- 论坛徽章:
- 0
|
这两天在做OpenLDAP服务测试,碰到一个问题,一直没解决,盼各位指点迷津,slapd.conf文件内容如下(在此去掉所有注释行):
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/openldap.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=openldap,dc=edu"
rootdn "cn=adm,dc=openldap,dc=edu"
rootpw {MD5}ICy5YqxZB1uWSwcVLSNLcA==
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
编辑完slapd.conf后,可正常启动OpenLDAP服务(无错误提示),然后用slapadd添加了init.ldif文件内容:
dn:dc=openldap,dc=edu
objectclass:dcObject
objectclassrganization
o:OpenLDAP edu
dcpenldap
dn:cn=adm,dc=openldap,dc=edu
objectclassrganizationRole
cn:adm
用ldapsearch查询时,只能用匿名绑定方式才能查询到信息,如:ldapsearch -xb "dc=openldap,dc=edu" namingContexts可正常显示查询结果,但去掉参数“x"时,输入adm密码后就会提示:
[root@cat openldap]# ldapsearch -b "dc=openldap,dc=edu" namingContexts
SASL/DIGEST-MD5 authentication started
Please enter your password:[确认密码输入无误]
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
按提示上说是帐号密码不在数据库中??! 好!既然不存在那我就添加一下:saslpasswd2 -c adm,sasldblistusers2可显示刚才添加的adm帐号,然后再ldapsearch查询,输入密码后还是提示上面红字部分的错误信息。之后,我都把db4,openldap重装,重新配置、添加帐号,启动ldapsearch查询错误还在,实在是弄不懂了,来chinaunix.net求教各位 |
|