LDAP configuration help needed! PLEASE

• Previous message: Ben Brown: "Re: Two Questions"
• Next in thread: Craig White: "Re: LDAP configuration help needed! PLEASE"
• Reply: Craig White: "Re: LDAP configuration help needed! PLEASE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

date: Wed, 29 Sep 2004 16:38:19 -0000
To: fedora-list@redhat.com

Hello All,

I'm trying to implement Open-LDAP. I've been reading the books/docs and online
docs and I'm now to the point where I'm trying to create my .ldif files using
the /usr/share/openldap/migration tools. I keep getting errors trying to run the
migrate_all_offline.sh script. I'll explain my environment before parsing the
errors:

I've never used NIS in this environment and I want to also implement samba.
Here's some of the slapd.conf file:

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/samba.schema

I only added the samba.schema to the includes, all else was left alone

My O'Reilly book for LDAP (nor any of the other docs I've come across) doesn't
discuss these entries (can anyone tell me what to use them for):

# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la

I created a slapd.pem certificate but wondered if I should wait until I know
it's running before I turn this on:

#
# The next three lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
TLSCertificateFile /usr/share/ssl/certs/slapd.pem
TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt

Now I'm wanting to implement Samba with this and I found a sample slapd.conf
file that indicated setting the following. I'm a bit confused about the
ou=People entry but I'm assuming this will all be setup by the schema. However
my rootdn is different (see below this entry):

access to attrs=lmPassword,ntPassword
        by dn="cn=root,ou=People,dc=jemconsult,dc=biz" write
        by * none
access to dn="dc=jemconsult,dc=biz"
 by self write
 by * read

As I'm new I didn't change the database type that was defined in the file (left
as is). Would it be advisable to change the type and if so did they too get
installed with the default open-ldap packages?

database ldbm
suffix "dc=jemconsult,dc=biz"
rootdn "cn=root,dc=jemconsult,dc=biz"
rootpw {SSHA}I'VE_SET_THIS_TOO

The directory permissions have been set for the database to 700:
directory /var/lib/ldap

I left most of my indices but added a few for Samba (from examples):
# Indices to maintain
index objectClass,uid,uidNumber,gidNumber,memberUid pres,eq
index cn,mail,surname,givenname eq,subinitial
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub

All of my replication stuff is commented at as I don't need it yet and don't
want to further complicate the matter.

Now when I run the /usr/share/openldap/migration/migrate_all_offline.sh I get
the following output (I started the debugging mode #!/bin/sh -x):

[root@srv01 migration]# ./migrate_all_offline.sh
+ INSTDIR=/usr/share/openldap/migration/
++ mktemp /tmp/nis.ldif.XXXXXX
+ DB=/tmp/nis.ldif.zfjTlI
+ '[' X = X ']'
+ ETC_ALIASES=/etc/aliases
+ '[' X = X ']'
+ ETC_HOSTS=/etc/hosts
+ '[' X = X ']'
+ ETC_NETWORKS=/etc/networks
+ '[' X = X ']'
+ ETC_PASSWD=/etc/passwd
+ '[' X = X ']'
+ ETC_GROUP=/etc/group
+ '[' X = X ']'
+ ETC_SERVICES=/etc/services
+ '[' X = X ']'
+ ETC_PROTOCOLS=/etc/protocols
+ '[' X = X ']'
+ ETC_RPC=/etc/rpc
+ '[' X = X ']'
+ ETC_NETGROUP=/etc/netgroup
+ '[' X = X ']'
+ '[' -x /usr/bin/perl ']'
+ PERL=/usr/bin/perl
+ '[' X = X ']'
+ '[' -x /usr/local/etc/ldif2ldbm ']'
+ '[' -x /usr/local/sbin/ldif2ldbm ']'
+ '[' -x /usr/sbin/ldif2ldbm ']'
+ '[' -x /bin/slapd/server/ns-slapd ']'
+ '[' -x /usr/iplanet/servers/bin/slapd/server/dsimport ']'
+ '[' -x /usr/local/sbin/slapadd ']'
+ '[' -x /usr/sbin/slapadd ']'
+ SLAPADD=/usr/sbin/slapadd
+ echo 'Creating naming context entries...'
Creating naming context entries...
+ /usr/bin/perl -I/usr/share/openldap/migration/
/usr/share/openldap/migration/migrate_base.pl
+ echo 'Migrating aliases...'
Migrating aliases...
+ /usr/bin/perl -I/usr/share/openldap/migration/
/usr/share/openldap/migration/migrate_aliases.pl /etc/aliases
+ echo 'Migrating groups...'
Migrating groups...
+ /usr/bin/perl -I/usr/share/openldap/migration/
/usr/share/openldap/migration/migrate_group.pl /etc/group
+ echo 'Migrating hosts...'
Migrating hosts...
+ /usr/bin/perl -I/usr/share/openldap/migration/
/usr/share/openldap/migration/migrate_hosts.pl /etc/hosts
+ echo 'Migrating networks...'
Migrating networks...
+ /usr/bin/perl -I/usr/share/openldap/migration/
/usr/share/openldap/migration/migrate_networks.pl /etc/networks
+ echo 'Migrating users...'
Migrating users...
+ /usr/bin/perl -I/usr/share/openldap/migration/
/usr/share/openldap/migration/migrate_passwd.pl /etc/passwd
+ echo 'Migrating protocols...'
Migrating protocols...
+ /usr/bin/perl -I/usr/share/openldap/migration/
/usr/share/openldap/migration/migrate_protocols.pl /etc/protocols
+ echo 'Migrating rpcs...'
Migrating rpcs...
+ /usr/bin/perl -I/usr/share/openldap/migration/
/usr/share/openldap/migration/migrate_rpc.pl /etc/rpc
+ echo 'Migrating services...'
Migrating services...
+ /usr/bin/perl -I/usr/share/openldap/migration/
/usr/share/openldap/migration/migrate_services.pl /etc/services
+ echo 'Migrating netgroups...'
Migrating netgroups...
+ /usr/bin/perl -I/usr/share/openldap/migration/
/usr/share/openldap/migration/migrate_netgroup.pl /etc/netgroup
+ echo 'Importing into LDAP...'
Importing into LDAP...
+ echo 'Migrating netgroups (by user)...'
Migrating netgroups (by user)...
+ /usr/bin/perl -I/usr/share/openldap/migration/
/usr/share/openldap/migration/migrate_netgroup_byuser.pl /etc/netgroup
sh: line 1: /etc/netgroup: No such file or directory
+ echo 'Migrating netgroups (by host)...'
Migrating netgroups (by host)...
+ /usr/bin/perl -I/usr/share/openldap/migration/
/usr/share/openldap/migration/migrate_netgroup_byhost.pl /etc/netgroup
sh: line 1: /etc/netgroup: No such file or directory
+ echo 'Preparing LDAP database...'
Preparing LDAP database...
+ '[' X/usr/sbin/slapadd = X ']'
+ /usr/sbin/slapadd -l /tmp/nis.ldif.zfjTlI
slapadd: could not parse entry (line=71)
+ EXITCODE=1
+ '[' X '!=' Xno ']'
+ exit 1

When I parse the temp file on line 71 I get the following (set nu enabled):

71
     72 dn: cn=info,ou=Aliases,dc=jemconsult,dc=biz
     73 cn: info
     74 objectClass: nisMailAlias
     75 objectClass: top
     76 rfc822MailMember: jmarc1

I get files produced in the /var/lib/ldap directory:

ls -la /var/lib/ldap
total 40
drwx------ 2 ldap ldap 4096 Sep 29 12:30 .
drwxr-xr-x 23 root root 4096 Sep 17 17:50 ..
-rw------- 1 root root 8192 Sep 29 12:30 dn2id.dbb
-rw------- 1 root root 8192 Sep 29 12:30 id2entry.dbb
-rw------- 1 root root 8192 Sep 29 12:30 nextid.dbb
-rw------- 1 root root 8192 Sep 29 12:30 objectClass.dbb

I think I'll have to change the permissions later (after I'm sure it'll work)

As I'm getting these errors with the shell script I'm not sure of how to
proceed. Can anyone give me some pointers?

Thanks,

James

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

• Previous message: Ben Brown: "Re: Two Questions"
• Next in thread: Craig White: "Re: LDAP configuration help needed! PLEASE"
• Reply: Craig White: "Re: LDAP configuration help needed! PLEASE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]