1 |
On Tuesday 22 March 2011 22:00:21 Johannes Geiss wrote: |
2 |
> Hi there, |
3 |
> |
4 |
> I try to start an LDAP-service for managing by eMail-Addresses |
5 |
> centralised on my server. Unfortunately I constantly fail to start |
6 |
> slapd. |
7 |
|
8 |
Are you trying to start is using the init-script? |
9 |
|
10 |
> I tried a lot of documentations I've found on the web, including |
11 |
> Gentoo's non-official doc at |
12 |
> |
13 |
> http://www.gentoo.org/doc/en/ldap-howto.xml |
14 |
> |
15 |
> as well as |
16 |
> |
17 |
> http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html |
18 |
> |
19 |
> but to no avail. |
20 |
> |
21 |
> The daemon slapd only starts as root and connecting to it via |
22 |
> |
23 |
> ldapadd -f stooges.ldif -xv -D "cn=StoogeAdmin,o=stooges" \ |
24 |
> -h 127.0.0.1 -w secret1 |
25 |
> |
26 |
> always fails with |
27 |
> |
28 |
> ldap_initialize( ldap://127.0.0.1 ) |
29 |
> ldap_bind: Invalid credentials (49) |
30 |
|
31 |
This indicates that the login-details are incorrect or not allowed to connect. |
32 |
|
33 |
> I suspect something is wrong with my backend database. |
34 |
|
35 |
Is "stooges.ldif" the first LDIF you are trying to import? eg. is the backend |
36 |
database still empty? |
37 |
|
38 |
> Has anybody installed and started OpenLDAP successfully on Gentoo? |
39 |
> I am interested in config files and which components/use flags are |
40 |
> involved. |
41 |
|
42 |
I have and am happily using it. |
43 |
|
44 |
I configured the database-part in the "/etc/openldap/slapd.conf" file: |
45 |
** |
46 |
####################################################################### |
47 |
# BDB database definitions |
48 |
####################################################################### |
49 |
|
50 |
database hdb |
51 |
suffix "dc=example,dc=org" |
52 |
checkpoint 32 30 |
53 |
# checkpoint: <kbyte> <min> |
54 |
rootdn "cn=Manager,dc=example,dc=org" |
55 |
# Cleartext passwords, especially for the rootdn, should |
56 |
# be avoid. See slappasswd(8) and slapd.conf(5) for details. |
57 |
# Use of strong authentication encouraged. |
58 |
password-hash {crypt} |
59 |
rootpw IDONOTTHINKSO_:) |
60 |
# The database directory MUST exist prior to running slapd AND |
61 |
# should only be accessible by the slapd and slap tools. |
62 |
# Mode 700 recommended. |
63 |
directory /var/lib/openldap-data |
64 |
** |
65 |
|
66 |
Also, when I restore a backup (or build a new one) I always first use "slapadd" |
67 |
to initialize the openldap backend database prior to trying to start slapd: |
68 |
1) /etc/init.d/slapd stop |
69 |
2) rm /var/lib/openldap-data/* |
70 |
3) slapadd -f <backup-file.ldif> |
71 |
4) chown -R ldap:ldap /var/lib/openldap-data/ |
72 |
5) /etc/init.d/slapd start |
73 |
|
74 |
Please adjust the paths and suffix/rootdn to match your installation. |
75 |
|
76 |
HTH, |
77 |
|
78 |
Joost Roeleveld |
79 |
|
80 |
PS. step 4 is important as "slapadd" will create the files owned by current |
81 |
user (root) and slapd will run as "ldap" which means slapd will not be able to |
82 |
access without that step. |