I ran into the same this week and you need to enable all schema "plugins" in slapd.conf
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /opt/local/etc/openldap/schema/corba.schema include /opt/local/etc/openldap/schema/core.schema include /opt/local/etc/openldap/schema/cosine.schema include /opt/local/etc/openldap/schema/duaconf.schema include /opt/local/etc/openldap/schema/dyngroup.schema include /opt/local/etc/openldap/schema/inetorgperson.schema include /opt/local/etc/openldap/schema/java.schema include /opt/local/etc/openldap/schema/misc.schema include /opt/local/etc/openldap/schema/nis.schema include /opt/local/etc/openldap/schema/openldap.schema include /opt/local/etc/openldap/schema/ppolicy.schema include /opt/local/etc/openldap/schema/collective.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/openldap/run/slapd.pid argsfile /var/openldap/run/slapd.args # Load dynamic backend modules: # modulepath /opt/local/lib/openldap # moduleload back_bdb.la # moduleload back_hdb.la # moduleload back_ldap.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions ####################################################################### database bdb suffix dc=yourowndomain,dc=dk rootdn cn=manager,dc=yourowndomain,dc=dk # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {crypt}extremesec3t # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/openldap/openldap-data # Indices to maintain index objectClass eq #allow bind_v2 bind_anon_cred bind_anon_dn update_anon -----Oorspronkelijk bericht----- Van: [email protected] [mailto:[email protected]] Verzonden: maandag 1 augustus 2016 21:53 Aan: [email protected] Onderwerp: [smartos-discuss] OpenLDAP question Not specifically a SmartOS question; however, it relates to the package. I modified the slapd.conf and the slapd.ldif for my domain. I cannot figure out what the correct slapadd command options to initialize the database. The errors vary depending upon the options. # slapadd -uvl /opt/local/etc/openldap/slapd.ldif slapadd: line 1: database #1 () not configured to hold "cn=config" Or # slapadd -uvb cn=config -l /opt/local/etc/openldap/slapd.ldif Works until I remove the u option and it errors with "could not open database". Is there a document that would have samples that work? ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
