[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap auth does not works after openldap upgrade



On Tue, Feb 15, 2011 at 05:08:43PM -0200, Leonardo Carneiro wrote:

> fileserver:/etc/ldap# /usr/sbin/slapd -h ldapi:/// ldap:/// -g openldap -u
> openldap -F /etc/ldap/slapd.d -d 128

Aha! Your server is using LDAP-based config so it is ignoring the config
file entirely.

> Does these changes that we are making into slapd.conf really being
> processed? Normally, i see just the "-F /etc/ldap/slapd.d" flag and never
> the "-f /etc/ldap/slapd.conf".

I suspect the config file was converted to a config dir during the
Debian upgrade process, so the file is now being ignored.

I also suspect that there may not be a valid password set on the
cn=config suffix, so you will not be able to manage the server through
LDAP either.

One solution is to change the startup process to use the config file (-f
option) rather than the config dir (-F option). Once you have a file
that does what you want you have the option of converting it to a
directory:

	Move aside the existing config directory /etc/ldap/slapd.d
	and make a new one with the same ownership and permissions.

	Start slapd with both the -f and the -F options.

If you are going to do this, I suggest adding a rootpw for the config
database first. Append this to your slapd.conf file:

########################################################################
database config

rootdn "cn=config"
rootpw example
########################################################################

You will then be able to do normal LDAP operations on the config:

ldapsearch -x -D cn=config -w example -b cn=config '(objectclass=*)'

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------