| 1 |
On Tuesday 22 March 2011 22:00:21 Johannes Geiss wrote: |
| 2 |
> Hi there, |
| 3 |
> |
| 4 |
> I try to start an LDAP-service for managing by eMail-Addresses |
| 5 |
> centralised on my server. Unfortunately I constantly fail to start |
| 6 |
> slapd. |
| 7 |
|
| 8 |
Are you trying to start is using the init-script? |
| 9 |
|
| 10 |
> I tried a lot of documentations I've found on the web, including |
| 11 |
> Gentoo's non-official doc at |
| 12 |
> |
| 13 |
> http://www.gentoo.org/doc/en/ldap-howto.xml |
| 14 |
> |
| 15 |
> as well as |
| 16 |
> |
| 17 |
> http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html |
| 18 |
> |
| 19 |
> but to no avail. |
| 20 |
> |
| 21 |
> The daemon slapd only starts as root and connecting to it via |
| 22 |
> |
| 23 |
> ldapadd -f stooges.ldif -xv -D "cn=StoogeAdmin,o=stooges" \ |
| 24 |
> -h 127.0.0.1 -w secret1 |
| 25 |
> |
| 26 |
> always fails with |
| 27 |
> |
| 28 |
> ldap_initialize( ldap://127.0.0.1 ) |
| 29 |
> ldap_bind: Invalid credentials (49) |
| 30 |
|
| 31 |
This indicates that the login-details are incorrect or not allowed to connect. |
| 32 |
|
| 33 |
> I suspect something is wrong with my backend database. |
| 34 |
|
| 35 |
Is "stooges.ldif" the first LDIF you are trying to import? eg. is the backend |
| 36 |
database still empty? |
| 37 |
|
| 38 |
> Has anybody installed and started OpenLDAP successfully on Gentoo? |
| 39 |
> I am interested in config files and which components/use flags are |
| 40 |
> involved. |
| 41 |
|
| 42 |
I have and am happily using it. |
| 43 |
|
| 44 |
I configured the database-part in the "/etc/openldap/slapd.conf" file: |
| 45 |
** |
| 46 |
####################################################################### |
| 47 |
# BDB database definitions |
| 48 |
####################################################################### |
| 49 |
|
| 50 |
database hdb |
| 51 |
suffix "dc=example,dc=org" |
| 52 |
checkpoint 32 30 |
| 53 |
# checkpoint: <kbyte> <min> |
| 54 |
rootdn "cn=Manager,dc=example,dc=org" |
| 55 |
# Cleartext passwords, especially for the rootdn, should |
| 56 |
# be avoid. See slappasswd(8) and slapd.conf(5) for details. |
| 57 |
# Use of strong authentication encouraged. |
| 58 |
password-hash {crypt} |
| 59 |
rootpw IDONOTTHINKSO_:) |
| 60 |
# The database directory MUST exist prior to running slapd AND |
| 61 |
# should only be accessible by the slapd and slap tools. |
| 62 |
# Mode 700 recommended. |
| 63 |
directory /var/lib/openldap-data |
| 64 |
** |
| 65 |
|
| 66 |
Also, when I restore a backup (or build a new one) I always first use "slapadd" |
| 67 |
to initialize the openldap backend database prior to trying to start slapd: |
| 68 |
1) /etc/init.d/slapd stop |
| 69 |
2) rm /var/lib/openldap-data/* |
| 70 |
3) slapadd -f <backup-file.ldif> |
| 71 |
4) chown -R ldap:ldap /var/lib/openldap-data/ |
| 72 |
5) /etc/init.d/slapd start |
| 73 |
|
| 74 |
Please adjust the paths and suffix/rootdn to match your installation. |
| 75 |
|
| 76 |
HTH, |
| 77 |
|
| 78 |
Joost Roeleveld |
| 79 |
|
| 80 |
PS. step 4 is important as "slapadd" will create the files owned by current |
| 81 |
user (root) and slapd will run as "ldap" which means slapd will not be able to |
| 82 |
access without that step. |
Archives