`LANG=C egrep '^olcDbDirectory[[:space:]]*:[[:space:]]+[[:print:]]+$' $configfile | sed 's,^olcDbDirectory: ,,'` done elif [ -f $configfile ]; then dbdirs=`LANG=C egrep '^directory[[:space:]]+' $configfile | sed 's,^directory[[:space:]]*,,'` else exit 6 fi for dbdir in $dbdirs; do if [ ! -d $dbdir ]; then exit 6 fi for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name alock \)` ; do echo -n $"$file is not owned by \"$user\"" ; warning ; echo done if ! test -s ${dbdir}/id2entry.dbb ; then if ! test -s ${dbdir}/id2entry.gdbm ; then if ! test -s ${dbdir}/id2entry.bdb ; then slaptestflags="-u" fi fi fi done # Unaccessible keytab with an "ldap" key. if checkkeytab $user ldap ; then file=${KRB5_KTNAME:-/etc/krb5.keytab} echo -n $"$file is not readable by \"$user\"" ; warning ; echo fi # Unaccessible TLS configuration files. if [ -d $configdir ]; then tlsconfigs=`LANG=C awk '/^olcTLS/ { while (/^olcTLS/) { if (/^olc(TLSCertificateKeyFile|TLSCertificateFile|TLSCACertificateFile)[ \t]*:[\t]*/) { do { printf gensub(/^ /,"",1); getline } while (/^ /) printf "\n" ; } else break; } }' $configdir/cn\=config.ldif | awk '{print $2}'` elif [ -f $configfile ]; then tlsconfigs=`LANG=C egrep '^(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]+' $configfile | awk '{print $2}'` fi for file in $tlsconfigs ; do if ! testasuser $user -r $file ; then echo -n $"$file is not readable by \"$user\"" ; warning ; echo fi done # Check the configuration file. slaptestout=`/sbin/runuser -m -s "$slaptest" -- "$user" $slaptestflags 2>&1` slaptestexit=$? # slaptestout=`echo $slaptestout 2>/dev/null | grep -v "config file testing succeeded"` # print warning if slaptest passed but reports some problems if test $slaptestexit == 0 ; then if echo "$slaptestout" | grep -v "config file testing succeeded" >/dev/null ; then echo -n $"Checking configuration files for $prog: " ; warning ; echo echo "$slaptestout" fi fi # report error if configuration file is wrong if test $slaptestexit != 0 ; then echo -n $"Checking configuration files for $prog: " ; failure ; echo echo "$slaptestout" if /sbin/runuser -m -s "$slaptest" -- "$user" "-u" > /dev/null 2> /dev/null ; then #dirs=`LANG=C egrep '^directory[[:space:]]+[[:print:]]+$' $configfile | awk '{print $2}'` for directory in $dbdirs ; do if test -r $directory/__db.001 ; then echo -n $"stale lock files may be present in $directory" ; warning ; echo fi done fi exit 6 fi } function start() { [ -x $slapd ] || exit 5 [ `id -u` -eq 0 ] || exit 4 configtest # Define a couple of local variables which we'll need. Maybe. user=ldap prog=`basename ${slapd}` harg="$SLAPD_URLS" if test x$SLAPD_LDAP = xyes ; then harg="$harg ldap:///" fi if test x$SLAPD_LDAPS = xyes ; then harg="$harg ldaps:///" fi if test x$SLAPD_LDAPI = xyes ; then harg="$harg ldapi:///" fi # Start daemons. echo -n $"Starting $prog: " daemon --pidfile=$pidfile --check=$prog ${slapd} -h "\"$harg\"" -u ${user} $OPTIONS $SLAPD_OPTIONS RETVAL=$? if [ $RETVAL -eq 0 ]; then touch $lockfile ln $slapd_pidfile $pidfile fi echo return $RETVAL } function stop() { # Stop daemons. prog=`basename ${slapd}` [ `id -u` -eq 0 ] || exit 4 echo -n $"Stopping $prog: " # This will remove pid and args files from /var/run/openldap killproc -p $slapd_pidfile -d $SLAPD_SHUTDOWN_TIMEOUT ${slapd} RETVAL=$? # Now we want to remove lock file and hardlink of pid file [ $RETVAL -eq 0 ] && rm -f $pidfile $lockfile echo return $RETVAL } # See how we were called. case "$1" in configtest) configtest ;; start) start RETVAL=$? ;; stop) stop RETVAL=$? ;; status) status -p $pidfile ${slapd} RETVAL=$? ;; restart|force-reload) stop start RETVAL=$? ;; condrestart|try-restart) status -p $pidfile ${slapd} > /dev/null 2>&1 || exit 0 stop start ;; usage) echo $"Usage: $0 {start|stop|restart|status|condrestart|configtest|usage}" RETVAL=0 ;; *) echo $"Usage: $0 {start|stop|restart|status|condrestart|configtest|usage}" RETVAL=3 esac exit $RETVAL |
DB_CONFIG is not your database. It is just a configuration file, just like slapd.conf.
Your database files and related files are probably located at /var/lib/ldap and are named __db.001, __db.002 and __db.nnn (where nnn is a number), if you are using BerkleyDB as your back-end. These files contain the actual data of your ldap system. As you can start up ldap, then there is an slapd.conf present. When you edited slapd.conf, used it to create the entries that are currently in the ldap directory and then changed this same slapd.conf, then you are using the correct file. That means there are still some old entries in your database. By changing the suffix in slapd.conf, will not change the entries in the database. You can compare it to storing data in a regular RDBMS like MySQL. If you change the name of the server and you store that same name in a relational database, the name change won't effect the data in the database. So you will have to update the data as well. I can understand that you think it has to do with slapd.conf, but I guess you are new to this and might not have a good understanding yet of what ldap is. Ldap is basically just another database. The difference is that when we are talking about a database, we are talking about relational databases. That's not the case for ldap, ldap is a so-called hierarchical database. Anyway, if you really keep thinking that ldap is using a different slapd.conf. You should also have read the init script you posted above, because the configuration you are after are possibly in the file /etc/sysconfig/ldap. But in my opinion, you can look at the configuration for days without finding anything. Check your database or create a new database with the new settings. |
Quote:
|
Hi Blue Ice and Quanta, thanks for the input.
This is what i have done. 1.Removed the files under /var/lib/ldap which contains the database,alock, dn2id.bdb, id2entry.bdb,log.0000000001 and DB_CONF 2.Run /usr/sbin/slapd -f /etc/openldap/slapd.conf. - this created dbase, alock and all in my /var/lib/ldap/ldapserver(the directory i set in slapd.conf when i do ldapsearch naming context is OK..thanks guys..:) now when i do ldapadd i get this ldap_bind: Invalid DN syntax (34) additional info: invalid DN i read a related problem here but i have to do this on monday... http://www.openldap.org/lists/openld.../msg00504.html again thanks..hopefully i can sort this out next week.. |
All times are GMT -5. The time now is 12:54 PM. |