- 论坛徽章:
- 0
|
- [root@vfxdc02 openldap]# slapd -d 256
- @(#) $OpenLDAP: slapd 2.4.23 (Oct 31 2012 08:14:14) $
- mockbuild@x86-022.build.eng.bos.redhat.com:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
- daemon: bind(7) failed errno=98 (Address already in use)
- daemon: bind(7) failed errno=98 (Address already in use)
- slapd stopped.
- connections_destroy: nothing to destroy.
- [root@vfxdc02 openldap]# lsof -i :389
- COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
- slapd 717 ldap 7u IPv4 139221 0t0 TCP *:ldap (LISTEN)
- slapd 717 ldap 8u IPv6 139222 0t0 TCP *:ldap (LISTEN)
复制代码 centos6.4 64位的,2.6.32-71.el6.x86_64
slapd.conf文件内容:
- #
- # See slapd.conf(5) for details on configuration options.
- # This file should NOT be world readable.
- #
- include /etc/openldap/schema/corba.schema
- include /etc/openldap/schema/core.schema
- include /etc/openldap/schema/cosine.schema
- include /etc/openldap/schema/duaconf.schema
- include /etc/openldap/schema/dyngroup.schema
- include /etc/openldap/schema/inetorgperson.schema
- include /etc/openldap/schema/java.schema
- include /etc/openldap/schema/misc.schema
- include /etc/openldap/schema/nis.schema
- include /etc/openldap/schema/openldap.schema
- include /etc/openldap/schema/ppolicy.schema
- include /etc/openldap/schema/collective.schema
- # Allow LDAPv2 client connections. This is NOT the default.
- allow bind_v2
- # Do not enable referrals until AFTER you have a working directory
- # service AND an understanding of referrals.
- #referral ldap://root.openldap.org
- pidfile /var/run/openldap/slapd.pid
- argsfile /var/run/openldap/slapd.args
- # Load dynamic backend modules
- # - modulepath is architecture dependent value (32/64-bit system)
- # - back_sql.la overlay requires openldap-server-sql package
- # - dyngroup.la and dynlist.la cannot be used at the same time
- # modulepath /usr/lib/openldap
- # modulepath /usr/lib64/openldap
- # moduleload accesslog.la
- # moduleload auditlog.la
- # moduleload back_sql.la
- # moduleload chain.la
- # moduleload collect.la
- # moduleload constraint.la
- # moduleload dds.la
- # moduleload deref.la
- # moduleload dyngroup.la
- # moduleload dynlist.la
- # moduleload memberof.la
- # moduleload pbind.la
- # moduleload pcache.la
- # moduleload ppolicy.la
- # moduleload refint.la
- # moduleload retcode.la
- # moduleload rwm.la
- # moduleload seqmod.la
- # moduleload smbk5pwd.la
- # moduleload sssvlv.la
- # moduleload syncprov.la
- # moduleload translucent.la
- # moduleload unique.la
- # moduleload valsort.la
- # The next three lines allow use of TLS for encrypting connections using a
- # dummy test certificate which you can generate by running
- # /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk
- # at self-signed certificates, however.
- TLSCACertificatePath /etc/openldap/certs
- TLSCertificateFile /etc/openldap/certs/slapdcert.pem
- TLSCertificateKeyFile /etc/openldap/certs/slapdkey.pem
- # Sample security restrictions
- # Require integrity protection (prevent hijacking)
- # Require 112-bit (3DES or better) encryption for updates
- # Require 63-bit encryption for simple bind
- # security ssf=1 update_ssf=112 simple_bind=64
- # Sample access control policy:
- # Root DSE: allow anyone to read it
- # Subschema (sub)entry DSE: allow anyone to read it
- # Other DSEs:
- # Allow self write access
- # Allow authenticated users read access
- # Allow anonymous users to authenticate
- # Directives needed to implement policy:
- # access to dn.base="" by * read
- # access to dn.base="cn=Subschema" by * read
- # access to *
- # by self write
- # by users read
- # by anonymous auth
- #
- # if no access controls are present, the default policy
- # allows anyone and everyone to read anything but restricts
- # updates to rootdn. (e.g., "access to * by * read")
- #
- # rootdn can always read and write EVERYTHING!
- # enable on-the-fly configuration (cn=config)
- database config
- access to *
- by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
- by * none
- # enable server status monitoring (cn=monitor)
- database monitor
- access to *
- by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
- by dn.exact="cn=Manager,dc=tdi,dc=com" read
- by * none
- #######################################################################
- # database definitions
- #######################################################################
- database bdb
- suffix "dc=tdi,dc=com"
- checkpoint 1024 15
- rootdn "cn=Manager,dc=tdi,dc=com"
- # Cleartext passwords, especially for the rootdn, should
- # be avoided. See slappasswd(8) and slapd.conf(5) for details.
- # Use of strong authentication encouraged.
- # rootpw secret
- # rootpw {crypt}ijFYNcSNctBYg
- rootpw {SSHA}+i0bUyR7XKMezavGyRQXb2cdRgB5AVut
- # The database directory MUST exist prior to running slapd AND
- # should only be accessible by the slapd and slap tools.
- # Mode 700 recommended.
- directory /var/lib/ldap
- # Indices to maintain for this database
- index objectClass eq,pres
- index ou,cn,mail,surname,givenname eq,pres,sub
- index uidNumber,gidNumber,loginShell eq,pres
- index uid,memberUid eq,pres,sub
- index nisMapName,nisMapEntry eq,pres,sub
- # Replicas of this database
- replogfile /var/lib/ldap/openldap-master-replog
- #replica host=ldap-1.example.com:389 starttls=critical
- # bindmethod=sasl saslmech=GSSAPI
- # authcId=host/ldap-master.example.com@EXAMPLE.COM
复制代码 |
|