写给所有OpenLDAP不能正常启动的人

朽木可雕

openldap-2.1.29

py

现在的配置文件是什么？贴出来，你把
loglevel -1
replogfile /var/log/ldap.log
也注释掉吧

朽木可雕

操作系统：SunOS ms1.darren.com 5.8 Generic_117351-02 i86pc i386 i86pc。OPENLDAP版本：2.1.29。

1. 
   
2. bash-2.05# more slapd.conf
   
3. # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
   
4. #
   
5. # See slapd.conf(5) for details on configuration options.
   
6. # This file should NOT be world readable.
   
7. #
   
8. include         /usr/local/etc/openldap/schema/core.schema
   
9. include         /usr/local/etc/openldap/schema/corba.schema
   
10. include         /usr/local/etc/openldap/schema/cosine.schema
    
11. include         /usr/local/etc/openldap/schema/inetorgperson.schema
    
12. include         /usr/local/etc/openldap/schema/misc.schema
    
13. include         /usr/local/etc/openldap/schema/openldap.schema
    
14. include         /usr/local/etc/openldap/schema/nis.schema
    
15. include         /usr/local/etc/openldap/schema/samba.schema
    
16. 
    
17. # Define global ACLs to disable default read access.
    
18. 
    
19. # Do not enable referrals until AFTER you have a working directory
    
20. # service AND an understanding of referrals.
    
21. #referral       ldap://root.openldap.org
    
22. 
    
23. pidfile         /usr/local/var/slapd.pid
    
24. argsfile        /usr/local/var/slapd.args
    
25. 
    
26. 
    
27. 
    
28. 
    
29. #loglevel -1
    
30. #replogfile /var/log/ldap.log
    
31. 
    
32. 
    
33. 
    
34. # Load dynamic backend modules:
    
35. # modulepath    /usr/local/libexec/openldap
    
36. # moduleload    back_bdb.la
    
37. # moduleload    back_ldap.la
    
38. # moduleload    back_ldbm.la
    
39. # moduleload    back_passwd.la
    
40. # moduleload    back_shell.la
    
41. 
    
42. # Sample security restrictions
    
43. #       Require integrity protection (prevent hijacking)
    
44. #       Require 112-bit (3DES or better) encryption for updates
    
45. #       Require 63-bit encryption for simple bind
    
46. # security ssf=1 update_ssf=112 simple_bind=64
    
47. 
    
48. # Sample access control policy:
    
49. #       Root DSE: allow anyone to read it
    
50. #       Subschema (sub)entry DSE: allow anyone to read it
    
51. #       Other DSEs:
    
52. #               Allow self write access
    
53. #               Allow authenticated users read access
    
54. #               Allow anonymous users to authenticate
    
55. #       Directives needed to implement policy:
    
56. # access to dn.base="" by * read
    
57. # access to dn.base="cn=Subschema" by * read
    
58. # access to *
    
59. #       by self write
    
60. #       by users read
    
61. #       by anonymous auth
    
62. #
    
63. # if no access controls are present, the default policy is:
    
64. #       Allow read by all
    
65. #
    
66. # rootdn can always write!
    
67. 
    
68. #######################################################################
    
69. # ldbm database definitions
    
70. #######################################################################
    
71. 
    
72. database        bdb
    
73. suffix          "dc=darren,dc=com"
    
74. rootdn          "cn=root,dc=darren,dc=com"
    
75. # Cleartext passwords, especially for the rootdn, should
    
76. # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
    
77. # Use of strong authentication encouraged.
    
78. rootpw          1234
    
79. # The database directory MUST exist prior to running slapd AND
    
80. # should only be accessible by the slapd and slap tools.
    
81. # Mode 700 recommended.
    
82. directory       /usr/local/var/openldap-data
    
83. # Indices to maintain
    
84. index   objectClass     eq
    
85. 
    
86. 
    
87. access to *
    
88. by self write
    
89. by * read
    
90. bash-2.05# more ldap.conf
    
91. # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $
    
92. #
    
93. # LDAP Defaults
    
94. #
    
95. 
    
96. # See ldap.conf(5) for details
    
97. # This file should be world readable but not world writable.
    
98. 
    
99. #BASE   dc=example, dc=com
    
100. #URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
     
101. 
     
102. #SIZELIMIT      12
     
103. #TIMELIMIT      15
     
104. #DEREF          never
     
105. bash-2.05# /usr/local/libexec/slapd -d -1
     
106. Killed
     
107. bash-2.05# tail /var/log/syslog
     
108. Jul 29 00:05:57 ms1.darren.com sendmail[3544]: [ID 801593 mail.info] i6SG5vMR003544: from=<wjz@darren.com>;, size=539, class=0, nrcpts=1, msgid=<200407281605.i6SG5vMR003544@ms1.darren.com>;, proto=ESMTP, daemon=MSA, relay=[10.1.2.19]
     
109. Jul 29 00:06:08 ms1.darren.com sendmail[3546]: [ID 801593 mail.info] i6SG5vMR003544: to=<mail5@test.com>;, ctladdr=<wjz@darren.com>; (1000/1), delay=00:00:11, xdelay=00:00:05, mailer=esmtp, pri=120539, relay=ms1.test.com. [10.1.2.52], dsn=2.0.0, stat=Sent (i6SG63S0001503 Message accepted for delivery)
     
110. Jul 29 00:09:10 ms1.darren.com sendmail[3548]: [ID 702911 mail.info] AUTH=server, relay=[10.1.2.19], authid=mail1, mech=LOGIN, bits=0
     
111. Jul 29 00:09:10 ms1.darren.com sendmail[3548]: [ID 801593 mail.info] i6SG9AYe003548: from=<mail1@darren.com>;, size=567, class=0, nrcpts=1, msgid=<200407281609.i6SG9AYe003548@ms1.darren.com>;, proto=ESMTP, daemon=MSA, relay=[10.1.2.19]
     
112. Jul 29 00:09:14 ms1.darren.com sendmail[3550]: [ID 801593 mail.info] i6SG9AYe003548: to=<mail5@test.com>;, ctladdr=<mail1@darren.com>; (2001/1), delay=00:00:04, xdelay=00:00:04, mailer=esmtp, pri=120567, relay=ms1.test.com. [10.1.2.52], dsn=2.0.0, stat=Sent (i6SG9Ae1001515 Message accepted for delivery)
     
113. Jul 29 20:25:08 ms1.darren.com sendmail[3623]: [ID 801593 mail.info] i6TCOqcU003623: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
     
114. Jul 30 02:30:37 ms1.darren.com sendmail[4234]: [ID 702911 mail.info] AUTH=server, relay=[10.1.2.19], authid=wjz, mech=LOGIN, bits=0
     
115. Jul 30 02:30:54 ms1.darren.com sendmail[4234]: [ID 801593 mail.info] i6TIUb16004234: from=<wjz@darren.com>;, size=2446917, class=0, nrcpts=1, msgid=<200407291830.i6TIUb16004234@ms1.darren.com>;, proto=ESMTP, daemon=MSA, relay=[10.1.2.19]
     
116. Jul 30 02:31:17 ms1.darren.com sendmail[4236]: [ID 801593 mail.info] i6TIUb16004234: to=<mail5@test.com>;, ctladdr=<wjz@darren.com>; (1000/1), delay=00:00:40, xdelay=00:00:23, mailer=esmtp, pri=2566917, relay=ms1.test.com. [10.1.2.52], dsn=2.0.0, stat=Sent (i6TIV1G9001495 Message accepted for delivery)
     
117. Jul 31 00:51:57 ms1.darren.com sendmail[4350]: [ID 801593 mail.info] i6UGpmH8004350: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
     
118. bash-2.05# tail /var/adm/messages
     
119. Aug 17 20:42:34 ms1.darren.com fdc: [ID 114370 kern.info] fd0 at fdc0
     
120. Aug 17 20:42:34 ms1.darren.com genunix: [ID 936769 kern.info] fd0 is /isa/fdc@1,3f0/fd@0,0
     
121. Aug 17 20:42:40 ms1.darren.com pcplusmp: [ID 637496 kern.info] pcplusmp: asy (asy) instance 0 vector 0x4 ioapic 0x1 intin 0x4 is bound to cpu 0
     
122. Aug 17 20:42:40 ms1.darren.com last message repeated 1 time
     
123. Aug 17 20:42:40 ms1.darren.com isa: [ID 202937 kern.info] ISA-device: asy0
     
124. Aug 17 20:42:40 ms1.darren.com genunix: [ID 936769 kern.info] asy0 is /isa/asy@1,3f8
     
125. Aug 17 20:42:40 ms1.darren.com pcplusmp: [ID 398438 kern.info] pcplusmp: asy (asy) instance #1 vector 0x3 ioapic 0x1 intin 0x3 is bound to cpu 0
     
126. Aug 17 20:42:40 ms1.darren.com last message repeated 1 time
     
127. Aug 17 20:42:40 ms1.darren.com isa: [ID 202937 kern.info] ISA-device: asy1
     
128. Aug 17 20:42:40 ms1.darren.com genunix: [ID 936769 kern.info] asy1 is /isa/asy@1,2f8
     
129. bash-2.05# uname -a
     
130. SunOS ms1.darren.com 5.8 Generic_117351-02 i86pc i386 i86pc
     
131. bash-2.05#
     

复制代码

朽木可雕

请看http://chinaunix.net/jh/49/308791.html中的这一段：

1. 
   
2. 也是按linux源码安装的三步曲完成，没有什么好说的了。该软件默认是安装在/usr/local/BerkeleyDB.4.2目录下。安装完成后，要把/usr/local/BerkeleyDB.4.2/lib的库路径加到/etc/ld.so.conf文件内，添加完成后执行一次ldconfig，使用配置文件生效。这样编译openldap时才能找到相应的库文件。这样资料库就安装完成了，接下来可以安装openldap了。
   
3. ld.so.conf是什么东西？它就是系统动态链接库的配置文件。此文件内,存放着可被LINUX共享的动态链接库所在目录的名字(系统目录/lib,/usr/lib除外)，各个目录名间以空白字符(空格，换行等)或冒号或逗号分隔。一般的LINUX发行版中，此文件均含一个共享目录/usr/X11R6/lib，为X window窗口系统的动态链接库所在的目录。 ldconfig是它的管理命令，具体操作方法可查询man手册，这里就不细讲了。
   

复制代码

我的系统是SOLARIS，这一步我应该如何做啊？

littletiger

Solaris下没有linux象ldconfig这样得命令，编辑/var/ld/ld.conf
这个文件 假设我的应用名字是appname，用你自己替换这个名字就行了
/usr/lib
/usr/local/lib
/var/appname/lib

crle得命令大概用法如下 具体可以参见man
crle -l /usr/lib -l /usr/local/lib -l /var/appname/lib  -i /usr/lib -i /usr/local/lib -i /var/appname/lib

DreamJiang

如果是SuSE Linux系統，當你在slapd.conf文件中含有“Loglevel 1”這條語句時，那麼將導致slapd服務進程記錄所有的信息到syslog LOCAL4，同樣需要輯 /etc/syslog.conf文件來將這些信息定向到一個單獨的文件來以方便調試，對於SuSE　Linux系統來說，ldap的錯誤日志就是文件/var/log/localmessage

shenmue71

rh9自带的openldap是不是有问题？，我的操作应该没问题，可总是提示ldap_bind: Invalid credentials (49)
同样配置，在debian自己编译的就使用正常

py

自带的？你说的是rpm的？试试把slapd.conf中的密码改成明文

缘随风

我是初学者，有一个问题，请大侠们帮忙

我按照EJBCA中的How to ldap说明的配置openldap for win32：
include 进必要的schema， 修改了cn  o  c，  密码采用密文方式（明文也试了）

然后用ldapadd导入LDIF file (org.ldif如下)

dn: o=AnaTom,c=SE
objectclass: dcObject
objectclass: organization
o: AnaTom
dc: AnaTom

dn: cn=Admin,o=AnaTom,c=SE
objectclass: organizationalRole
cn: Admin

显示导入成功 add new entry      o=AnaTom,c=SE
             add new entry      cn=Admin,o=AnaTom,c=SE

但是我用这个管理员Admin添加其他成员时：
ldap_add: Server is unwilling to perform (53)
        additional info: no global superior knowledge

加入access 的相关内容后还是这个错误

跪谢

kampoo

bdb_dn2entry("o=system"
=>; bdb_dn2id( "o=system" )
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)
send_ldap_result: conn=0 op=1 p=3
send_ldap_result: err=10 matched="" text=""
send_ldap_response: msgid=2 tag=101 err=32
ber_flush: 14 bytes to sd 28
  0000:  30 0c 02 01 02 65 07 0a  01 20 04 00 04 00         0....e... ....
ldap_write: want=14, written=14
  0000:  30 0c 02 01 02 65 07 0a  01 20 04 00 04 00         0....e... ....
daemon: activity on 1 descriptors
daemon: activity on: 28r
daemon: read activity on 28
connection_get(2
connection_get(2: got connid=0
connection_read(2: checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
  0000:  30 2d 02 01 03 63 28 04                            0-...c(.
ldap_read: want=39, got=39
  0000:  08 6f 3d 73 79 73 74 65  6d 0a 01 00 0a 01 03 02   .o=system.......
  0010:  01 00 02 01 00 01 01 00  87 0b 6f 62 6a 65 63 74   ..........object
  0020:  43 6c 61 73 73 30 00                               Class0.
ber_get_next: tag 0x30 len 45 contents:
ber_dump: buf=0x0102eb78 ptr=0x0102eb78 end=0x0102eba5 len=45
  0000:  02 01 03 63 28 04 08 6f  3d 73 79 73 74 65 6d 0a   ...c(..o=system.
  0010:  01 00 0a 01 03 02 01 00  02 01 00 01 01 00 87 0b   ................
  0020:  6f 62 6a 65 63 74 43 6c  61 73 73 30 00            objectClass0.
ber_get_next
ldap_read: want=8 error=unknown error
ber_get_next on fd 28 failed errno=10035 (WSAEWOULDBLOCK)
do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x0102eb78 ptr=0x0102eb7b end=0x0102eba5 len=42
  0000:  63 28 04 08 6f 3d 73 79  73 74 65 6d 0a 01 00 0a   c(..o=system....
  0010:  01 03 02 01 00 02 01 00  01 01 00 87 0b 6f 62 6a   .............obj
  0020:  65 63 74 43 6c 61 73 73  30 00                     ectClass0.
>;>;>; dnPrettyNormal: <o=system>;
=>; ldap_bv2dn(o=system,0)
ldap_err2string
<= ldap_bv2dn(o=system)=0 Success
=>; ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(o=system)=0 Success
=>; ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(o=system)=0 Success
<<< dnPrettyNormal: <o=system>;, <o=system>;
SRCH "o=system" 0 3    0 0 0
begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x0102eb78 ptr=0x0102eb96 end=0x0102eba5 len=15
  0000:  87 0b 6f 62 6a 65 63 74  43 6c 61 73 73 30 00      ..objectClass0.
end get_filter 0
    filter: (objectClass=*)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x0102eb78 ptr=0x0102eba3 end=0x0102eba5 len=2
  0000:  00 00                                              ..
daemon: select: listen=716 active_threads=0 tvp=NULL
    attrs:
=>; bdb_search
bdb_dn2entry("o=system"
=>; bdb_dn2id( "o=system" )
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)