[LINUX_Newbies] help me in openldap server (freebsd)

Fri, 25 Mar 2011 17:06:08 -0700 

Dear all,

i have configured openldap in freebsd.   when i start slapd service. it show 
message in /var/log/messenge

"Mar 25 16:11:45 ldap2 slapd[1268]: nss_ldap: could not search LDAP server - 
Server is unavailable "

++++++++++++++++++++++++++++++
   myldap.conf file is....

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
base      dc=albiruni,dc=com
uri       ldap://localhost/
rootbinddn cn=admin,dc=albiruni,dc=com
#bind_policy soft
ssl start_tls
TLS_REQCERT allow
pam_login_attribute uid

++++++++++++++++++++++++++++++++++++++++++++++++++++++ and slapd.conf file 
is.........

# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
Include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

# Load dynamic backend modules:
modulepath      /usr/local/libexec/openldap
moduleload      back_bdb
# moduleload    back_hdb
# moduleload    back_ldap

#  Sample security restrictions
security ssf=128
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /usr/local/etc/openldap/ssl/server.pem
TLSCertificateFile /usr/local/etc/openldap/ssl/server.pem
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/server.pem

# Sample access control policy:
access to attrs=userPassword,shadowLastChange
         by dn="cn=admin,dc=albiruni,dc=com" write
         by self write
         by anonymous auth
         by * none
access to *
          by dn="cn=admin,dc=albiruni,dc=com" write
          by * read

# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

database        bdb
suffix          "dc=albiruni,dc=com"
rootdn          "cn=admin,dc=albiruni,dc=com"
rootpw  {SSHA}lEYNuRTP9WHC6Byciv6v+rokRKngLxx0
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw         secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/db/openldap-data


# Indices to maintain
index   objectClass     eq
index   cn,sn,uid,displayName     pres,sub,eq
index   uidNumber,gidNumber,memberUid,uniqueMember eq
index   default                   sub


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 
nsswitch.conf is

# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.6.1 2010/12/21 17:09:25 kensmith Ex
p $
#

group: files cache ldap
passwd: files cache ldap
sudoers: files cache ldap


#group: compat
#group_compat: nis
hosts: files dns
networks: files
#passwd: compat
#passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
~
++++++++++++++++++++++++++++++++++++++++++++  /etc/pam.d/sshd is 
# PAM configuration for the "sshd" service

# auth
auth            sufficient      /usr/local/lib/pam_ldap.so   no_warn try_first_p
ass
auth            sufficient      pam_opie.so             no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
#auth           sufficient      pam_krb5.so             no_warn try_first_pass
#auth           sufficient      pam_ssh.so              no_warn try_first_pass
auth            required        pam_unix.so             no_warn try_first_pass

# account
account         required        /usr/local/lib/pam_ldap.so      
ignore_authinfo_unavail ignore_unknown_user
account         required        pam_nologin.so
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
session         required        /usr/local/lib/pam_mkhomedir.so debug mode=0755
skel=/usr/local/share/skel
#session        optional        pam_ssh.so
session         required        pam_permit.so

# password
#password       sufficient      pam_krb5.so             no_warn try_first_pass
 password        required        pam_unix.so             no_warn try_first_pass


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ /etc/pam.d/system is


# $FreeBSD: src/etc/pam.d/system,v 1.1.32.1.6.1 2010/12/21 17:09:25 kensmith 
Exp 
$
#
# System-wide defaults
#






# auth
auth            sufficient      /usr/local/lib/pam_ldap.so no_warn 
try_first_pass
auth            sufficient      pam_opie.so             no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
#auth           sufficient      pam_krb5.so             no_warn try_first_pass
auth            sufficient      pam_ssh.so              no_warn try_first_pass
auth            required        pam_unix.so             no_warn try_first_pass 
nullok

# account
account         required        /usr/local/lib/pam_ldap.so 
ignore_authinfo_unavail ignore_unknown_user
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
session         required        /usr/local/lib/pam_mkhomedir.so debug 
umask=0077 
skel=/usr/local/share/skel
session         optional        pam_ssh.so
session         required        pam_lastlog.so          no_fail

# password
password        sufficient      /usr/local/lib/pam_ldap.so use_authok
#password       sufficient      pam_krb5.so             no_warn try_first_pass
password        required        pam_unix.so             no_warn try_first_pass

+++++++++++++++++++++++++++++++++++++++++++++ and /etc/rc.conf
# -- sysinstall generated deltas -- # Thu Mar 24 21:15:28 2011
# Created: Thu Mar 24 21:15:28 2011
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="10.1.1.1"
hostname="ldap2.albiruni.com"
ifconfig_em0="inet 10.1.1.7  netmask 255.255.255.0"
keymap="us.iso"
sshd_enable="YES"
natd_enable="YES"

slapd_enable="YES"
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/ 
ldaps://0.0.0.0/"'
slapd_sockets="/var/run/openldap/ldapi"

+++++++++++++++++++++++++++++++++++++

please guide me what should i do for available ldap server.



      

[Non-text portions of this message have been removed]



------------------------------------

To unsubscribe from this list, please email 
[email protected] & you will be removed.Yahoo! Groups 
Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/LINUX_Newbies/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/LINUX_Newbies/join
    (Yahoo! ID required)

<*> To change settings via email:
    [email protected] 
    [email protected]

<*> To unsubscribe from this group, send an email to:
    [email protected]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Reply via email to