- 论坛徽章:
- 0
|
openldap启动问题:
#slapd 能启动
#service ldap start 提示启动成功,但没有slapd进程。/var/log/messaegs 显示信息:
Jan 31 20:42:00 linuxas2 slapd[24437]: sql_select option missing
Jan 31 20:42:00 linuxas2 slapd[24437]: auxpropfunc error no mechanism available
Jan 31 20:42:00 linuxas2 ldap: slapd startup succeeded
----------------------------------------------------------------
1.Redhat AS4,openldap-2.3.33,samba-3.0.23b.
2.打算用samba作域控制器,取代现今的win2KServer.想不到在openLDAP上卡住了.
3.原本AS4安装 时有OPENLDAP,我弄掉了,重新由原代码安装.但保留了/etc/init.d/ldap脚本.
4.#cd /softsrc/openldap-2.3.33/
#./configure
#make depend
#make
#mak test
#make install
#ln -s /usr/local/etc/openldap /etc/ --->这样就不用修改/etc/init.d/ldap脚本
#ln -s /usr/local/etc/openldap/ldap.conf /etc/
#vi /usr/local/etc/openldap/slapd.conf ----->
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/corba.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
#pidfile /usr/local/var/run/slapd.pid
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#
backend bdb
checkpoint 1024 5
cachesize 10000
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=test,dc=cn"
rootdn "cn=admin,dc=test,dc=cn"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd( and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}E5FAstDHZs9qbhDRyVXTNRlqNWlhoHwY
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
by anonymous auth
schemacheck on
idletimeout 30
-------------------------------------------------------------
#vi /usr/local/etc/openldap/ldap.conf ------->
host 127.0.0.1
BASE dc=test,dc=cn
URI ldap://127.0.0.1
#NSS_BASE_GROUP ou=Groups,dc=test,dc=cn
binddn cn=admin,dc=test,dc=cn
bindpw {SSHA}E5FAstDHZs9qbhDRyVXTNRlqNWlhoHwY
timelimit 50
bind_timelimit 50
bind_policy hard
idle_timelimit 3600
--------------------------------------------
#vi /usr/local/var/openldap-data/DB_CONFIG --->
# Note: most DB_CONFIG settings will take effect only upon rebuilding
# the DB environment.
# one 0.25 GB cache
set_cachesize 0 268435456 1
# Data Directory
#set_data_dir db
# Transaction Log settings
set_lg_regionmax 262144
set_lg_bsize 2097152
#set_lg_dir logs
# Note: special DB_CONFIG flags are no longer needed for "quick"
# slapadd( or slapindex( access (see their -q option).
~
--------------------------------------------------
#chown -R ldap /usr/local/var/openldap-data
#chown -R ldap /usr/local/var/openldap-slurp
#chown :ldap /usr/local/etc/openldap/slapd.conf
#chonw :ldap /usr/local/etc/openldap/ldap.conf
#cat /etc/init.d/ldap ------------------->
# description: LDAP stands for Lightweight Directory Access Protocol, used \
# for implementing the industry standard directory services.
# processname: slapd
# config: /etc/openldap/slapd.conf
# pidfile: /var/run/slapd.pid
# Source function library.
. /etc/init.d/functions
# Source networking configuration and check that networking is up.
if [ -r /etc/sysconfig/network ] ; then
. /etc/sysconfig/network
[ ${NETWORKING} = "no" ] && exit 0
fi
# Source an auxiliary options file if we have one, and pick up OPTIONS,
# SLAPD_OPTIONS, and SLURPD_OPTIONS.
if [ -r /etc/sysconfig/ldap ] ; then
. /etc/sysconfig/ldap
fi
slapd=/usr/sbin/slapd
slurpd=/usr/sbin/slurpd
slaptest=/usr/sbin/slaptest
[ -x ${slapd} ] || exit 0
[ -x ${slurpd} ] || exit 0
RETVAL=0
function start() {
# Check for simple-but-common errors.
user=ldap
ldapuid=`id -u $user`
# Unaccessible database files.
for dbdir in `grep ^directory /etc/openldap/slapd.conf | sed s,^directory,,` ; do
for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" \)` ; do
echo -n $"$file is not owned by \"$user\"" ; warning ; echo
done
done
# Check the configuration file.
echo -n $"Checking configuration files for $prog: "
$slaptest
RETVAL=$?
if test $RETVAL -eq 0 ; then
success
else
failure
exit 1
fi
# Start daemons.
prog=`basename ${slapd}`
echo -n $"Starting $prog: "
if grep -q ^TLS /etc/openldap/slapd.conf ; then
daemon ${slapd} -u ldap -h '"ldap:/// ldaps:///"' $OPTIONS $SLAPD_OPTIONS
RETVAL=$?
else
daemon ${slapd} -u ldap -h "ldap:///" $OPTIONS $SLAPD_OPTIONS
RETVAL=$?
fi
echo
if [ $RETVAL -eq 0 ]; then
if grep -q "^replogfile" /etc/openldap/slapd.conf; then
echo "slurpd start"
prog=`basename ${slurpd}`
echo -n $"Starting $prog: "
daemon ${slurpd} $OPTIONS $SLURPD_OPTIONS
RETVAL=$?
echo
fi
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap
return $RETVAL
}
function stop() {
# Stop daemons.
prog=`basename ${slapd}`
echo -n $"Stopping $prog: "
killproc ${slapd}
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
if grep -q "^replogfile" /etc/openldap/slapd.conf; then
prog=`basename ${slurpd}`
echo -n $"Stopping $prog: "
killproc ${slurpd}
RETVAL=$?
echo
fi
fi
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ldap /var/run/slapd.args
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status ${slapd}
if grep -q "^replogfile" /etc/openldap/slapd.conf ; then
status ${slurpd}
fi
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/ldap ] ; then
stop
start
fi
;;
*)
echo $"Usage: $0 {start|stop|restart|status|condrestart}"
RETVAL=1
esac
exit $RETVAL
-----------------------------------------------
# service ldap start
检查 的配置文件:bdb_db_open: db_open(/usr/local/var/openldap-data/id2entry.bdb) failed: No such file or directory (2)
backend_startup_one: bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)
[root@linuxas2 init.d]# slapd
[root@linuxas2 init.d]# ps aux|grep slapd
root 24600 0.7 0.8 354132 3216 ? Ssl 21:11 0:00 slapd
root 24606 0.0 0.1 5516 772 pts/0 R+ 21:11 0:00 grep slapd
[root@linuxas2 init.d]# ls -la /usr/local/var/openldap-data/
总用量 4068
drwxr-xr-x 2 ldap root 4096 1月 31 21:11 .
drwxr-sr-x 8 root root 4096 1月 31 16:44 ..
-rw-r--r-- 1 root root 2048 1月 31 21:11 alock
-rw------- 1 root root 16384 1月 31 21:10 __db.001
-rw------- 1 root root 335552512 1月 31 21:10 __db.002
-rw------- 1 root root 2359296 1月 31 21:10 __db.003
-rw------- 1 root root 450560 1月 31 21:10 __db.004
-rw------- 1 root root 24576 1月 31 21:10 __db.005
-rw------- 1 ldap root 886 1月 31 20:30 DB_CONFIG
-rw------- 1 root root 8192 1月 31 21:11 dn2id.bdb
-rw------- 1 root root 32768 1月 31 21:11 id2entry.bdb
-rw------- 1 root root 41998 1月 31 21:11 log.0000000001
# kill -9 24600
[root@linuxas2 init.d]# service ldap start
/usr/local/var/openldap-data/id2entry.bdb is not owned by "[警告]
/usr/local/var/openldap-data/dn2id.bdb is not owned by "lda[警告]
检查 的配置文件:bdb_db_open: unclean shutdown detected; attempting recovery.
bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if errors are encountered.
config file testing succeeded
启动 slapd: [ 确定 ]
#cd /usr/local/var/openldap-data
#chown ldap *
# service ldap start
检查 的配置文件:config file testing succeeded
启动 slapd: [ 确定 ]
[root@linuxas2 openldap-data]# ps aux|grep slapd
root 24673 0.0 0.0 456 152 pts/0 R+ 21:16 0:00 grep slapd
--------------------------------------
#vi /var/log/messages ------>
Jan 31 21:15:59 linuxas2 slapd[24663]: sql_select option missing
Jan 31 21:15:59 linuxas2 slapd[24663]: auxpropfunc error no mechanism available
Jan 31 21:16:00 linuxas2 ldap: slapd 启动 succeeded |
|
免费注册
发表于 2007-01-31 21:17
