URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID1
Нить номер: 85651
[ Назад ]

Исходное сообщение
"Проблемы: ldap "

Отправлено Ukrainecb , 17-Июн-09 14:49 
Пытаюсь поднять домен на freebsd6.4. Делаю все как здесь сказано:http://www.opennet.me/base/net/samba_pdc_freebsd.txt.html (более подробных описаний не нашел). В результате машина-pdc вываливается из сети, ldap на ней отвалисвается, в логах - could not search ldap server - server is unavailable.

ldap.conf:
host 127.0.0.1
base dc=mydomain,dc=local
uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/
rootbinddn cn=Manager,dc=mydomain,dc=local
scope sub
nss_base_passwd ou=Users,dc=mydomain,dc=local?one
nss_base_passwd ou=Computers,dc=mydomain,dc=local?one
nss_base_group ou=Groups,dc=mydomain,dc=local?one
ssl no
pam_password CRYPT
bind_timelimit 10
bind_policy soft

slapd.conf:

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
           #ssl
           #TLSCipherSuite HIGH:MEDIUM:+SSLv2:+TLSv1
           #TLSCertificateFile /usr/local/etc/openldap/ldap.csr
           #TLSCertificateKeyFile /usr/local/etc/openldap/ldap.key
           modulepath /usr/local/libexec/openldap
           #moduleload back_bdb
           moduleload back_ldap
           moduleload back_ldbm
           #moduleload back_passwd
           #moduleload back_shell
           #database bdb
           database ldbm
           suffix "dc=mydomain,dc=local"
           rootdn "cn=Manager,dc=mydomain,dc=local"
           #Создать хеш пароля #/usr/local/sbin/slappasswd
           rootpw {SSHA}CuizlmpA5bH1MJ8qKJemPJdkgurnguitg
           #loglevel 256
           directory /var/db/openldap-data
           index objectClass,uidNumber,gidNumber eq
           index cn,sn,uid,displayName pres,sub,eq
           index memberUid,mail,givenname eq,subinitial
           index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
           #any users can authenticate and change his password
           access to attrs=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange
           by dn="cn=Manager,dc=mydomain,dc=local" write
           by self write
           by anonymous auth
           by * none
           #some attributes need to be readable anonymously so that 'id user' can
           answer correctly
           access to attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid
           by dn="cn=Manager,dc=mydomain,dc=local" write
           by * read
           #somme attributes can be writable by users themselves
           access to attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname
           by dn="cn=Manager,dc=mydomain,dc=local" write
           by self write
           by * read
           #some attributes need to be writable for samba
           access to attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,
               sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,
               sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,
               sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,
               sambaDomainName,sambaMungedDial,sambaBadPasswordCount,sambaBadPasswordTime,
               sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,
               sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,
               sambaShareName,sambaOptionName,sambaBoolOption,sambaIntegerOption,sambaStringOption,sambaStringListoption
           by dn="cn=Manager,dc=mydomain,dc=local" write
           by self read
           by * none
           #samba need to be able to create the samba domain account
           access to dn.base="dc=mydomain,dc=local"
           by dn="cn=Manager,dc=mydomain,dc=local" write
           by * none
           #samba need to be able to create new users accounts
           access to dn="ou=Users,dc=mydomain,dc=local"
           by dn="cn=Manager,dc=mydomain,dc=local" write
           by * none
           #samba need to be able to create new groups accounts
           access to dn="ou=Groups,dc=mydomain,dc=local"
           by dn="cn=Manager,dc=mydomain,dc=local" write
           by * none
           #samba need to be able to create new computers accounts
           access to dn="ou=Computers,dc=mydomain,dc=local"
           by dn="cn=Manager,dc=mydomain,dc=local" write
           by * none
           #this  can  be omitted but we let it stay because there could be other
           branches in the directory
           access to *
           by self read
           By * none

С чем может быть связано?


Содержание

Сообщения в этом обсуждении
"Проблемы: ldap "
Отправлено Сергей , 18-Июн-09 10:00 
В slapd.conf раскоментируйте loglevel и попробуйте запустить ldap (/usr/local/etc/rc.d/slapd start), после чего идите в /var/log/debug.log и читаем его на предмет чего не нравиться самому ldap'у...

"Проблемы: ldap "
Отправлено Ukrainecb , 19-Июн-09 15:39 
>В slapd.conf раскоментируйте loglevel и попробуйте запустить ldap (/usr/local/etc/rc.d/slapd start), после чего
>идите в /var/log/debug.log и читаем его на предмет чего не нравиться
>самому ldap'у...

fd=13 ACCEPT from IP=127.0.0.1:54294 (IP=127.0.0.1)
op=0 BIND dn="" method=128
op=0 RESULT tag=97 err=0 text=
op=1 SRCH base="ou=groups,dc=domain,dc=local" scope=1 deref=0 filter="(&(ObjectClass=posixGroup))"
op=1 SRCH attr=cn userPassword memberUID uniqueMember gidNumber
op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=


"Проблемы: ldap "
Отправлено Hetzer , 19-Июн-09 20:12 
>op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=

error=32 означает NO_SUCH_OBJECT