On Sat, Jul 26, 2003 at 02:13:28AM -0400, Bob Hall wrote:
> OpenLDAP 2.1.22, FBSD 4.8
> 
> I'm trying to set up LDAP to store passwords. Eventually I will 
> want to store addresses and do general authentication, but right 
> now I just want to do something really simple: add passwords.

While you can run OpenLDAP servers on FreeBSD 4.8 quite happily, you
won't be able to have the FreeBSD 4.8 system be a full blown client of
the LDAP server itself.  For that, you will need to upgrade to 5.1
where you can install the net/nss_ldap as well as the
security/pam_ldap port.
 
> I installed from the ports using portintall, couldn't get it to 
> work, and went back and reinstalled doing
>       # make depend
>       # make
>       # make test 
> The install didn't fail any of the tests, although make kept looping
> through the tests until I hit ^C. But I still have the same problems. 
> If anyone has succeeded in installing OpenLDAP from the ports, I'd 
> be grateful for any pointers.

It's generally best to install using ports as that gets you any
FreeBSD specific tweaks that have to be made, rather than following
the generic Unix install instructions from the software writers.

However, once the software is installed, you still need to follow the
OpenLDAP installation guide for configuring the server.  If you're
working from http://www.openldap.org/doc/admin21/quickstart.html, then
the ports installation effectively gives you steps 1 -- 7, and you can
jump to step 8 directly.

You would be well advised to read through section 5 of the admin
guide: http://www.openldap.org/doc/admin21/slapdconfig.html so that
you can gain a deeper understanding of what the instructions in
section 8 of the quick start guide actually do.

> I'm trying to do the Quick Install described at www.openldap.org. The 
> first problem is that the doc claims that this is supposed to be a 
> non-referring set up, which is what I want, but OpenLDAP complains that 
> there's no referral. So I've uncommented the referral line in slapd.conf. 
> But attempts to add records still fail. 
> 
> When I do search prior to adding records, I get
> # /usr/local/bin/ldapsearch -x -b '' -s base '(objectclass=*)'
>       dn:
>       objectClass: top
>       objectClass: OpenLDAProotDSE
> When I try to add records without a referral, I get 
> # ldapadd -x -v -D "cn=Manager,dc=domain,dc=net" -W -f domain.ldif
>       additional info: referral missing
> With the referral, I get
>       ldapadd: update failed: dc=domain, dc=net   objectclass: dcObject   
>               objectclass: organization   o: SNAFU   
>               dc: domain 
>       ldap_add: Referral (10)
>                       referrals:
>                       
> ldap://root.openldap.org/dc=domain,dc=net%20%20%20objectclass:%20dcObject%20%20%20objectclass:%20organization%20%20%20o:%20SNAFU%20%20%20dc:%20domain
> 
> Configuration
> # less slap.conf
> include         /usr/local/etc/openldap/schema/core.schema
> referral       ldap://root.openldap.org
> pidfile         /var/run/ldap/slapd.pid
> argsfile        /var/run/ldap/slapd.args
> database        bdb
> suffix          "dc=domain, dc=net"
> rootdn          "cn=Manager, dc=domain, dc=net"
> rootpw          <md5 hash>
> directory       /var/db/openldap-data
> index   objectClass     eq
> 
> # less domain.ldif
> dn: dc=domain, dc=net
>     objectclass: dcObject
>     objectclass: organization
>     o: SNAFU
>     dc: domain
> dn: cn=Manager, dc=domain, dc=net
>     objectclass: organizationalRole
>     cn: Manager

What's the BASE setting in /usr/local/etc/openldap/ldap.conf ? That
will set the default dn where clients search for data.  As it is, your
slapd.conf says that it serves the dn appropriate for 'domain.net' 

The other question is what security settings have you entered into
slapd.conf ?  The default security setting is 'Allow read by all' and
only the rootdn can write anywhere.  

        Cheers,

        Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to