Пытаюсь поднять домен на freebsd6.4. Делаю все как здесь сказано:http://www.opennet.me/base/net/samba_pdc_freebsd.txt.html (более подробных описаний не нашел). В результате машина-pdc вываливается из сети, ldap на ней отвалисвается, в логах - could not search ldap server - server is unavailable.ldap.conf:
host 127.0.0.1
base dc=mydomain,dc=local
uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/
rootbinddn cn=Manager,dc=mydomain,dc=local
scope sub
nss_base_passwd ou=Users,dc=mydomain,dc=local?one
nss_base_passwd ou=Computers,dc=mydomain,dc=local?one
nss_base_group ou=Groups,dc=mydomain,dc=local?one
ssl no
pam_password CRYPT
bind_timelimit 10
bind_policy softslapd.conf:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
#ssl
#TLSCipherSuite HIGH:MEDIUM:+SSLv2:+TLSv1
#TLSCertificateFile /usr/local/etc/openldap/ldap.csr
#TLSCertificateKeyFile /usr/local/etc/openldap/ldap.key
modulepath /usr/local/libexec/openldap
#moduleload back_bdb
moduleload back_ldap
moduleload back_ldbm
#moduleload back_passwd
#moduleload back_shell
#database bdb
database ldbm
suffix "dc=mydomain,dc=local"
rootdn "cn=Manager,dc=mydomain,dc=local"
#Создать хеш пароля #/usr/local/sbin/slappasswd
rootpw {SSHA}CuizlmpA5bH1MJ8qKJemPJdkgurnguitg
#loglevel 256
directory /var/db/openldap-data
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
#any users can authenticate and change his password
access to attrs=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange
by dn="cn=Manager,dc=mydomain,dc=local" write
by self write
by anonymous auth
by * none
#some attributes need to be readable anonymously so that 'id user' can
answer correctly
access to attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid
by dn="cn=Manager,dc=mydomain,dc=local" write
by * read
#somme attributes can be writable by users themselves
access to attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname
by dn="cn=Manager,dc=mydomain,dc=local" write
by self write
by * read
#some attributes need to be writable for samba
access to attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,
sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,
sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,
sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,
sambaDomainName,sambaMungedDial,sambaBadPasswordCount,sambaBadPasswordTime,
sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,
sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,
sambaShareName,sambaOptionName,sambaBoolOption,sambaIntegerOption,sambaStringOption,sambaStringListoption
by dn="cn=Manager,dc=mydomain,dc=local" write
by self read
by * none
#samba need to be able to create the samba domain account
access to dn.base="dc=mydomain,dc=local"
by dn="cn=Manager,dc=mydomain,dc=local" write
by * none
#samba need to be able to create new users accounts
access to dn="ou=Users,dc=mydomain,dc=local"
by dn="cn=Manager,dc=mydomain,dc=local" write
by * none
#samba need to be able to create new groups accounts
access to dn="ou=Groups,dc=mydomain,dc=local"
by dn="cn=Manager,dc=mydomain,dc=local" write
by * none
#samba need to be able to create new computers accounts
access to dn="ou=Computers,dc=mydomain,dc=local"
by dn="cn=Manager,dc=mydomain,dc=local" write
by * none
#this can be omitted but we let it stay because there could be other
branches in the directory
access to *
by self read
By * noneС чем может быть связано?
В slapd.conf раскоментируйте loglevel и попробуйте запустить ldap (/usr/local/etc/rc.d/slapd start), после чего идите в /var/log/debug.log и читаем его на предмет чего не нравиться самому ldap'у...
>В slapd.conf раскоментируйте loglevel и попробуйте запустить ldap (/usr/local/etc/rc.d/slapd start), после чего
>идите в /var/log/debug.log и читаем его на предмет чего не нравиться
>самому ldap'у...fd=13 ACCEPT from IP=127.0.0.1:54294 (IP=127.0.0.1)
op=0 BIND dn="" method=128
op=0 RESULT tag=97 err=0 text=
op=1 SRCH base="ou=groups,dc=domain,dc=local" scope=1 deref=0 filter="(&(ObjectClass=posixGroup))"
op=1 SRCH attr=cn userPassword memberUID uniqueMember gidNumber
op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
>op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=error=32 означает NO_SUCH_OBJECT