Chinaunix

标题: 写给所有OpenLDAP不能正常启动的人 [打印本页]

作者: py 时间: 2004-08-14 21:34
标题: 写给所有OpenLDAP不能正常启动的人
现在入门的人更多用的是OpenLDAP，如果你的OpenLDAP正常安装，并经过make test没有问题，而启动的时候遇到了问题。那么请这样做/usr/local/libexec/slapd -d 256
然后把出错信息贴出来，我尽量给大家解决。

作者: 朽木可雕 时间: 2004-08-15 21:29
标题: 写给所有OpenLDAP不能正常启动的人
谢谢，请问在哪儿找出错信息啊。我的系统是SOLARIS8，我看了/var/log/syslog和/var/adm/messages都没什么出错信息。

作者: andrewleading_h 时间: 2004-08-16 07:26
提示: 作者被禁止或删除内容自动屏蔽

作者: py 时间: 2004-08-16 08:53
标题: 写给所有OpenLDAP不能正常启动的人
[quote]原帖由 "朽木可雕"]谢谢，请问在哪儿找出错信息啊。我的系统是SOLARIS8，我看了/var/log/syslog和/var/adm/messages都没什么出错信息。[/quote 发表：

启动的时候就可以看到，这样启动openldap，/usr/local/libexec/slapd -d 256

作者: 朽木可雕 时间: 2004-08-16 11:12
标题: 写给所有OpenLDAP不能正常启动的人
还是不行啊。
我的系统是SOLARIS8

bash-2.05# /usr/local/libexec/slapd -d 256
Killed
bash-2.05# tail /var/log/syslog
Jul 29 00:05:57 ms1.darren.com sendmail[3544]: [ID 801593 mail.info] i6SG5vMR003544: from=<wjz@darren.com>;, size=539, class=0, nrcpts=1, msgid=<200407281605.i6SG5vMR003544@ms1.darren.com>;, proto=ESMTP, daemon=MSA, relay=[10.1.2.19]
Jul 29 00:06:08 ms1.darren.com sendmail[3546]: [ID 801593 mail.info] i6SG5vMR003544: to=<mail5@test.com>;, ctladdr=<wjz@darren.com>; (1000/1), delay=00:00:11, xdelay=00:00:05, mailer=esmtp, pri=120539, relay=ms1.test.com. [10.1.2.52], dsn=2.0.0, stat=Sent (i6SG63S0001503 Message accepted for delivery)
Jul 29 00:09:10 ms1.darren.com sendmail[3548]: [ID 702911 mail.info] AUTH=server, relay=[10.1.2.19], authid=mail1, mech=LOGIN, bits=0
Jul 29 00:09:10 ms1.darren.com sendmail[3548]: [ID 801593 mail.info] i6SG9AYe003548: from=<mail1@darren.com>;, size=567, class=0, nrcpts=1, msgid=<200407281609.i6SG9AYe003548@ms1.darren.com>;, proto=ESMTP, daemon=MSA, relay=[10.1.2.19]
Jul 29 00:09:14 ms1.darren.com sendmail[3550]: [ID 801593 mail.info] i6SG9AYe003548: to=<mail5@test.com>;, ctladdr=<mail1@darren.com>; (2001/1), delay=00:00:04, xdelay=00:00:04, mailer=esmtp, pri=120567, relay=ms1.test.com. [10.1.2.52], dsn=2.0.0, stat=Sent (i6SG9Ae1001515 Message accepted for delivery)
Jul 29 20:25:08 ms1.darren.com sendmail[3623]: [ID 801593 mail.info] i6TCOqcU003623: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
Jul 30 02:30:37 ms1.darren.com sendmail[4234]: [ID 702911 mail.info] AUTH=server, relay=[10.1.2.19], authid=wjz, mech=LOGIN, bits=0
Jul 30 02:30:54 ms1.darren.com sendmail[4234]: [ID 801593 mail.info] i6TIUb16004234: from=<wjz@darren.com>;, size=2446917, class=0, nrcpts=1, msgid=<200407291830.i6TIUb16004234@ms1.darren.com>;, proto=ESMTP, daemon=MSA, relay=[10.1.2.19]
Jul 30 02:31:17 ms1.darren.com sendmail[4236]: [ID 801593 mail.info] i6TIUb16004234: to=<mail5@test.com>;, ctladdr=<wjz@darren.com>; (1000/1), delay=00:00:40, xdelay=00:00:23, mailer=esmtp, pri=2566917, relay=ms1.test.com. [10.1.2.52], dsn=2.0.0, stat=Sent (i6TIV1G9001495 Message accepted for delivery)
Jul 31 00:51:57 ms1.darren.com sendmail[4350]: [ID 801593 mail.info] i6UGpmH8004350: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
bash-2.05# tail /var/adm/messages
Aug 15 05:58:17 ms1.darren.com fdc: [ID 114370 kern.info] fd0 at fdc0
Aug 15 05:58:17 ms1.darren.com genunix: [ID 936769 kern.info] fd0 is /isa/fdc@1,3f0/fd@0,0
Aug 15 05:58:36 ms1.darren.com pcplusmp: [ID 637496 kern.info] pcplusmp: asy (asy) instance 0 vector 0x4 ioapic 0x1 intin 0x4 is bound to cpu 0
Aug 15 05:58:36 ms1.darren.com last message repeated 1 time
Aug 15 05:58:36 ms1.darren.com isa: [ID 202937 kern.info] ISA-device: asy0
Aug 15 05:58:36 ms1.darren.com genunix: [ID 936769 kern.info] asy0 is /isa/asy@1,3f8
Aug 15 05:58:36 ms1.darren.com pcplusmp: [ID 398438 kern.info] pcplusmp: asy (asy) instance #1 vector 0x3 ioapic 0x1 intin 0x3 is bound to cpu 0
Aug 15 05:58:36 ms1.darren.com last message repeated 1 time
Aug 15 05:58:36 ms1.darren.com isa: [ID 202937 kern.info] ISA-device: asy1
Aug 15 05:58:36 ms1.darren.com genunix: [ID 936769 kern.info] asy1 is /isa/asy@1,2f8
bash-2.05#

复制代码

作者: py 时间: 2004-08-16 12:22
标题: 写给所有OpenLDAP不能正常启动的人
我的系统是solaris9，你的openldap是编译安装的吗？make test都通过了吗？
openldap启动的时候如果指定了log level，应该是可以看到报错的，你这样试试/usr/local/libexec/slapd -d -1

作者: 朽木可雕 时间: 2004-08-17 10:57
标题: 写给所有OpenLDAP不能正常启动的人
是编译安装的啊，编译的时候没报什么错啊。我的配置文件有错吗？下面是我的配置文件，大家帮帮我吧。

bash-2.05# more slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
loglevel -1
replogfile /var/log/ldap.log
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy is:
# Allow read by all
#
# rootdn can always write!
#######################################################################
# ldbm database definitions
#######################################################################
database bdb
suffix "dc=darren,dc=com"
rootdn "cn=root,dc=darren,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw 1234
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass eq
defaultaccess none
access to dn=".*,dc=darren,dc=com"
by self read
by dn="cn=root,dc=darren,dc=com" write
by * none
access to *
by self read
by dn="cn=root,dc=darren,dc=com" write
by * none
bash-2.05#

复制代码

作者: py 时间: 2004-08-17 12:55
标题: 写给所有OpenLDAP不能正常启动的人
1。access to dn=".*,dc=darren,dc=com"不要再用这样的acl格式，openldap2.1.x已经不再支持
2。把其余的schema也include进来
3。把ACL部分先写成这样：
access to *
by self write
by * read
然后重新启动/usr/local/libexec/slapd -d -1，看看会有什么错误

作者: 朽木可雕 时间: 2004-08-18 15:27
标题: 写给所有OpenLDAP不能正常启动的人
试了，还是不行，日志也没任何显示。请问为什么啊？我都快急死了。

作者: py 时间: 2004-08-18 16:02
标题: 写给所有OpenLDAP不能正常启动的人
装了这么多次openldap，还没这样过，呵呵，再想想办法吧，你是装的openldap的新版本吗？

作者: 朽木可雕 时间: 2004-08-18 22:15
标题: 写给所有OpenLDAP不能正常启动的人
openldap-2.1.29

作者: py 时间: 2004-08-18 22:33
标题: 写给所有OpenLDAP不能正常启动的人
现在的配置文件是什么？贴出来，你把
loglevel -1
replogfile /var/log/ldap.log
也注释掉吧

作者: 朽木可雕 时间: 2004-08-19 10:06
标题: 写给所有OpenLDAP不能正常启动的人
操作系统：SunOS ms1.darren.com 5.8 Generic_117351-02 i86pc i386 i86pc。OPENLDAP版本：2.1.29。

bash-2.05# more slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/corba.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
#loglevel -1
#replogfile /var/log/ldap.log
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy is:
# Allow read by all
#
# rootdn can always write!
#######################################################################
# ldbm database definitions
#######################################################################
database bdb
suffix "dc=darren,dc=com"
rootdn "cn=root,dc=darren,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw 1234
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass eq
access to *
by self write
by * read
bash-2.05# more ldap.conf
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
bash-2.05# /usr/local/libexec/slapd -d -1
Killed
bash-2.05# tail /var/log/syslog
Jul 29 00:05:57 ms1.darren.com sendmail[3544]: [ID 801593 mail.info] i6SG5vMR003544: from=<wjz@darren.com>;, size=539, class=0, nrcpts=1, msgid=<200407281605.i6SG5vMR003544@ms1.darren.com>;, proto=ESMTP, daemon=MSA, relay=[10.1.2.19]
Jul 29 00:06:08 ms1.darren.com sendmail[3546]: [ID 801593 mail.info] i6SG5vMR003544: to=<mail5@test.com>;, ctladdr=<wjz@darren.com>; (1000/1), delay=00:00:11, xdelay=00:00:05, mailer=esmtp, pri=120539, relay=ms1.test.com. [10.1.2.52], dsn=2.0.0, stat=Sent (i6SG63S0001503 Message accepted for delivery)
Jul 29 00:09:10 ms1.darren.com sendmail[3548]: [ID 702911 mail.info] AUTH=server, relay=[10.1.2.19], authid=mail1, mech=LOGIN, bits=0
Jul 29 00:09:10 ms1.darren.com sendmail[3548]: [ID 801593 mail.info] i6SG9AYe003548: from=<mail1@darren.com>;, size=567, class=0, nrcpts=1, msgid=<200407281609.i6SG9AYe003548@ms1.darren.com>;, proto=ESMTP, daemon=MSA, relay=[10.1.2.19]
Jul 29 00:09:14 ms1.darren.com sendmail[3550]: [ID 801593 mail.info] i6SG9AYe003548: to=<mail5@test.com>;, ctladdr=<mail1@darren.com>; (2001/1), delay=00:00:04, xdelay=00:00:04, mailer=esmtp, pri=120567, relay=ms1.test.com. [10.1.2.52], dsn=2.0.0, stat=Sent (i6SG9Ae1001515 Message accepted for delivery)
Jul 29 20:25:08 ms1.darren.com sendmail[3623]: [ID 801593 mail.info] i6TCOqcU003623: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
Jul 30 02:30:37 ms1.darren.com sendmail[4234]: [ID 702911 mail.info] AUTH=server, relay=[10.1.2.19], authid=wjz, mech=LOGIN, bits=0
Jul 30 02:30:54 ms1.darren.com sendmail[4234]: [ID 801593 mail.info] i6TIUb16004234: from=<wjz@darren.com>;, size=2446917, class=0, nrcpts=1, msgid=<200407291830.i6TIUb16004234@ms1.darren.com>;, proto=ESMTP, daemon=MSA, relay=[10.1.2.19]
Jul 30 02:31:17 ms1.darren.com sendmail[4236]: [ID 801593 mail.info] i6TIUb16004234: to=<mail5@test.com>;, ctladdr=<wjz@darren.com>; (1000/1), delay=00:00:40, xdelay=00:00:23, mailer=esmtp, pri=2566917, relay=ms1.test.com. [10.1.2.52], dsn=2.0.0, stat=Sent (i6TIV1G9001495 Message accepted for delivery)
Jul 31 00:51:57 ms1.darren.com sendmail[4350]: [ID 801593 mail.info] i6UGpmH8004350: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
bash-2.05# tail /var/adm/messages
Aug 17 20:42:34 ms1.darren.com fdc: [ID 114370 kern.info] fd0 at fdc0
Aug 17 20:42:34 ms1.darren.com genunix: [ID 936769 kern.info] fd0 is /isa/fdc@1,3f0/fd@0,0
Aug 17 20:42:40 ms1.darren.com pcplusmp: [ID 637496 kern.info] pcplusmp: asy (asy) instance 0 vector 0x4 ioapic 0x1 intin 0x4 is bound to cpu 0
Aug 17 20:42:40 ms1.darren.com last message repeated 1 time
Aug 17 20:42:40 ms1.darren.com isa: [ID 202937 kern.info] ISA-device: asy0
Aug 17 20:42:40 ms1.darren.com genunix: [ID 936769 kern.info] asy0 is /isa/asy@1,3f8
Aug 17 20:42:40 ms1.darren.com pcplusmp: [ID 398438 kern.info] pcplusmp: asy (asy) instance #1 vector 0x3 ioapic 0x1 intin 0x3 is bound to cpu 0
Aug 17 20:42:40 ms1.darren.com last message repeated 1 time
Aug 17 20:42:40 ms1.darren.com isa: [ID 202937 kern.info] ISA-device: asy1
Aug 17 20:42:40 ms1.darren.com genunix: [ID 936769 kern.info] asy1 is /isa/asy@1,2f8
bash-2.05# uname -a
SunOS ms1.darren.com 5.8 Generic_117351-02 i86pc i386 i86pc
bash-2.05#

复制代码

作者: 朽木可雕 时间: 2004-08-19 10:58
标题: 写给所有OpenLDAP不能正常启动的人
请看http://chinaunix.net/jh/49/308791.html中的这一段：

也是按linux源码安装的三步曲完成，没有什么好说的了。该软件默认是安装在/usr/local/BerkeleyDB.4.2目录下。安装完成后，要把/usr/local/BerkeleyDB.4.2/lib的库路径加到/etc/ld.so.conf文件内，添加完成后执行一次ldconfig，使用配置文件生效。这样编译openldap时才能找到相应的库文件。这样资料库就安装完成了，接下来可以安装openldap了。
ld.so.conf是什么东西？它就是系统动态链接库的配置文件。此文件内,存放着可被LINUX共享的动态链接库所在目录的名字(系统目录/lib,/usr/lib除外)，各个目录名间以空白字符(空格，换行等)或冒号或逗号分隔。一般的LINUX发行版中，此文件均含一个共享目录/usr/X11R6/lib，为X window窗口系统的动态链接库所在的目录。 ldconfig是它的管理命令，具体操作方法可查询man手册，这里就不细讲了。

复制代码

我的系统是SOLARIS，这一步我应该如何做啊？

作者: littletiger 时间: 2004-08-26 10:43
标题: 写给所有OpenLDAP不能正常启动的人
Solaris下没有linux象ldconfig这样得命令，编辑/var/ld/ld.conf
这个文件假设我的应用名字是appname，用你自己替换这个名字就行了
/usr/lib
/usr/local/lib
/var/appname/lib

crle得命令大概用法如下具体可以参见man
crle -l /usr/lib -l /usr/local/lib -l /var/appname/lib -i /usr/lib -i /usr/local/lib -i /var/appname/lib

作者: DreamJiang 时间: 2004-08-26 10:54
标题: 写给所有OpenLDAP不能正常启动的人
如果是SuSE Linux系統，當你在slapd.conf文件中含有“Loglevel 1”這條語句時，那麼將導致slapd服務進程記錄所有的信息到syslog LOCAL4，同樣需要輯 /etc/syslog.conf文件來將這些信息定向到一個單獨的文件來以方便調試，對於SuSE　Linux系統來說，ldap的錯誤日志就是文件/var/log/localmessage

作者: shenmue71 时间: 2004-09-06 13:19
标题: 写给所有OpenLDAP不能正常启动的人
rh9自带的openldap是不是有问题？，我的操作应该没问题，可总是提示ldap_bind: Invalid credentials (49)
同样配置，在debian自己编译的就使用正常

作者: py 时间: 2004-09-06 15:37
标题: 写给所有OpenLDAP不能正常启动的人
自带的？你说的是rpm的？试试把slapd.conf中的密码改成明文

作者: 缘随风 时间: 2004-12-14 20:59
标题: 写给所有OpenLDAP不能正常启动的人
我是初学者，有一个问题，请大侠们帮忙

我按照EJBCA中的How to ldap说明的配置openldap for win32：
include 进必要的schema，修改了cn  o  c，  密码采用密文方式（明文也试了）

然后用ldapadd导入LDIF file (org.ldif如下)

dn: o=AnaTom,c=SE
objectclass: dcObject
objectclass: organization
o: AnaTom
dc: AnaTom

dn: cn=Admin,o=AnaTom,c=SE
objectclass: organizationalRole
cn: Admin

显示导入成功 add new entry    o=AnaTom,c=SE
         add new entry    cn=Admin,o=AnaTom,c=SE

但是我用这个管理员Admin添加其他成员时：
ldap_add: Server is unwilling to perform (53)
      additional info: no global superior knowledge

加入access 的相关内容后还是这个错误

跪谢

作者: kampoo 时间: 2005-04-19 16:38
标题: 写给所有OpenLDAP不能正常启动的人
bdb_dn2entry("o=system"

=>; bdb_dn2id( "o=system" )
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)
send_ldap_result: conn=0 op=1 p=3
send_ldap_result: err=10 matched="" text=""
send_ldap_response: msgid=2 tag=101 err=32
ber_flush: 14 bytes to sd 28
0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... ....
ldap_write: want=14, written=14
0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... ....
daemon: activity on 1 descriptors
daemon: activity on: 28r
daemon: read activity on 28
connection_get(2

connection_get(2

: got connid=0
connection_read(2

: checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
  0000:  30 2d 02 01 03 63 28 04                         0-...c(.
ldap_read: want=39, got=39
  0000:  08 6f 3d 73 79 73 74 65  6d 0a 01 00 0a 01 03 02 .o=system.......
  0010:  01 00 02 01 00 01 01 00  87 0b 6f 62 6a 65 63 74 ..........object
  0020:  43 6c 61 73 73 30 00                            Class0.
ber_get_next: tag 0x30 len 45 contents:
ber_dump: buf=0x0102eb78 ptr=0x0102eb78 end=0x0102eba5 len=45
  0000:  02 01 03 63 28 04 08 6f  3d 73 79 73 74 65 6d 0a ...c(..o=system.
  0010:  01 00 0a 01 03 02 01 00  02 01 00 01 01 00 87 0b ................
  0020:  6f 62 6a 65 63 74 43 6c  61 73 73 30 00          objectClass0.
ber_get_next
ldap_read: want=8 error=unknown error
ber_get_next on fd 28 failed errno=10035 (WSAEWOULDBLOCK)
do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x0102eb78 ptr=0x0102eb7b end=0x0102eba5 len=42
  0000:  63 28 04 08 6f 3d 73 79  73 74 65 6d 0a 01 00 0a c(..o=system....
  0010:  01 03 02 01 00 02 01 00  01 01 00 87 0b 6f 62 6a .............obj
  0020:  65 63 74 43 6c 61 73 73  30 00                   ectClass0.
>;>;>; dnPrettyNormal: <o=system>;
=>; ldap_bv2dn(o=system,0)
ldap_err2string
<= ldap_bv2dn(o=system)=0 Success
=>; ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(o=system)=0 Success
=>; ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(o=system)=0 Success
<<< dnPrettyNormal: <o=system>;, <o=system>;
SRCH "o=system" 0 3 0 0 0
begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x0102eb78 ptr=0x0102eb96 end=0x0102eba5 len=15
  0000:  87 0b 6f 62 6a 65 63 74  43 6c 61 73 73 30 00    ..objectClass0.
end get_filter 0
filter: (objectClass=*)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x0102eb78 ptr=0x0102eba3 end=0x0102eba5 len=2
  0000:  00 00                                           ..
daemon: select: listen=716 active_threads=0 tvp=NULL
attrs:
=>; bdb_search
bdb_dn2entry("o=system"

=>; bdb_dn2id( "o=system" )
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)

作者: py 时间: 2005-04-19 17:01
标题: 写给所有OpenLDAP不能正常启动的人
看样子是bdb初错了，是在启动slapd的时候吗？slapd -d 256？你的系统环境？以前启动是不是好的？.....

作者: gary_tay88 时间: 2005-05-26 23:55
标题: 写给所有OpenLDAP不能正常启动的人
See related post:

http://bbs.chinaunix.net/forum/viewtopic.php?t=551510

Gary

作者: freepower 时间: 2005-05-31 11:58
提示: 作者被禁止或删除内容自动屏蔽

作者: py 时间: 2005-05-31 13:46
标题: 写给所有OpenLDAP不能正常启动的人
我没在freebsd上编译过openldap，我想可能是你没有装sasl，或是sasl的版本incompatible
你可以手工编译openldap看看问题是不是仍然存在

作者: zhaowx 时间: 2005-06-06 11:31
标题: 写给所有OpenLDAP不能正常启动的人
我用的是windows下的 openldap，起初使用正常，使用时，有时连接达到最大数量后就不能使用，重新启动后就可以使用，这样使用一段时间后，重新启动时到下面这一步就不能往下运行了：
bdb_db_open: dbenv_open(c:/openldap/var/openldap-data)

无论使用什么参数启动，都卡在这里，启动不了，要丢失数据，着急呀，请高手帮忙。

作者: gary_tay88 时间: 2005-06-06 12:02
标题: 写给所有OpenLDAP不能正常启动的人
Assuming you are using BDB 4.2.52 + 2 patches.

I am not sure about OpenLDAP windows version, for UNIX/Linux versions to properly operate, you need a DB_CONFIG in LDAP data directory.

# cat /var/lib/ldap/DB_CONFIG
set_cachesize 0 209715200 0
set_lg_regionmax 131072
set_lg_bsize 2097152

(This is for a RHEL/AS3 server with 2GB RAM, 4-CPU)

Search Google for "DB_CONFIG" to understand more.

Also you should put some basic performance tunning parameters in slapd.conf, the following is an example:

# Performance tuning directives
sizelimit 5000
threads 8
idletimeout 14400
cachesize 10000
checkpoint 256 15

Gary

作者: gary_tay88 时间: 2005-06-06 12:08
标题: 写给所有OpenLDAP不能正常启动的人
You may run "db_recover", then "db_verify", then start slapd

作者: zhaowx 时间: 2005-06-06 17:35
标题: 写给所有OpenLDAP不能正常启动的人
我用的是windows下的 openldap，起初使用正常，使用时，有时连接达到最大数量后就不能使用，重新启动后就可以使用，这样使用一段时间后，重新启动时到下面这一步就不能往下运行了：
bdb_db_open: dbenv_open(c:/openldap/var/openldap-data)

无论使用什么参数启动，都卡在这里，启动不了，要丢失数据，着急呀，请高手帮忙。

作者: zhaowx 时间: 2005-06-07 09:26
标题: 写给所有OpenLDAP不能正常启动的人
openldap 中没有 "db_recover" 和 "db_verify" 程序呀.

作者: zhaowx 时间: 2005-06-07 09:28
标题: 写给所有OpenLDAP不能正常启动的人
在 slapd.conf 文件中添加了如下语句：
sizelimit 5000
threads 8
idletimeout 14400
cachesize 10000
checkpoint 256 15

可还是老问题，到这里就卡住了：

slapd startup: initiated.
bdb_db_open: dbenv_open(e:/openldap/var/openldap-data)

作者: zhaowx 时间: 2005-06-07 09:34
标题: 写给所有OpenLDAP不能正常启动的人
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
ucdata-path e:/openldap/ucdata
#include e:/openldap/etc/schema/corba.schema
include e:/openldap/etc/schema/core.schema
include e:/openldap/etc/schema/myschema.schema
#include e:/openldap/etc/schema/cosine.schema
#include e:/openldap/etc/schema/inetorgperson.schema
#include e:/openldap/etc/schema/java.schema
#include e:/openldap/etc/schema/misc.schema
#include e:/openldap/etc/schema/nis.schema
#include e:/openldap/etc/schema/openldap.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

sizelimit 5000
threads 8
idletimeout 14400
cachesize 10000
checkpoint 256 15

pidfile e:/openldap/var/slapd.pid
argsfile e:/openldap/var/slapd.args

# Load dynamic backend modules:
# modulepath e:/openldap/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la

# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
access to dn.base="cn=manager,o=dtedu.org" by self write
# access to *
by self write
# by users read
by anonymous auth
#
# if no access controls are present, the default policy is:
# Allow read by all
#
# rootdn can always write!
loglevel -1
replogfile /var/log/ldap.log

#######################################################################
# ldbm database definitions
#######################################################################

database bdb
suffix "o=dtedu.org"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(

and slapd.conf(5) for details.
# Use of strong authentication encouraged.

rootdn "cn=manager,o=dtedu.org"
rootpw {SSHA}Gpuj9VmNOhzd1c5U84Hcdo1KR5/XPcnK
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory e:/openldap/var/openldap-data
# Indices to maintain
index objectClass eq

作者: zhaowx 时间: 2005-06-07 09:34
标题: 写给所有OpenLDAP不能正常启动的人
谢谢

作者: py 时间: 2005-06-07 10:37
标题: 写给所有OpenLDAP不能正常启动的人
[quote]原帖由 "zhaowx"]openldap 中没有 "db_recover" 和 "db_verify" 程序呀.[/quote 发表：

这些应该是linux下bdb的命令吧，感觉很多参数对windows下的openldap都不起作用
如果是在windows下重新编译openldap可以调整这些优化的参数

作者: gary_tay88 时间: 2005-06-07 12:56
标题: 写给所有OpenLDAP不能正常启动的人
Where is your ldap data? do you have a "directory ..." directive in slapd.conf?

e:/openldap/var/openldap-data
OR
c:/openldap/var/openldap-data

作者: gary_tay88 时间: 2005-06-08 00:01
标题: 写给所有OpenLDAP不能正常启动的人
If you use "database bdb", that means your database backend used is Berkeley DB (http://www.sleepycat.com), "db_recover" and "db_verify" are from the BDB package.

The LAST time I used Windows version of OpenLDAP 2.1.XX was 2 years ago, I used CYGWIN, that came with BDB version 3.X I think, and I compiled OpenLDAP 2.1.XX from source codes. Since them, I never used Windows based OpenLDAP anymore.

I would encourage you to give up Windows version of OpenLDAP, backup the LDAP data (slapcat), install Linux (RedHat Fedora Core 3 for example) and install/compile OpenLDAP 2.2.6 from source codes, then restore back the LDAP data (slapadd).

Gary

作者: zhaowx 时间: 2005-06-08 17:45
标题: 写给所有OpenLDAP不能正常启动的人
可是，LINUX下的LDAP存储中文有问题呀。

作者: gary_tay88 时间: 2005-06-08 20:16
标题: 写给所有OpenLDAP不能正常启动的人
I am not an expert. If I am really correct (IIRC), OpenLDAP has language tags (RFC 2596) support since 2.0.X.

http://www.faqs.org/rfcs/rfc2596.html

http://www.openldap.org/software/roadmap.html

Google this text pattern for related posts in OpenLDAP mail list archives:

"language site:www.openldap.org"

Gary

作者: zhaowx 时间: 2005-06-09 11:31
标题: 写给所有OpenLDAP不能正常启动的人
谢谢 gary_tay88 。

作者: anstan 时间: 2005-07-06 22:40
标题: 写给所有OpenLDAP不能正常启动的人
我用/usr/local/openldap/libexec/slapd -d 256可以启动
但是用/usr/local/openldap/bin/ldappasswd时出错：
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
additional info: SASL(-13): user not found: no secret in database

why?

作者: py 时间: 2005-07-09 10:41
标题: 写给所有OpenLDAP不能正常启动的人
ldapadd，ldapsearch的时候有没有同样的问题？
另外你用ldappasswd改密码的用户是不是当前用户？不是的话用-u 指定一下。
你的这个问题在google上出现的很多，可以看看这个：
http://www.openldap.org/lists/openldap-software/200308/msg00149.html

作者: anstan 时间: 2005-07-10 20:45
标题: 写给所有OpenLDAP不能正常启动的人

原帖由 "py" 发表：
ldapadd，ldapsearch的时候有没有同样的问题？
另外你用ldappasswd改密码的用户是不是当前用户？不是的话用-u 指定一下。
你的这个问题在google上出现的很多，可以看看这个：
http://www.openldap.org/lists/open..........

我的slapd.conf中有：
rootdn "cn=Manager,dc=test,dc=com"
rootpw {SSHA}ra0sD47QP32ASAlaAhF8kgi+8Aflbgr7

我现在想改这个密码，应该怎么做呢？

作者: gary_tay88 时间: 2005-07-11 10:46
标题: 写给所有OpenLDAP不能正常启动的人
Use "slappasswd" to find out the encypted format of your new password, see "man slappasswd" for more details.

# slappasswd
New password: secret
Re-enter new password: secret
{SSHA}/BoxeE3UI+Bwtpve7Ku3rGX3Mk0JpTas

Copy the output and paste into slapd.conf's "rootpw" directive, after slapd is restarted, new "rootpw" will be the password for "cn=Manager,dc=test,dc=com".

"ldappasswd" is used to change individual user password, use the "-W" to prompt for old password entry and "-S" to prompt for new password entry, below is an example.

$ ldappasswd -x -D "uid=testuser,ou=People,dc=test,dc=com" -W -S
New password:
Re-enter new password:
Enter LDAP Password:
Result: Success (0)

Note that NEW password is entered first, then the existing OLD password which is also the bindpw of binddn (-D ...).

If you use "passwd", usually the order is to enter existing OLD password first then NEW password.

Gary

作者: leave 时间: 2005-07-11 22:09
标题: 写给所有OpenLDAP不能正常启动的人
[quote]原帖由 "zhaowx"]可是，LINUX下的LDAP存储中文有问题呀。[/quote 发表：

难道有区别吗？我用起来都是一样的可以存。

作者: leave 时间: 2005-07-11 22:15
标题: 写给所有OpenLDAP不能正常启动的人

原帖由 "anstan" 发表：

我的slapd.conf中有：
rootdn "cn=Manager,dc=test,dc=com"
rootpw {SSHA}ra0sD47QP32ASAlaAhF8kgi+8Aflbgr7

我现在想改这个密码，应该怎么做呢？

不知道直接修改行不行。把这一段字符串{SSHA}ra0sD47QP32ASAlaAhF8kgi+8Aflbgr7替换成明文密码例如secret

作者: ouwind 时间: 2005-07-12 16:10
标题: 写给所有OpenLDAP不能正常启动的人
@(#) $OpenLDAP: slapd 2.2.26 (Jul 9 2005 16:06:33) $
test@localhost.localdomain:/home/test/openldap-2.2.26/servers/slapd
daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol)
daemon: bind(6) failed errno=98 (Address already in use)
slapd stopped.
connections_destroy: nothing to destroy.
这个是什么问题，我用ldap browser访问的时候，root帐号登陆会出来invalid dn (error 34)或者匿名登陆会出来no such object (error 32)

作者: ouwind 时间: 2005-07-12 17:45
标题: 写给所有OpenLDAP不能正常启动的人
我的slapd.con配置
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include       /urs/local/openldap/etc/openldap/schema/core.schema
include       /urs/local/openldap/etc/openldap/schema/corba.schema
include       /urs/local/openldap/etc/openldap/schema/cosine.schema
include       /urs/local/openldap/etc/openldap/schema/inetorgperson.schema
include       /urs/local/openldap/etc/openldap/schema/misc.schema
include       /urs/local/openldap/etc/openldap/schema/openldap.schema
include       /urs/local/openldap/etc/openldap/schema/nis.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral    ldap://root.openldap.org

pidfile       /urs/local/openldap/var/run/slapd.pid
argsfile       /urs/local/openldap/var/run/slapd.args

# Load dynamic backend modules:
# modulepath /urs/local/openldap/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la

# Sample security restrictions
#    Require integrity protection (prevent hijacking)
#    Require 112-bit (3DES or better) encryption for updates
#    Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#    Root DSE: allow anyone to read it
#    Subschema (sub)entry DSE: allow anyone to read it
#    Other DSEs:
#             Allow self write access
#             Allow authenticated users read access
#             Allow anonymous users to authenticate
#    Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#    by self write
#    by users read
#    by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read"

#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

database       bdb
suffix       "dc=it,dc=com"
rootdn       "cn=root,dc=it,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(

and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw       aaa
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory    /urs/local/openldap/var/openldap-data
# Indices to maintain
index objectClass    eq
#ACL configure
#access to attr=userPassword
#by self write
#by anonymous auth
#access to attr=mail
#by dn="cn=root,dc=it,dc=tigerhead"
#by self write
by anonymous auth
#access to dn="cn=*,dc=it,dc=tigerhead"
access to *
by self write
by * read

作者: leave 时间: 2005-07-13 16:53
标题: 写给所有OpenLDAP不能正常启动的人

原帖由 "ouwind" 发表：
@(#) $OpenLDAP: slapd 2.2.26 (Jul 9 2005 16:06:33) $
test@localhost.localdomain:/home/test/openldap-2.2.26/servers/slapd
daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol)
daemon: bind(6) failed errno=98 (Address already in use)
slapd stopped.
connections_destroy: nothing to destroy.
这个是什么问题，我用ldap browser访问的时候，root帐号登陆会出来invalid dn (error 34)或者匿名登陆会出来no such object (error 32)

slapd没有启动怎么还能用ldap browser登录？
daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol)
daemon: bind(6) failed errno=98 (Address already in use)
slapd stopped.

从这两句找原因。你配置了什么东西吗？我没见过这样的信息。

作者: ouwind 时间: 2005-07-13 18:00
标题: 写给所有OpenLDAP不能正常启动的人
但是从ps -aux可以看到./slapd是在的(这个是查看线程的?),而且netstat -a也可以看到ldap端口已经打开.是不是因为我已经启动了,所以再打开./slapd是这个回应.另外我编写了一个root.ldif
ldapadd -x -D "cn=root,dc=it,dc=com" -W -f root.ldif
然后提示add success.
然后ldapsearch -x -b 'dc=it,dc=com' '(objectclass=*)'
系统提示:
version: 2

#
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

这是为什么,我已经贴加了，为什么result 0 success

作者: leave 时间: 2005-07-13 20:10
标题: 写给所有OpenLDAP不能正常启动的人
你看我的，我的LDAP的所有配置都在http://bbs.chinaunix.net/forum/viewtopic.php?t=572951&show_type=
这个帖子里面下午我刚添加的一条数据。然后我用下面的搜索：

C:\openldap>;ldapsearch -x -b c=cn
# extended LDIF
#
# LDAPv3
# base <c=cn>; with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# cn
dn: c=cn
objectClass: country
objectClass: top
c: cn

# qq, cn
dn: uid=qq,c=cn
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: qq
cn: qq
sn: qq
telephoneNumber: 138888888
description: openldap test
telexNumber: tex-8888888
street: my street
postOfficeBox: postofficebox
displayName: qqdisplay
homePhone: home1111111
mobile: mobile99999
mail: qq@qq.com

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

C:\openldap>;ldapsearch -x -b 'c=cn' "objectClass=*"
# extended LDIF
#
# LDAPv3
# base <'c=cn'>; with scope sub
# filter: objectClass=*
# requesting: ALL
#

# search result
search: 2
result: 34 Invalid DN syntax
text: invalid DN

# numResponses: 1

C:\openldap>;

作者: leave 时间: 2005-07-13 20:27
标题: 写给所有OpenLDAP不能正常启动的人
把上面的c=cn的引号去掉再搜索：
C:\openldap>;ldapsearch -x -b c=cn "objectClass=*"
# extended LDIF
#
# LDAPv3
# base <c=cn>; with scope sub
# filter: objectClass=*
# requesting: ALL
#

# cn
dn: c=cn
objectClass: country
objectClass: top
c: cn

# qq, cn
dn: uid=qq,c=cn
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: qq
cn: qq
sn: qq
telephoneNumber: 138888888
description: openldap test
telexNumber: tex-8888888
street: my street
postOfficeBox: postofficebox
displayName: qqdisplay
homePhone: home1111111
mobile: mobile99999
mail: qq@qq.com

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2
C:\openldap>;ldapsearch -x -b c=cn "objectClass=person"
# extended LDIF
#
# LDAPv3
# base <c=cn>; with scope sub
# filter: objectClass=person
# requesting: ALL
#

# qq, cn
dn: uid=qq,c=cn
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: qq
cn: qq
sn: qq
telephoneNumber: 138888888
description: openldap test
telexNumber: tex-8888888
street: my street
postOfficeBox: postofficebox
displayName: qqdisplay
homePhone: home1111111
mobile: mobile99999
mail: qq@qq.com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
C:\openldap>;

作者: ouwind 时间: 2005-07-14 09:44
标题: 写给所有OpenLDAP不能正常启动的人
为什么success=0啊

作者: 金西 时间: 2005-07-17 14:19
标题: 写给所有OpenLDAP不能正常启动的人
@(#) $OpenLDAP: slapd 2.1.29 (Jul 17 2005 11:35:41) $
root@LinuxWeb:/tmp/openldap/servers/slapd
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: socket() failed errno=97 (Address family not supported by protocol)
daemon: bind(6) failed errno=98 (Address already in use)
slap_open_listener: failed on ldap:///
slapd stopped.
connections_destroy: nothing to destroy.

作者: lazy_bug 时间: 2006-01-19 15:28
[root@mailhost libexec]# ./slapd -d 256
@(#) $OpenLDAP: slapd 2.3.17 (Jan 19 2006 10:23:51) $
root@mailhost:/usr/local/src/openldap-2.3.17/servers/slapd
daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol)
bdb_db_open: Warning - No DB_CONFIG file found in directory /usr/local/openldap/var/openldap-data: (2)
Expect poor performance for suffix dc=test,dc=com.
slapd starting
有抱错哦,请问是什么意思?/
请斑竹帮助看看 ,请问 var下面的文件都是干什么用的??请赐教

作者: py 时间: 2006-01-19 17:35
/usr/local/openldap/var/openldap-data目录下的是存放后端数据的,例如,bdb的数据文件.DB_CONFIG文件记录着bdb数据库的一些配置,一个样本配置文件已经存在于/usr/local/etc/openldap/中(DB_CONFIG.example)
如果不给bdb设置一些参数,bdb的效率和稳定性会受到很大影响
更详细的信息可以参见www.openldap.org网站上的相关文档

作者: windychan 时间: 2006-02-16 14:21
标题: LDAP的启动问题
１，用 ./slapd -d 256启动时可以看到如下信息(但sladp是运行成功的),应如何解决这个问题?
daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol),

２，为什么我的 /usr/local/openldap/etc/openldap/schema/中没有samba.schema这个文件??

所在在slapd.conf就不能配置这个，从文名上看该应该与samba应用有关，是吗？应该如何取得该文件．是以前的安装出了问题吗?

作者: py 时间: 2006-02-17 21:06

原帖由 windychan 于 2006-2-16 14:21 发表
１，用 ./slapd -d 256启动时可以看到如下信息(但sladp是运行成功的),应如何解决这个问题?
daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol),

２，为什么我的 /usr/local ...

编译openldap的时候把ipv6 disable掉可以解决问题1,这个问题不影响openldap的正常工作
samba.schema不是openldap release的一部分,所以不会出现在上述目录中.可以在samba的原代码包中找到,find一下即可.

作者: windychan 时间: 2006-02-18 16:34
标题: dn无数据输出
slapd.conf的配置如下(注:slapd启动成功, 389/tcp open  ldap),

......................
database bdb
suffix "dc=wxldapt,dc=com"
rootdn "cn=root,dc=wxldapt,dc=com"
rootpw secret
directory    /usr/local/openldap/var/openldap-data
index objectClass    eq

用ldapsearch查看时,dn无数据．
#ldapsearch  -x -b '' -s base '(objectclass=*)'
如果出下,

# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#

#
dn:
objectClass: top
objectClass: OpenLDAProotDSE

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

为什么？？？请支持！

作者: py 时间: 2006-02-22 20:26
要仔细看www.openldap.org的管理手册和具体命令的man page

ldapsearch -x -D "cn=manager,dc=*,dc=*" -W '(objectclass=*)'
其中*是看你的具体情况

另外,当你LDAP中没有数据的时候也search不到东西的

作者: zhangxy2000 时间: 2006-02-23 11:01
提示: 作者被禁止或删除内容自动屏蔽

作者: windychan 时间: 2006-02-23 11:46
smb-host:/etc/openldap/ldif # slapadd -vl base.ldif 提示出下

slapadd: could not parse entry (line=33)
可我的base.ldif文件只用32行啊．

作者: py 时间: 2006-02-24 15:36
ldif文件的写法请参照www.openldap.org上的文档,注意空格和空行的使用
建议自习阅读官方文档,包括客户端以及服务器端工具的使用参数

作者: windychan 时间: 2006-02-27 09:13
明白老大,谢谢你一直的关注，但我真的把每一个行末的空格和空行都删除了的啊？？？？？？？？？？？？

作者: zrover 时间: 2006-03-15 05:40
标题: openbsd装ldap~
# /usr/local/libexec/slapd -d 256
@(#) $OpenLDAP: slapd 2.2.27 (Sep  2 2005 14:53:47) $
      @i386.ports.openbsd.org:/usr/obj/i386/openldap-2.2.27/build-i386/servers/slapd
/etc/openldap/slapd.conf: line 63: suffix line must appear inside a database definition
slapd stopped.
connections_destroy: nothing to destroy.

作者: zrover 时间: 2006-03-15 05:46
标题: bdb???数据库错误？
# /usr/local/libexec/slapd -d 256
@(#) $OpenLDAP: slapd 2.2.27 (Sep  2 2005 14:53:47) $
      @i386.ports.openbsd.org:/usr/obj/i386/openldap-2.2.27/build-i386/servers/slapd
Unrecognized database type (bdb)
database bdb initialization failed.
slapd stopped.
connections_destroy: nothing to destroy.

作者: windychan 时间: 2006-03-15 11:37
贴出sladp.conf全部,估计你的数据库设定出错!

作者: py 时间: 2006-03-15 23:31
看样子像是没有把bdb编译进去.

PS.现在为什么还要用这么老的openldap版本,2.2.X在不久的将来就不再维护了

作者: roy1984 时间: 2006-03-25 15:58
标题: 为什么我用net start openldap-slapd却不能正确启动
显示信息是'net' 不是外部或者内部命令也不是可运行的程序或批处理文件啊?是不是系统的问题啊? 我把openldap重装了几遍都一样但是在服务管理里面可以正常启动而且ldap browser能正常连接

作者: YuLimin 时间: 2006-03-25 18:53
出现

Berkeley DB library configured to support only DB_PRIVATE environments

作者: hoige 时间: 2006-03-29 13:46
我安装了openldap，是和Linux AS4一起安装的，2.2.x但安装好了就不能启动，不知道为什么？？？

[root@dbbak log]# cd /etc/init.d
[root@dbbak init.d]# ./ldap start
Checking configuration files for : config file testing succeeded
Starting slapd: [FAILED]

看一下log /var/log/messages
Mar 29 08:40:46 dbbak su(pam_unix)[3901]: session opened for user root by test(uid=500)
Mar 29 08:42:19 dbbak slaptest: sql_select option missing
Mar 29 08:42:19 dbbak slaptest: auxpropfunc error no mechanism available
Mar 29 08:42:19 dbbak ldap:  succeeded
Mar 29 08:42:19 dbbak slapd[3951]: sql_select option missing
Mar 29 08:42:19 dbbak slapd[3951]: auxpropfunc error no mechanism available
Mar 29 08:42:19 dbbak ldap: slapd startup failed

找了网上一些资料，说是/etc/openldap中权限问题，发现不是这样的
[root@dbbak init.d]# cd /etc/openldap
[root@dbbak openldap]# ls -l
total 28
-rwxrwxrwx  1 ldap ldap  320 Mar 28 13:14 ldap.conf
drwxrwxrwx  3 ldap ldap 4096 Mar 28 13:12 schema
-rwxrwxrwx  1 ldap ldap 3320 Mar 28 14:04 slapd.conf
-rwxrwxrwx  1 ldap ldap 3437 Mar 28 14:08 slapd.conf.1
-rwxr-xr-x  1 ldap ldap 3320 Mar 28 14:49 slapd.conf.old

//etc/ldap.conf
[root@dbbak etc]# ls -l ldap.conf
-rwxr-xr-x  1 ldap ldap 8685 Mar 28 13:14 ldap.conf

/var/lib/ldap目录：
[root@dbbak lib]# ls -l
total 180
drwxr-xr-x 2 root    root 4096 Mar 28 13:11 alternatives
drwxr-xr-x 2 root    root 4096 Dec  1  2004 cs
drwx------ 2 apache apache  4096 Aug 31  2005 dav
drwxr-xr-x 2 root    root 4096 Nov 18  2004 dhcp
drwxr-x--- 2 root    root 4096 Oct 19  2004 dhcpv6
drwxr-xr-x 2 root    root 4096 Aug 13  2004 games
drwxrwxrwx 2 ldap    ldap 4096 Apr 21  2005 ldap

统统没有问题
/etc/openldap/slapd.conf
database       bdb
suffix       "dc=my-domain,dc=com"
rootdn       "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd( and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw             secret
# rootpw             {crypt}ijFYNcSNctBYg

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory    /var/lib/ldap

即是安装的时候默认，没有改
不知道为什么起不来
谢谢

root@dbbak sbin]# ./slapd -d 256 (路径：/usr/sbin)
@(#) $OpenLDAP: slapd 2.2.13 (Apr 20 2005 18:32:13) $
      root@decompose.build.redhat.com:/usr/src/build/557148-i386/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
bdb_db_init: Initializing BDB database
TLS: could not load client CA list (file:`',dir:`/etc/openldap/cacerts').
TLS: error:0200A002:system librarypendir:No such file or directory ssl_cert.c:750
TLS: error:140D7002:SSL routines:SSL_add_dir_cert_subjects_to_stack:system lib ssl_cert.c:752
main: TLS init def ctx failed: -1
slapd stopped.
connections_destroy: nothing to destroy.

谢谢，这个cacerts是必须的吗？？？
谢谢

作者: hoige 时间: 2006-03-30 17:11
谢谢
试着自己安装

作者: ebin9099 时间: 2006-03-30 17:27
楼主，我出现的是这个问题
daemon: socket() failed errno=97 (Address family not supported by protocol)
could not open config file "/etc/openldap/schema/nadf.schema" - absolute path?
/etc/openldap/schema/nadf.schema: No such file or directory
slapd stopped.
connections_destroy: nothing to destroy
请楼主帮忙看看，小弟不甚感激！

作者: py 时间: 2006-03-30 18:33
could not open config file "/etc/openldap/schema/nadf.schema" - absolute path?
/etc/openldap/schema/nadf.schema: No such file or directory

看看配置文件中写的schema文件位置是不是对

作者: ebin9099 时间: 2006-03-31 10:28
我查了，文件路经是对的，但奇怪的是schema文件目录中没有nadf.schema这个文件，这又会是什么问题呢？测试的时间比较长，我没始终盯着看。但在测试结束的时候我没有看到报错。安装的时候也是。楼主你认为这会是什么原因造成的呢？

作者: hoige 时间: 2006-04-04 09:00
感谢前面的指教，现在启动是启动起来了，但是报密码错误啊
不知道怎么办好
我安装了openldap，是和Linux AS4一起安装的，2.2.x但安装好了，采用默认配置
/******************
database       bdb
suffix       "dc=my-domain,dc=com"
rootdn       "cn=root"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(

and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw test
# rootpw    {MD5}CY9rzUYh03PK3k6DJie09g==

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory    /var/lib/ldap
/*********************************************************
这个配置没问题吧，密码没有加密
root@dbbak openldap]# ldapadd -x -D 'cn=root,dc=my-domain,dc=com' -W
Enter LDAP Password: （输入test这个密码）
ldap_bind: Invalid credentials (49)
看一下ldap.log 这个我设置了
/*************************
Apr  4 08:39:23 dbbak slapd[10962]: do_bind
Apr  4 08:39:23 dbbak slapd[10962]: >>> dnPrettyNormal: <cn=root,dc=my-domain,dc=com>
Apr  4 08:39:23 dbbak slapd[10962]: <<< dnPrettyNormal: <cn=root,dc=my-domain,dc=com>, <cn=root,dc=my-domain,dc=com>
Apr  4 08:39:23 dbbak slapd[10962]: do_bind: version=3 dn="cn=root,dc=my-domain,dc=com" method=128
Apr  4 08:39:23 dbbak slapd[10962]: bdb_dn2entry("cn=root,dc=my-domain,dc=com"

Apr  4 08:39:23 dbbak slapd[10962]: => bdb_dn2id( "dc=my-domain,dc=com" )
Apr  4 08:39:23 dbbak slapd[10962]: <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30990)
Apr  4 08:39:23 dbbak slapd[10962]: send_ldap_result: conn=2 op=0 p=3
Apr  4 08:39:23 dbbak slapd[10962]: send_ldap_response: msgid=1 tag=97 err=49
Apr  4 08:39:23 dbbak slapd[10962]: connection_get(10): got connid=2
Apr  4 08:39:23 dbbak slapd[10962]: connection_read(10): checking for input on id=2
Apr  4 08:39:23 dbbak slapd[10962]: ber_get_next on fd 10 failed errno=0 (Success)
Apr  4 08:39:23 dbbak slapd[10962]: connection_read(10): input error=-2 id=2, closing.
Apr  4 08:39:23 dbbak slapd[10962]: connection_closing: readying conn=2 sd=10 for close
Apr  4 08:39:23 dbbak slapd[10962]: connection_close: conn=2 sd=10
/**********************************
这个大家遇到过吗？？？？还是什么地方要改一下配置？？？？？？
谢谢

作者: py 时间: 2006-04-04 17:34

原帖由 ebin9099 于 2006-3-31 10:28 发表
我查了，文件路经是对的，但奇怪的是schema文件目录中没有nadf.schema这个文件，这又会是什么问题呢？测试的时间比较长，我没始终盯着看。但在测试结束的时候我没有看到报错。安装的时候也是。楼主你认为这会是什 ...

测试?什么测试?nadf.schema不是标准的schema,测试不包括检测某一个确定的schema是否存在.
多看一下openldap的相关介绍吧,去www.openldap.org或中文的一些文章.

作者: py 时间: 2006-04-04 17:36

原帖由 hoige 于 2006-4-4 09:00 发表
感谢前面的指教，现在启动是启动起来了，但是报密码错误啊
不知道怎么办好
我安装了openldap，是和Linux AS4一起安装的，2.2.x但安装好了，采用默认配置
/******************
database bdb
suffix ...

slapd.conf文件中rootdn要写DN,明白?你写成RDN了

作者: hoige 时间: 2006-04-05 10:42

原帖由 py 于 2006-4-4 17:36 发表

slapd.conf文件中rootdn要写DN,明白?你写成RDN了

我一开始是写成DN的啊，还是一样的错误
/***********************
database       bdb
suffix       "dc=my-domain,dc=com"
rootdn       "cn=root,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(

作者: luna2000 时间: 2006-07-25 10:34
标题: rootpw test
rootpw test 前面不能有空格，rootpw 与test之间用[Tab]键隔开，不要用空格。

作者: py 时间: 2006-07-26 08:44
rootpw和后面的密码用TAB或空格分开都是是一样的

作者: tommyfool 时间: 2006-08-17 10:42
[root@localhost libexec]# slapd -d 256
@(#) $OpenLDAP: slapd 2.2.23 (May 19 2005 17:53:54) $
root@porky.build.redhat.com:/usr/src/build/568662-i386/BUILD/openldap-2.2.23/openldap-2.2.23/build-servers/servers/slapd
daemon: bind(6) failed errno=98 (Address already in use)
daemon: bind(6) failed errno=98 (Address already in use)
slapd stopped.
connections_destroy: nothing to destroy.

fc4
麻烦了

另: 我输入:

ldapsearch -x -D "cn=Manager,dc=example,dc=com" -W -b "dc=example,dc=com" -s base "(objectclass=*)"
后提示输入 ldap 密码。一直出错。。
请问密码是哪个？

[ 本帖最后由 tommyfool 于 2006-8-17 11:08 编辑 ]

作者: py 时间: 2006-08-17 10:55
这是你的openldap已经启动了，再次启动的时候就会出现这样的问题

作者: tommyfool 时间: 2006-08-17 11:15
但我连接的时候总是连不上。这个是什么问题呢？
另那个密码是在哪个文件里设置？

谢谢哦

作者: py 时间: 2006-08-17 22:05
仔细看看ldapsearch的man page
密码在slapd.conf文件中

作者: tommyfool 时间: 2006-08-31 18:01
请问：
在add的时候输入ldap passwd后出现这个提示：ldap_bind: Invalid credentials
是什么原因？
谢谢^_^

[ 本帖最后由 tommyfool 于 2006-8-31 18:06 编辑 ]

作者: py 时间: 2006-08-31 21:00
就是字面的意思，“密码错误”
原因很多，例如ACL权限的问题
看看LDAP服务器端的具体报错，修改相应的ACL即可

作者: xhc800325 时间: 2006-09-04 11:12
标题: 请问现在最新的OPENLDAP版本是什么？
请问现在最新的OPENLDAP版本是什么？

作者: py 时间: 2006-09-04 12:11

原帖由 xhc800325 于 2006-9-4 11:12 发表
请问现在最新的OPENLDAP版本是什么？

http://www.openldap.org/

作者: heavenwalk 时间: 2006-09-28 15:06
提示: 作者被禁止或删除内容自动屏蔽

作者: 大酷牛佳佳 时间: 2006-09-28 16:03
我的启动也正常
ldapadd  -D 'cn=root,dc=it,dc=com' -W
Enter LDAP Password:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
      additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No credentials cache found)

出现这个错误
slap.conf

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/corba.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/dyngroup.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/java.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral    ldap://reoot.openldap.org

pidfile       /usr/local/var/run/slapd.pid
argsfile       /usr/local/var/run/slapd.args

database       bdb
suffix       "dc=it,dc=com"
rootdn       "cn=root,dc=it,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(

and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw  {SSHA}3MaXwW6l7fcmTCWbji3/YdlrtW7vNTav
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory    /usr/local/var/openldap-data
# Indices to maintain
index objectClass    eq

作者: py 时间: 2006-09-30 20:41

原帖由 heavenwalk 于 2006-9-28 15:06 发表
OpenLDAP调用ldapadd和ldapsearch都没有问题，使用ldap的客户端工具ldapbrowser也可以进行
浏览和增加等操作，但是使用freeradius就总是提示失败，下面是openldap的提示信息，请帮忙看一下，
十分感谢：）

...

用ldapsearch 以下uid=test，看看有结果吗？
error code32 表示没有查找到结果

作者: py 时间: 2006-09-30 20:42

原帖由 大酷牛佳佳 于 2006-9-28 16:03 发表
我的启动也正常
ldapadd -D 'cn=root,dc=it,dc=com' -W
Enter LDAP Password:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): g ...

ldapadd -x -D 'cn=root,dc=it,dc=com' -W

作者: nevereverdown 时间: 2006-10-03 12:56
标题: 安装运行问题
openldap-2.2.26>make test
cd tests; make test
Initiating LDAP tests for BDB...
Running ./scripts/all...
>>>>> Executing all LDAP tests for bdb
>>>>> Starting test000-rootdse ...
running defines.sh
Starting slapd on TCP/IP port 9011...
Using ldapsearch to retrieve the root DSE...
19062 Killed
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
./scripts/test000-rootdse: kill: no such process
ldap_bind: Can't contact LDAP server (-1)
>>>>> Test failed
>>>>> ./scripts/test000-rootdse failed (exit 1)
*** Error code 1
make: Fatal error: Command failed for target `bdb-yes'
Current working directory /packages/g/openldap-2.2.26/tests
*** Error code 1
make: Fatal error: Command failed for target `test'
Current working directory /packages/g/openldap-2.2.26/tests
*** Error code 1
make: Fatal error: Command failed for target `test'

g>libexec/slapd -d 256
ld.so.1: slapd: fatal: libdb-4.3.so: open failed: No such file or directory
Killed

我用的是solaris9
我用/usr/ccs/bin/ld 生成了可执行文件a.out
ld -L/4.3.28/lib /usr/lib/ld.so.1
不知道对不对也不知道怎么用这个。

作者: py 时间: 2006-10-04 22:05
solaris环境要设置环境变量export LD_LIBRARY_PATH=/usr/local/BerkeleyDB.4.*/lib，再执行make test，如果仍然有问题，就要加上环境变量重新./configure了

作者: formylover 时间: 2006-10-14 00:10
标题: LDAP下的操作问题？急问！
输入如下命令：
[root@localhost root]＃ ldapsearch -s sub "(objectclass=*)"
SASL/DIGEST-MD5 suthentication started
Please ente your password:
(输入默认密码secret后提示：)
ldap_sasl_interactive_bind_s: Can't contact LDAP server (－1)
为什么？
这个要求输入的到底是什么密码？
用slapd命令能成功启动LDAP服务，这里是不是因为密码错误而断开连接的？
如果在调试状态下能显示更详细的内容：
........
ldap_chkResponseList for msgid=3, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg:msgid 3, all 1
ber_get_next
ber_get_nex failed.
ldap_perror
ldap_sasl_interactive_bind_s:Cant't contact LDAP server()-1

作者: py 时间: 2006-10-14 23:32
在google里搜一下，看看ldapsearch的正确用法

作者: windychan 时间: 2006-11-17 15:54
标题: Warning - No DB_CONFIG file found in directory ?
用: /usr/local/libexec/slapd -u ldap -d -1 看到.如下

..............
backend_startup_one: starting "dc=beltontech,dc=com"
bdb_db_open: dc=beltontech,dc=com
bdb_db_open: Warning - No DB_CONFIG file found in directory /usr/local/var/openldap-data: (2)
Expect poor performance for suffix dc=tech,dc=com.
bdb_db_open: dbenv_open(/usr/local/var/openldap-data)
........................

为什么会有:No DB_CONFIG file found in directory /usr/local/var/openldap-data: (2)
可查看端口: 389/tcp open ldap又正确.

用命令: ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

#
dn:
namingContexts: dc=tech,dc=com

# search result
search: 2
result: 0 Success

这是为什么啊，影响使用吗?

[ 本帖最后由 windychan 于 2006-11-17 15:58 编辑 ]

作者: wenhong3000 时间: 2006-11-17 16:09
我安装好openldap后，不能对person添加email属性，在schema中把email属性添加进去后，openldap就不能启动了，请问是什么回事，非常感谢

作者: py 时间: 2006-11-17 20:02

原帖由 windychan 于 2006-11-17 15:54 发表
用: /usr/local/libexec/slapd -u ldap -d -1 看到.如下

..............
backend_startup_one: starting "dc=beltontech,dc=com"
bdb_db_open: dc=beltontech,dc=com
bdb_db_open: Wa ...

显示一般的错误或调试的时候用-d256足以
这个提示我记得好像是2.2.*以后有的, DB_CONFIG文件中写入的是bdb的一些优化参数,默认安装openldap在这里会有以个example file, /usr/local/etc/openldap/DB_CONFIG.example
把这个文件改名后放到/usr/local/var/openldap-data下就可以了
作者: py 时间: 2006-11-17 20:12

原帖由 wenhong3000 于 2006-11-17 16:09 发表
我安装好openldap后，不能对person添加email属性，在schema中把email属性添加进去后，openldap就不能启动了，请问是什么回事，非常感谢

person太接近top了, 在schema中person的MAY中的属性很少
在用户的objectclass属性中加上inetOrgPerson, 或包含mail属性的objectclass
作者: yalechen 时间: 2006-12-25 14:34
标题: 请帮忙看看如下问题
./slapd -d 256启动slapd后，显示如下，请问都有哪些问题？
＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝
@(#) $OpenLDAP: slapd 2.3.27 (Dec 12 2006 10:35:02) $
root@localhost.localdomain:/root/testproject/ldap/openldap-2.3.27/servers/slapd
daemon: IPv6 socket() failed errno=97 (Address family not supported by
protocol)bdb_db_open: unclean shutdown detected; attempting recovery.
bdb_db_open: Warning - No DB_CONFIG file found in directory
/usr/local/openldap/var/openldap-data: (2)
Expect poor performance for suffix dc=nari-china,dc=com.
slapd starting

欢迎光临 Chinaunix (http://bbs.chinaunix.net/) Powered by Discuz! X3.2