Уже второй день наступаю на грабли. Не могу запустить LDAP
slapd.conf:
--
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/samba.schemapidfile /var/run/slapd.pid
allow bind_v2
#access to attrs=userPassword by self write by * auth
#access to * by peername=127.0.0.1 read by anonymous auth by users readaccess to dn=".*,ou=samba,dc=igate,dc=local"
by dn=".*,cn=demiurg,dc=igate,dc=local" write
by dn="ou=samba,dc=igate,dc=local" write
by self write
by anonymous authaccess to dn=".*,ou=NIS,dc=igate,dc=local"
by dn=".*,cn=demiurg,dc=igate,dc=local" write
by dn="ou=samba,dc=igate,dc=local" write
by self write
by anonymous authaccess to attr=userPassword
by self write
by anonymous auth
by dn=".*,cn=demiurg,dc=igate,dc=local" write
by * noneaccess to *
by dn=".*,cn=demiurg,dc=igate,dc=local" write
by self write
by anonymous authdatabase ldbm
suffix "dc=igate,dc=local"rootdn "cn=demiurg,dc=igate,dc=local"
rootpw {SMD5}eRoqQxRcBr4XvOY2Z1jNwejSw8s=TLSCertificateFile /usr/local/etc/openldap/slapd.pem
TLSCertificateKeyFile /usr/local/etc/openldap/slapd.pemdirectory /var/openldap/data
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
--
"slapd -t" Говорит что в конфиге ошибка, а где - неизвестно :(
Где зарыты грабли?
Сервер: FreeBSD 5.2.1
>Сервер: FreeBSD 5.2.1
А log файл ты смотрел? Заставь его работать через syslog если он у тебя не ведет его и там он тебе скажет в какой строке ошибка.
Я все-таки докопался до ошибки:
--
-su-2.05b# /etc/rc.d/slapd start
Starting slapd.
/usr/local/etc/openldap/slapd.conf: line 14: bad DN ".*,dc=samba,dc=igate,dc=local" in to DN clause
<access clause> ::= access to <what> [ by <who> <access> [ <control> ] ]+
<what> ::= * | [dn[.<dnstyle>]=<DN>] [filter=<filter>] [attrs=<attrlist>]
<attrlist> ::= <attr> [val[.<style>]=<value>] | <attr> , <attrlist>
<attr> ::= <attrname> | entry | children
<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ]
[dnattr=<attrname>]
[group[/<objectclass>[/<attrname>]][.<style>]=<group>]
[peername[.<style>]=<peer>] [sockname[.<style>]=<name>]
[domain[.<style>]=<domain>] [sockurl[.<style>]=<url>]
[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]
<dnstyle> ::= base | exact | one | subtree | children | regex
<style> ::= regex | base | exact
<access> ::= [self]{<level>|<priv>}
<level> ::= none | auth | compare | search | read | write
<priv> ::= {=|+|-}{w|r|s|c|x}+
<control> ::= [ stop | continue | break ]
--slapd.conf:
--
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/samba.schemapidfile /var/run/openldap/slapd.pid
access to dn=".*,dc=samba,dc=igate,dc=local" attr=lmPassword
by dn="cn=admin,dc=samba,dc=igate,dc=local" write
by self write
by * authaccess to dn=".*,dc=samba,dc=igate,dc=local" attr=ntPassword
by dn="cn=admin,dc=samba,dc=igate,dc=local" write
by self write
by * authdatabase ldbm
suffix "dc=igate,dc=local"rootdn "cn=demiurg,dc=igate,dc=local"
rootpw {SMD5}XXXXXXXXXXXXXXXXXXXXXXXXXXX=directory /var/openldap/data
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
Объясните чайнику где ошибка? :)
Поставим вопрос по другому:
--
-su-2.05b# ldapadd -x -D cn=demiurg,dc=igate,dc=local -W -f ldap.ldif
Enter LDAP Password:
adding new entry "dc=igate,dc=local"
ldapadd: update failed: dc=igate,dc=local
ldap_add: Undefined attribute type (17)
additional info: dn: attribute type undefined
--
ldap.ldif:
--
dn: dc=igate,dc=local
objectclass: dcObject
objectclass: organization
o: igate
dc: igate
dn: cn=demiurg,dc=igate,dc=localobjectclass: organizationalRole
cn: demiurg
dn: ou=users,dc=igate,dc=local
ou: users
objectclass: topobjectclass: organizationalUnit
dn: uid=null,ou=users,dc=igate,dc=local
uid: null
cn: Neo
objectclass: account
objectclass: posixAccount
objectclass: top
objectclass: uidObject
loginshell: /bin/nologin
uidnumber: 1000
gidnumber: 1000
homedirectory: /home/null
gecos: Neo
userpassword: $1$XXXXXXXXXXXXXXXXXXXXX
--
Вопрос: Где зарыты грабли? :)
С уважением.
Аналогичная фигня и у меня. Сервер работает "как из пушки" , а добавить записи не могу (выдает аналогичные ошибки). Так как процесс воода данных у каждого "свой", то уповаю только на программы администраторы LDAP. Ldapadministrator например. Вообще очень странно, установка LDAP везде описанна достаточно хорошо, а вот как добавлять данные - вопрос. Похоже надо RFC читать.
>Я все-таки докопался до ошибки:
>--
>-su-2.05b# /etc/rc.d/slapd start
>Starting slapd.
>/usr/local/etc/openldap/slapd.conf: line 14: bad DN ".*,dc=samba,dc=igate,dc=local" in to DN clause
><access clause> ::= access to <what> [ by <who> <access> [ <control> ] ]+
><what> ::= * | [dn[.<dnstyle>]=<DN>] [filter=<filter>] [attrs=<attrlist>]
><attrlist> ::= <attr> [val[.<style>]=<value>] | <attr> , <attrlist>
><attr> ::= <attrname> | entry | children
><who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ]
> [dnattr=<attrname>]
> [group[/<objectclass>[/<attrname>]][.<style>]=<group>]
> [peername[.<style>]=<peer>] [sockname[.<style>]=<name>]
> [domain[.<style>]=<domain>] [sockurl[.<style>]=<url>]
> [ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]
><dnstyle> ::= base | exact | one | subtree | children | regex
><style> ::= regex | base | exact
><access> ::= [self]{<level>|<priv>}
><level> ::= none | auth | compare | search | read | write
><priv> ::= {=|+|-}{w|r|s|c|x}+
><control> ::= [ stop | continue | break ]
>--
>
>slapd.conf:
>--
>include /usr/local/etc/openldap/schema/core.schema
>include /usr/local/etc/openldap/schema/cosine.schema
>include /usr/local/etc/openldap/schema/inetorgperson.schema
>include /usr/local/etc/openldap/schema/nis.schema
>include /usr/local/etc/openldap/schema/openldap.schema
>include /usr/local/etc/openldap/schema/misc.schema
>include /usr/local/etc/openldap/schema/samba.schema
>
>pidfile /var/run/openldap/slapd.pid
>
>access to dn=".*,dc=samba,dc=igate,dc=local" attr=lmPassword
> by dn="cn=admin,dc=samba,dc=igate,dc=local" write
> by self write
> by * auth
>
>access to dn=".*,dc=samba,dc=igate,dc=local" attr=ntPassword
> by dn="cn=admin,dc=samba,dc=igate,dc=local" write
> by self write
> by * auth
>
>database ldbm
>suffix "dc=igate,dc=local"
>
>rootdn "cn=demiurg,dc=igate,dc=local"
>rootpw {SMD5}XXXXXXXXXXXXXXXXXXXXXXXXXXX=
>
>directory /var/openldap/data
>
>index objectClass
>
> eq,pres
>index ou,cn,mail,surname,givenname eq,pres,sub
>index uidNumber,gidNumber,loginShell eq,pres
>index uid,memberUid
> eq,pres,sub
>
>index nisMapName,nisMapEntry
> eq,pres,subУ меня че-то тоже dn=".*,ou=users,dc=mydomain,dc=ru" не сработало, но можно и по другому описать, в моем случае прокатило
access to dn.subtree="ou=users,dc=mydomain,dc=ru"
см. здесь http://www.openldap.org/doc/admin22/slapdconfig.html на предмет dn.base, dn.one, dn.subtree, dn.children . Хотя описание несколько невнятное (имхо), но разобраться можно.
Грабли откопал :))
Вот правильный ldif:
--
dn: dc=igate,dc=local
objectClass: dcObject
objectClass: organization
o: OpenLDAP
dc: igatedn: cn=demiurg,dc=igate,dc=local
cn: demiurg
objectClass: organizationalRoledn: ou=users,dc=igate,dc=local
ou: users
objectClass: top
objectClass: organizationalUnitdn: ou=groups,dc=igate,dc=local
ou: groups
objectClass: top
objectClass: organizationalUnit
--
>
>database ldbm
Я могу быть не прав, однако....Ты его собирал сам? Если да то поддержку ldbm включил?
Поробуй использовать Беркли DB: database bdb