For weeks now I tried to get an OpenLDAP-server on a local FreeBSD
7.0-PRE box running, but with no success. Within the last 8 weeks I
tried nearly EVERY tutorial and there explained setups, but whenever I
try to authenticate or find an ID for an existing user in the DIT, I
receive either errors that the client (pam/nss, ssh, id etc.) can not
connect to the slapd running on the same machine.
Calling ldapsearch from both the localhost running the slapd and from a
client in the network runs well, I receive a dump of every object
created in the LDAP tree.
At this point it seems senseless to try out what's going wrong and I
need some hints or tipps. I read about others successfully running
OpenLDAP on FBSD 6 and 5, but no one seems running OpenLDAP based
services on FBSD 7.
In most cases when changing /etc/nsswitch.conf (renaming password/group:
compat to password/group: files ldap as suggested in most of the
tutorials) the box gets unusable running the request (eithe looking for
an user id, starting a xterm, login in as root via console). Everything
which seems to look for an user ID takes more than a minute to startup
or dump errors. Even if I try to log in as a user that is only on local
machine (root and a special user) it seems that fallback to 'files'
doesn't work properly or the timeout takes thta long.
I'm not a professional in OpenLDAP, but I tried several configs found in
LinuxWiki on Gentoo or Debian boxes without problems. Even the simplest
config seems not to work on FreeBSD 7! In many cases ACLs seem to be the
culprit, but even setting 'access to * by * write' or configuring binddn
and binddnpw in /usr/local/etc/ldap.conf and nss_ldap.conf as the same
as the rootdn in slapd.conf doesn't work and results in the same problem.
If anyone willing to help and running ldap services on a FreeBSD 7.0-PRE
box, he or she is welcome!
Thanks in advance,
P.S. If someone wants me to offer config details and/or log excerpts,
please contact me.
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"