Am Wed, 16 Aug 2017 14:43:28 -0300
schrieb playerum <controle...@gmail.com>:
> All right, now I have the files below in the directory
> "/usr/local/openldap/etc/openldap/slapd.d/cn=config"
> drwxr-x--- 2 ldap ldap 4096 Ago 16 13:53 cn=schema
> -rw------- 1 ldap ldap 85100 Ago 16 13:53 cn=schema.ldif
> -rw------- 1 ldap ldap 584 Ago 16 13:53 olcDatabase={0}config.ldif
> drwxr-x--- 2 ldap ldap 4096 Ago 16 13:53 olcDatabase={1}bdb
> -rw------- 1 ldap ldap 2907 Ago 16 13:53 olcDatabase={1}bdb.ldif
> -rw------- 1 ldap ldap 810 Ago 16 13:53
> olcDatabase={-1}frontend.ldif -rw------- 1 ldap ldap 617 Ago 16
> 13:53 olcDatabase={2}monitor.ldif
>
>
> I saw that "olcDatabase={1}bdb.ldif" has the "olcRootDN" and
> "olcRootPW", but the comand do not work.
>
> ldapsearch -Y EXTERNAL -H ldapi:/// -b olcDatabase={1}bdb,cn=config
> -s sub "(objectClass=olcDatabaseConfig)" olcRootDN olcRootPW
>
> SASL/EXTERNAL authentication started
> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> SASL SSF: 0
> # extended LDIF
> #
> # LDAPv3
> # base <olcDatabase={1}bdb,cn=config> with scope subtree
> # filter: (objectClass=olcDatabaseConfig)
> # requesting: olcRootDN olcRootPW
> #
>
> # search result
> search: 2
> result: 32 No such object
>
> # numResponses: 1
[...]
This sounds like an access control problem. You MUST act as root, that
is you must be uid=0 and gid=0, check this with 'id', and check
cn=config.ldif whether there is an attribute value of:
olcAuthzRegexp:
{0}"gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth "
"cn=config"
-Dieter
--
Dieter Klünter | Systemberatung
https://sys4.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E
_______________________________________________
ltb-users mailing list
ltb-users@lists.ltb-project.org
https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-users
