RHEL6 openldap-server

fritz001 · 08-24-2012, 07:51 AM

Hello everyone,

I'm struggle for more then 4 days to ke it working and no chance ....

so here is my setup

1. default install of openldap-servers and openldap-clients

content of /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif

....
dn: olcDatabase={2}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcSuffix: dc=example1,dc=com
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=Manager,dc=example1,dc=com

olcRootPW: 12345678
olcTLSCertificateFile: /etc/openldap/cacerts/slapdcert.pem
olcTLSCertificateKeyFile: /etc/openldap/cacerts/slapdkey.pem
olcDbDirectory: /var/openldap-data
......

content of /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif

...
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=externa
l,cn=auth" read by dn.base="cn=Manager,dc=example1,dc=com" read by * none
....

base.ldif

dn: dc=example1,dc=com
objectClass: top
objectClass: domain
dc: example1

dn: ou=People,dc=example1,dc=com
objectClass: top
objectClass: OrganizationalUnit
ou: People

dn: ou=Group,dc=example1,dc=com
objectClass: top
objectClass: OrganizationalUnit
ou: Group

dn: ou=addressbook,dc=example1,dc=com
objectClass: top
objectClass: OrganizationalUnit
ou: addressbook

dn: cn=Manager,dc=example1,dc=com
objectClass: top
objectclass: organizationalRole
cn: Manager

1st issue: when i start slapd

backend_startup_one: starting "dc=example1,dc=com"
bdb_db_open: warning - no DB_CONFIG file found in directory /var/openldap-data: (14).
Expect poor performance for suffix "dc=example1,dc=com".
bdb_db_open: database "dc=example1,dc=com": dbenv_open(/var/openldap-data).
slapd starting

[root@srv1 openldap]# ll /var/openldap-data/
total 19344
-rw-r--r--. 1 ldap ldap 4096 Aug 24 14:49 alock
-rw-------. 1 ldap ldap 24576 Aug 24 14:48 __db.001
-rw-------. 1 ldap ldap 7225344 Aug 24 14:48 __db.002
-rw-------. 1 ldap ldap 335552512 Aug 24 14:48 __db.003
-rw-------. 1 ldap ldap 2359296 Aug 24 14:48 __db.004
-rw-------. 1 ldap ldap 491520 Aug 24 14:48 __db.005
-rw-------. 1 ldap ldap 32768 Aug 24 14:48 __db.006
-rw-r--r--. 1 ldap ldap 921 Aug 24 14:36 DB_CONFIG
-rw-------. 1 ldap ldap 8192 Aug 24 14:19 dn2id.bdb
-rw-------. 1 ldap ldap 32768 Aug 24 14:19 id2entry.bdb
-rw-------. 1 ldap ldap 10485760 Aug 24 14:49 log.0000000001

2nd issue:
ldapadd -x -D 'cn=Manager,dc=example1,dc=com' -f base1.ldif -w 12345678
ldap_bind: Invalid credentials (49)

ping example1.com ---> get response from 192.168.100.1

Can someone enlighten me what the.... is wrong ??????????

TB0ne · 08-24-2012, 08:14 AM

Quote:

Originally Posted by fritz001

Hello everyone,
I'm struggle for more then 4 days to ke it working and no chance .... so here is my setup

1st issue: when i start slapd
bdb_db_open: warning - no DB_CONFIG file found in directory /var/openldap-data: (14).

It's an ownership issue, based on the message. Unless the user and group 'ldap' exists on your system, what you've got is incorrect. And providing the user/group you posted is there, who owns that directory?? Putting the error into Google pulls up lots from the openldap forums...did you look there?
http://www.openldap.org/lists/openld.../msg00275.html
http://www.secure-computing.net/wiki/index.php/OpenLDAP

Quote:

2nd issue:
ldapadd -x -D 'cn=Manager,dc=example1,dc=com' -f base1.ldif -w 12345678
ldap_bind: Invalid credentials (49)
ping example1.com ---> get response from 192.168.100.1

...and this message also seems to be covered too, and has been answered on this site as well:
https://www.linuxquestions.org/quest...-query-941547/
http://www.openldap.org/lists/openld.../msg00325.html

The "49" can come from different things...the server can tell you why. First thing I'd address would be issue 1 that you've posted. After that, run ldap in the foreground, and try the command again, to see what comes up. That should give you a clue as to why the 49 is present, and how to move forward.

fritz001 · 08-24-2012, 08:31 AM

[root@srv1 openldap]# ls -lad /var/openldap-data/
drwxr-xr-x. 2 ldap ldap 4096 Aug 24 15:22 /var/openldap-data/

[root@srv1 openldap]# ls -lad /var/openldap-data/DB_CONFIG
-rw-r--r--. 1 ldap ldap 921 Aug 24 14:36 /var/openldap-data/DB_CONFIG

[root@srv1 openldap]# id ldap
uid=55(ldap) gid=55(ldap) groups=55(ldap)

P.S. I'm not using slapd.conf but the new structure /etc/openldap/slapd.d/cn=config/*

fritz001 · 08-25-2012, 05:05 AM

Ok, I gave up using the annoying structure of /etc/openldap/ldap.d and switched to old sldap.conf

include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema

allow bind_v2

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

TLSCertificateFile /etc/openldap/cacerts/slapdcert.pem
TLSCertificateKeyFile /etc/openldap/cacerts/slapdkey.pem

database config
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
by * none

database monitor
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.exact="cn=Manager,dc=domain1,dc=local" read
by * none

database bdb
suffix "dc=domain1,dc=local"
checkpoint 1024 15
rootdn "cn=Manager,dc=domain1,dc=local"
rootpw 12345678
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,su

Ok so far so good,