[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap auth does not works after openldap upgrade

To: Leonardo Carneiro <chesterman86@gmail.com>
Subject: Re: ldap auth does not works after openldap upgrade
From: Howard Chu <hyc@symas.com>
Date: Wed, 16 Feb 2011 15:34:26 -0800
Cc: Andrew Findlay <andrew.findlay@skills-1st.co.uk>, openldap-technical@openldap.org
In-reply-to: <AANLkTikAC6hDNHg6=7X3aV=NgjqETOcdzatwAgm9q9NM@mail.gmail.com>
References: <20110215132413.GB13985@slab.skills-1st.co.uk> <AANLkTi=PMRW8gx+g9W0ddPMV6or_bnTe-3jxvEDY=T_m@mail.gmail.com> <20110215151309.GE22964@slab.skills-1st.co.uk> <AANLkTi=Fu4WaVX02Kq2MPknrEum2Y6LoYf1DVn4N=yq6@mail.gmail.com> <20110215163018.GD13985@slab.skills-1st.co.uk> <AANLkTimz5SB0AYmHnyGF8oDmUcngiyVYyh15sxnEpN9m@mail.gmail.com> <20110215172026.GE13985@slab.skills-1st.co.uk> <AANLkTinJLZhsjq+-P-CXZpwHdkbPP21vo2Ou5MTv9N7R@mail.gmail.com> <20110215184000.GF13985@slab.skills-1st.co.uk> <AANLkTin6mjH+s-3tprRnv8yKyHopZ2JJohojshVj=4nR@mail.gmail.com> <20110216104327.GG22964@slab.skills-1st.co.uk> <4D5BAC27.6030201@symas.com> <AANLkTikAC6hDNHg6=7X3aV=NgjqETOcdzatwAgm9q9NM@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0b11pre) Gecko/20110130 Firefox/4.0b11pre SeaMonkey/2.1b2pre

Leonardo Carneiro wrote:

On Wed, Feb 16, 2011 at 8:51 AM, Howard Chu <hyc@symas.com
<mailto:hyc@symas.com>> wrote:

    Andrew Findlay wrote:

        On Tue, Feb 15, 2011 at 05:08:43PM -0200, Leonardo Carneiro wrote:

            fileserver:/etc/ldap# /usr/sbin/slapd -h ldapi:/// ldap:/// -g
            openldap -u
            openldap -F /etc/ldap/slapd.d -d 128


        Aha! Your server is using LDAP-based config so it is ignoring the config
        file entirely.

            Does these changes that we are making into slapd.conf really being
            processed? Normally, i see just the "-F /etc/ldap/slapd.d" flag
            and never
            the "-f /etc/ldap/slapd.conf".


        I suspect the config file was converted to a config dir during the
        Debian upgrade process, so the file is now being ignored.

        I also suspect that there may not be a valid password set on the
        cn=config suffix, so you will not be able to manage the server through
        LDAP either.


    Since it's starting on ldapi:/// he should just do a SASL EXTERNAL bind on
    ldapi:// using Unix root. Pretty sure Debian packages it with the
    appropriate authz-regexp already configured.

Tks for the tips guys. I'll try all this stuff at launch time here in Brazil
(about 2 hours from now). There are to many users using Samba right now, and
every time I have to restart the OpenLDAP something on samba crashes.

The entire point of using cn=config for configuration is that config changesdon't require slapd restarts.

As far as i'm concerned, i didn't have the need to use SASL, and it seems that
all this SASL mechanism was auto-introduced in my setup after the upgrade. Is
it safe to edit /etc/defaults/slapd and remove the "ldapi:///" parameter in
SLAPD_SERVICES line or i can break something very hard doing this?

Removing that would be dumb. It's there to give you an easy means toadminister the server.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Re: ldap auth does not works after openldap upgrade
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: ldap auth does not works after openldap upgrade
  - From: Leonardo Carneiro <chesterman86@gmail.com>
- Re: ldap auth does not works after openldap upgrade
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: ldap auth does not works after openldap upgrade
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: ldap auth does not works after openldap upgrade
  - From: Leonardo Carneiro <chesterman86@gmail.com>
- Re: ldap auth does not works after openldap upgrade
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: ldap auth does not works after openldap upgrade
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: ldap auth does not works after openldap upgrade
  - From: Leonardo Carneiro <chesterman86@gmail.com>
- Re: ldap auth does not works after openldap upgrade
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: ldap auth does not works after openldap upgrade
  - From: Howard Chu <hyc@symas.com>
- Re: ldap auth does not works after openldap upgrade
  - From: Leonardo Carneiro <chesterman86@gmail.com>

Prev by Date: Re: ldap auth does not works after openldap upgrade
Next by Date: Re: Conflict resolution on Syncrepl
Index(es):
- Chronological
- Thread