From owner-freebsd-questions@FreeBSD.ORG Sat Jul 26 04:09:00 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B4C737B401 for ; Sat, 26 Jul 2003 04:09:00 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29FE743FBF for ; Sat, 26 Jul 2003 04:08:59 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) h6QB8mMc030517 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 26 Jul 2003 12:08:55 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)h6QB8mvl030516 for freebsd-questions@freebsd.org; Sat, 26 Jul 2003 12:08:48 +0100 (BST) (envelope-from matthew) Date: Sat, 26 Jul 2003 12:08:48 +0100 From: Matthew Seaman To: FreeBSD Questions List Message-ID: <20030726110848.GC29324@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , FreeBSD Questions List References: <20030726061328.GA73902@kongemord.krig.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2JFBq9zoW8cOFH7v" Content-Disposition: inline In-Reply-To: <20030726061328.GA73902@kongemord.krig.net> User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-8.9 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE_2, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT autolearn=ham version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) Subject: Re: Setting up OpenLDAP X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jul 2003 11:09:00 -0000 --2JFBq9zoW8cOFH7v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jul 26, 2003 at 02:13:28AM -0400, Bob Hall wrote: > OpenLDAP 2.1.22, FBSD 4.8 >=20 > I'm trying to set up LDAP to store passwords. Eventually I will=20 > want to store addresses and do general authentication, but right=20 > now I just want to do something really simple: add passwords. While you can run OpenLDAP servers on FreeBSD 4.8 quite happily, you won't be able to have the FreeBSD 4.8 system be a full blown client of the LDAP server itself. For that, you will need to upgrade to 5.1 where you can install the net/nss_ldap as well as the security/pam_ldap port. =20 > I installed from the ports using portintall, couldn't get it to=20 > work, and went back and reinstalled doing > # make depend > # make > # make test=20 > The install didn't fail any of the tests, although make kept looping > through the tests until I hit ^C. But I still have the same problems.=20 > If anyone has succeeded in installing OpenLDAP from the ports, I'd=20 > be grateful for any pointers. It's generally best to install using ports as that gets you any FreeBSD specific tweaks that have to be made, rather than following the generic Unix install instructions from the software writers. However, once the software is installed, you still need to follow the OpenLDAP installation guide for configuring the server. If you're working from http://www.openldap.org/doc/admin21/quickstart.html, then the ports installation effectively gives you steps 1 -- 7, and you can jump to step 8 directly. You would be well advised to read through section 5 of the admin guide: http://www.openldap.org/doc/admin21/slapdconfig.html so that you can gain a deeper understanding of what the instructions in section 8 of the quick start guide actually do. > I'm trying to do the Quick Install described at www.openldap.org. The=20 > first problem is that the doc claims that this is supposed to be a=20 > non-referring set up, which is what I want, but OpenLDAP complains that= =20 > there's no referral. So I've uncommented the referral line in slapd.conf.= =20 > But attempts to add records still fail.=20 >=20 > When I do search prior to adding records, I get > # /usr/local/bin/ldapsearch -x -b '' -s base '(objectclass=3D*)' > dn: > objectClass: top > objectClass: OpenLDAProotDSE > When I try to add records without a referral, I get=20 > # ldapadd -x -v -D "cn=3DManager,dc=3Ddomain,dc=3Dnet" -W -f domain.ldif > additional info: referral missing > With the referral, I get > ldapadd: update failed: dc=3Ddomain, dc=3Dnet objectclass: dcObject = =20 > objectclass: organization o: SNAFU =20 > dc: domain=20 > ldap_add: Referral (10) > referrals: > ldap://root.openldap.org/dc=3Ddomain,dc=3Dnet%20%20%20ob= jectclass:%20dcObject%20%20%20objectclass:%20organization%20%20%20o:%20SNAF= U%20%20%20dc:%20domain >=20 > Configuration > # less slap.conf > include /usr/local/etc/openldap/schema/core.schema > referral ldap://root.openldap.org > pidfile /var/run/ldap/slapd.pid > argsfile /var/run/ldap/slapd.args > database bdb > suffix "dc=3Ddomain, dc=3Dnet" > rootdn "cn=3DManager, dc=3Ddomain, dc=3Dnet" > rootpw > directory /var/db/openldap-data > index objectClass eq >=20 > # less domain.ldif > dn: dc=3Ddomain, dc=3Dnet > objectclass: dcObject > objectclass: organization > o: SNAFU > dc: domain > dn: cn=3DManager, dc=3Ddomain, dc=3Dnet > objectclass: organizationalRole > cn: Manager What's the BASE setting in /usr/local/etc/openldap/ldap.conf ? That will set the default dn where clients search for data. As it is, your slapd.conf says that it serves the dn appropriate for 'domain.net'=20 The other question is what security settings have you entered into slapd.conf ? The default security setting is 'Allow read by all' and only the rootdn can write anywhere. =20 Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --2JFBq9zoW8cOFH7v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/ImFAdtESqEQa7a0RApVYAJ9nzeVfx9BtDNG9e/mCXN/F88GW4wCfdUw6 1pOIom/1dsXx9pr3v++InBU= =adGB -----END PGP SIGNATURE----- --2JFBq9zoW8cOFH7v--