免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
楼主: py

[ldap] 写给所有OpenLDAP不能正常启动的人 [复制链接]

论坛徽章:
0
发表于 2004-08-18 22:15 |显示全部楼层

写给所有OpenLDAP不能正常启动的人

openldap-2.1.29

论坛徽章:
1
2015年辞旧岁徽章
日期:2015-03-03 16:54:15
发表于 2004-08-18 22:33 |显示全部楼层

写给所有OpenLDAP不能正常启动的人

现在的配置文件是什么?贴出来,你把
loglevel -1
replogfile /var/log/ldap.log
也注释掉吧

论坛徽章:
0
发表于 2004-08-19 10:06 |显示全部楼层

写给所有OpenLDAP不能正常启动的人

操作系统:SunOS ms1.darren.com 5.8 Generic_117351-02 i86pc i386 i86pc。OPENLDAP版本:2.1.29。

  1. bash-2.05# more slapd.conf
  2. # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
  3. #
  4. # See slapd.conf(5) for details on configuration options.
  5. # This file should NOT be world readable.
  6. #
  7. include         /usr/local/etc/openldap/schema/core.schema
  8. include         /usr/local/etc/openldap/schema/corba.schema
  9. include         /usr/local/etc/openldap/schema/cosine.schema
  10. include         /usr/local/etc/openldap/schema/inetorgperson.schema
  11. include         /usr/local/etc/openldap/schema/misc.schema
  12. include         /usr/local/etc/openldap/schema/openldap.schema
  13. include         /usr/local/etc/openldap/schema/nis.schema
  14. include         /usr/local/etc/openldap/schema/samba.schema

  15. # Define global ACLs to disable default read access.

  16. # Do not enable referrals until AFTER you have a working directory
  17. # service AND an understanding of referrals.
  18. #referral       ldap://root.openldap.org

  19. pidfile         /usr/local/var/slapd.pid
  20. argsfile        /usr/local/var/slapd.args




  21. #loglevel -1
  22. #replogfile /var/log/ldap.log



  23. # Load dynamic backend modules:
  24. # modulepath    /usr/local/libexec/openldap
  25. # moduleload    back_bdb.la
  26. # moduleload    back_ldap.la
  27. # moduleload    back_ldbm.la
  28. # moduleload    back_passwd.la
  29. # moduleload    back_shell.la

  30. # Sample security restrictions
  31. #       Require integrity protection (prevent hijacking)
  32. #       Require 112-bit (3DES or better) encryption for updates
  33. #       Require 63-bit encryption for simple bind
  34. # security ssf=1 update_ssf=112 simple_bind=64

  35. # Sample access control policy:
  36. #       Root DSE: allow anyone to read it
  37. #       Subschema (sub)entry DSE: allow anyone to read it
  38. #       Other DSEs:
  39. #               Allow self write access
  40. #               Allow authenticated users read access
  41. #               Allow anonymous users to authenticate
  42. #       Directives needed to implement policy:
  43. # access to dn.base="" by * read
  44. # access to dn.base="cn=Subschema" by * read
  45. # access to *
  46. #       by self write
  47. #       by users read
  48. #       by anonymous auth
  49. #
  50. # if no access controls are present, the default policy is:
  51. #       Allow read by all
  52. #
  53. # rootdn can always write!

  54. #######################################################################
  55. # ldbm database definitions
  56. #######################################################################

  57. database        bdb
  58. suffix          "dc=darren,dc=com"
  59. rootdn          "cn=root,dc=darren,dc=com"
  60. # Cleartext passwords, especially for the rootdn, should
  61. # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
  62. # Use of strong authentication encouraged.
  63. rootpw          1234
  64. # The database directory MUST exist prior to running slapd AND
  65. # should only be accessible by the slapd and slap tools.
  66. # Mode 700 recommended.
  67. directory       /usr/local/var/openldap-data
  68. # Indices to maintain
  69. index   objectClass     eq


  70. access to *
  71. by self write
  72. by * read
  73. bash-2.05# more ldap.conf
  74. # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $
  75. #
  76. # LDAP Defaults
  77. #

  78. # See ldap.conf(5) for details
  79. # This file should be world readable but not world writable.

  80. #BASE   dc=example, dc=com
  81. #URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

  82. #SIZELIMIT      12
  83. #TIMELIMIT      15
  84. #DEREF          never
  85. bash-2.05# /usr/local/libexec/slapd -d -1
  86. Killed
  87. bash-2.05# tail /var/log/syslog
  88. Jul 29 00:05:57 ms1.darren.com sendmail[3544]: [ID 801593 mail.info] i6SG5vMR003544: from=<wjz@darren.com>;, size=539, class=0, nrcpts=1, msgid=<200407281605.i6SG5vMR003544@ms1.darren.com>;, proto=ESMTP, daemon=MSA, relay=[10.1.2.19]
  89. Jul 29 00:06:08 ms1.darren.com sendmail[3546]: [ID 801593 mail.info] i6SG5vMR003544: to=<mail5@test.com>;, ctladdr=<wjz@darren.com>; (1000/1), delay=00:00:11, xdelay=00:00:05, mailer=esmtp, pri=120539, relay=ms1.test.com. [10.1.2.52], dsn=2.0.0, stat=Sent (i6SG63S0001503 Message accepted for delivery)
  90. Jul 29 00:09:10 ms1.darren.com sendmail[3548]: [ID 702911 mail.info] AUTH=server, relay=[10.1.2.19], authid=mail1, mech=LOGIN, bits=0
  91. Jul 29 00:09:10 ms1.darren.com sendmail[3548]: [ID 801593 mail.info] i6SG9AYe003548: from=<mail1@darren.com>;, size=567, class=0, nrcpts=1, msgid=<200407281609.i6SG9AYe003548@ms1.darren.com>;, proto=ESMTP, daemon=MSA, relay=[10.1.2.19]
  92. Jul 29 00:09:14 ms1.darren.com sendmail[3550]: [ID 801593 mail.info] i6SG9AYe003548: to=<mail5@test.com>;, ctladdr=<mail1@darren.com>; (2001/1), delay=00:00:04, xdelay=00:00:04, mailer=esmtp, pri=120567, relay=ms1.test.com. [10.1.2.52], dsn=2.0.0, stat=Sent (i6SG9Ae1001515 Message accepted for delivery)
  93. Jul 29 20:25:08 ms1.darren.com sendmail[3623]: [ID 801593 mail.info] i6TCOqcU003623: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
  94. Jul 30 02:30:37 ms1.darren.com sendmail[4234]: [ID 702911 mail.info] AUTH=server, relay=[10.1.2.19], authid=wjz, mech=LOGIN, bits=0
  95. Jul 30 02:30:54 ms1.darren.com sendmail[4234]: [ID 801593 mail.info] i6TIUb16004234: from=<wjz@darren.com>;, size=2446917, class=0, nrcpts=1, msgid=<200407291830.i6TIUb16004234@ms1.darren.com>;, proto=ESMTP, daemon=MSA, relay=[10.1.2.19]
  96. Jul 30 02:31:17 ms1.darren.com sendmail[4236]: [ID 801593 mail.info] i6TIUb16004234: to=<mail5@test.com>;, ctladdr=<wjz@darren.com>; (1000/1), delay=00:00:40, xdelay=00:00:23, mailer=esmtp, pri=2566917, relay=ms1.test.com. [10.1.2.52], dsn=2.0.0, stat=Sent (i6TIV1G9001495 Message accepted for delivery)
  97. Jul 31 00:51:57 ms1.darren.com sendmail[4350]: [ID 801593 mail.info] i6UGpmH8004350: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
  98. bash-2.05# tail /var/adm/messages
  99. Aug 17 20:42:34 ms1.darren.com fdc: [ID 114370 kern.info] fd0 at fdc0
  100. Aug 17 20:42:34 ms1.darren.com genunix: [ID 936769 kern.info] fd0 is /isa/fdc@1,3f0/fd@0,0
  101. Aug 17 20:42:40 ms1.darren.com pcplusmp: [ID 637496 kern.info] pcplusmp: asy (asy) instance 0 vector 0x4 ioapic 0x1 intin 0x4 is bound to cpu 0
  102. Aug 17 20:42:40 ms1.darren.com last message repeated 1 time
  103. Aug 17 20:42:40 ms1.darren.com isa: [ID 202937 kern.info] ISA-device: asy0
  104. Aug 17 20:42:40 ms1.darren.com genunix: [ID 936769 kern.info] asy0 is /isa/asy@1,3f8
  105. Aug 17 20:42:40 ms1.darren.com pcplusmp: [ID 398438 kern.info] pcplusmp: asy (asy) instance #1 vector 0x3 ioapic 0x1 intin 0x3 is bound to cpu 0
  106. Aug 17 20:42:40 ms1.darren.com last message repeated 1 time
  107. Aug 17 20:42:40 ms1.darren.com isa: [ID 202937 kern.info] ISA-device: asy1
  108. Aug 17 20:42:40 ms1.darren.com genunix: [ID 936769 kern.info] asy1 is /isa/asy@1,2f8
  109. bash-2.05# uname -a
  110. SunOS ms1.darren.com 5.8 Generic_117351-02 i86pc i386 i86pc
  111. bash-2.05#
复制代码

论坛徽章:
0
发表于 2004-08-19 10:58 |显示全部楼层

写给所有OpenLDAP不能正常启动的人

请看http://chinaunix.net/jh/49/308791.html中的这一段:

  1. 也是按linux源码安装的三步曲完成,没有什么好说的了。该软件默认是安装在/usr/local/BerkeleyDB.4.2目录下。安装完成后,要把/usr/local/BerkeleyDB.4.2/lib的库路径加到/etc/ld.so.conf文件内,添加完成后执行一次ldconfig,使用配置文件生效。这样编译openldap时才能找到相应的库文件。这样资料库就安装完成了,接下来可以安装openldap了。
  2. ld.so.conf是什么东西?它就是系统动态链接库的配置文件。此文件内,存放着可被LINUX共享的动态链接库所在目录的名字(系统目录/lib,/usr/lib除外),各个目录名间以空白字符(空格,换行等)或冒号或逗号分隔。一般的LINUX发行版中,此文件均含一个共享目录/usr/X11R6/lib,为X window窗口系统的动态链接库所在的目录。 ldconfig是它的管理命令,具体操作方法可查询man手册,这里就不细讲了。
复制代码

我的系统是SOLARIS,这一步我应该如何做啊?

论坛徽章:
0
发表于 2004-08-26 10:43 |显示全部楼层

写给所有OpenLDAP不能正常启动的人

Solaris下没有linux象ldconfig这样得命令,编辑/var/ld/ld.conf
这个文件 假设我的应用名字是appname,用你自己替换这个名字就行了
/usr/lib
/usr/local/lib
/var/appname/lib

crle得命令大概用法如下 具体可以参见man
crle -l /usr/lib -l /usr/local/lib -l /var/appname/lib  -i /usr/lib -i /usr/local/lib -i /var/appname/lib

论坛徽章:
0
发表于 2004-08-26 10:54 |显示全部楼层

写给所有OpenLDAP不能正常启动的人

如果是SuSE Linux系統,當你在slapd.conf文件中含有“Loglevel 1”這條語句時,那麼將導致slapd服務進程記錄所有的信息到syslog LOCAL4,同樣需要輯 /etc/syslog.conf文件來將這些信息定向到一個單獨的文件來以方便調試,對於SuSE Linux系統來說,ldap的錯誤日志就是文件/var/log/localmessage

论坛徽章:
0
发表于 2004-09-06 13:19 |显示全部楼层

写给所有OpenLDAP不能正常启动的人

rh9自带的openldap是不是有问题?,我的操作应该没问题,可总是提示ldap_bind: Invalid credentials (49)
同样配置,在debian自己编译的就使用正常

论坛徽章:
1
2015年辞旧岁徽章
日期:2015-03-03 16:54:15
发表于 2004-09-06 15:37 |显示全部楼层

写给所有OpenLDAP不能正常启动的人

自带的?你说的是rpm的?试试把slapd.conf中的密码改成明文

论坛徽章:
0
发表于 2004-12-14 20:59 |显示全部楼层

写给所有OpenLDAP不能正常启动的人

我是初学者,有一个问题,请大侠们帮忙

我按照EJBCA中的How to ldap说明的配置openldap for win32:
include 进必要的schema, 修改了cn  o  c,  密码采用密文方式(明文也试了)

然后用ldapadd导入LDIF file (org.ldif如下)

dn: o=AnaTom,c=SE
objectclass: dcObject
objectclass: organization
o: AnaTom
dc: AnaTom

dn: cn=Admin,o=AnaTom,c=SE
objectclass: organizationalRole
cn: Admin

显示导入成功 add new entry      o=AnaTom,c=SE
             add new entry      cn=Admin,o=AnaTom,c=SE

但是我用这个管理员Admin添加其他成员时:
ldap_add: Server is unwilling to perform (53)
        additional info: no global superior knowledge

加入access 的相关内容后还是这个错误

跪谢

论坛徽章:
0
发表于 2005-04-19 16:38 |显示全部楼层

写给所有OpenLDAP不能正常启动的人

bdb_dn2entry("o=system"
=>; bdb_dn2id( "o=system" )
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)
send_ldap_result: conn=0 op=1 p=3
send_ldap_result: err=10 matched="" text=""
send_ldap_response: msgid=2 tag=101 err=32
ber_flush: 14 bytes to sd 28
  0000:  30 0c 02 01 02 65 07 0a  01 20 04 00 04 00         0....e... ....
ldap_write: want=14, written=14
  0000:  30 0c 02 01 02 65 07 0a  01 20 04 00 04 00         0....e... ....
daemon: activity on 1 descriptors
daemon: activity on: 28r
daemon: read activity on 28
connection_get(2
connection_get(2: got connid=0
connection_read(2: checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
  0000:  30 2d 02 01 03 63 28 04                            0-...c(.
ldap_read: want=39, got=39
  0000:  08 6f 3d 73 79 73 74 65  6d 0a 01 00 0a 01 03 02   .o=system.......
  0010:  01 00 02 01 00 01 01 00  87 0b 6f 62 6a 65 63 74   ..........object
  0020:  43 6c 61 73 73 30 00                               Class0.
ber_get_next: tag 0x30 len 45 contents:
ber_dump: buf=0x0102eb78 ptr=0x0102eb78 end=0x0102eba5 len=45
  0000:  02 01 03 63 28 04 08 6f  3d 73 79 73 74 65 6d 0a   ...c(..o=system.
  0010:  01 00 0a 01 03 02 01 00  02 01 00 01 01 00 87 0b   ................
  0020:  6f 62 6a 65 63 74 43 6c  61 73 73 30 00            objectClass0.
ber_get_next
ldap_read: want=8 error=unknown error
ber_get_next on fd 28 failed errno=10035 (WSAEWOULDBLOCK)
do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x0102eb78 ptr=0x0102eb7b end=0x0102eba5 len=42
  0000:  63 28 04 08 6f 3d 73 79  73 74 65 6d 0a 01 00 0a   c(..o=system....
  0010:  01 03 02 01 00 02 01 00  01 01 00 87 0b 6f 62 6a   .............obj
  0020:  65 63 74 43 6c 61 73 73  30 00                     ectClass0.
>;>;>; dnPrettyNormal: <o=system>;
=>; ldap_bv2dn(o=system,0)
ldap_err2string
<= ldap_bv2dn(o=system)=0 Success
=>; ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(o=system)=0 Success
=>; ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(o=system)=0 Success
<<< dnPrettyNormal: <o=system>;, <o=system>;
SRCH "o=system" 0 3    0 0 0
begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x0102eb78 ptr=0x0102eb96 end=0x0102eba5 len=15
  0000:  87 0b 6f 62 6a 65 63 74  43 6c 61 73 73 30 00      ..objectClass0.
end get_filter 0
    filter: (objectClass=*)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x0102eb78 ptr=0x0102eba3 end=0x0102eba5 len=2
  0000:  00 00                                              ..
daemon: select: listen=716 active_threads=0 tvp=NULL
    attrs:
=>; bdb_search
bdb_dn2entry("o=system"
=>; bdb_dn2id( "o=system" )
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

SACC2019中国系统架构师大会

【数字转型 架构演进】SACC2019中国系统架构师大会,7折限时优惠重磅来袭!
2019年10月31日~11月2日第11届中国系统架构师大会(SACC2019)将在北京隆重召开。四大主线并行的演讲模式,1个主会场、20个技术专场、超千人参与的会议规模,100+来自互联网、金融、制造业、电商等领域的嘉宾阵容,将为广大参会者提供一场最具价值的技术交流盛会。

限时七折期:2019年8月31日前


----------------------------------------

大会官网>>
  

北京盛拓优讯信息技术有限公司. 版权所有 16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122
中国互联网协会会员  联系我们:huangweiwei@it168.com
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP