作者主題: ldap的問題.. (閱讀 8688 次)

kinux · « 於: 2004-03-23 05:40 »

我在freebsd上用ports安裝了openldap..
改了slapd.conf
suffix "dc=test,dc=example,dc=org"
rootdn "cn=Manager,dc=test,dc=example,dc=org"

之後運行
su root -c /usr/local/libexec/slapd

看到slapd是運行了..
# sockstat -4 | grep 389
root slapd 187 9 tcp4 *:389 *:*
# netstat -a | grep ldap
tcp4 0 0 *.ldap *.* LISTEN
tcp6 0 0 *.ldap *.* LISTEN

但是當用ldapsearch時就不行了..

# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
ldap_bind: Can't contact LDAP server (-1)

這是什么問題??

我是看這裡做的..
http://www.openldap.org/doc/admin22/quickstart.html

damon · « **回覆 #1 於:** 2004-03-23 09:29 »

/usr/local/etc/rc.d/會有寫好的script給你用

kinux · « **回覆 #2 於:** 2004-03-23 11:24 »

引述: "damon"

/usr/local/etc/rc.d/會有寫好的script給你用

不能運作..
-r-xr-xr-x 1 root wheel 2472 Mar 23 11:19 slapd.sh

# /usr/local/etc/rc.d/slapd.sh start
# sockstat -4 | grep 389
# netstat -a | grep ldap

不過用/usr/local/libexec/slapd就可以了..
# /usr/local/libexec/slapd
# sockstat -4 | grep 389
root slapd 88876 9 tcp4 *:389 *:*
# netstat -a | grep ldap
tcp4 0 0 *.ldap *.* LISTEN
tcp6 0 0 *.ldap *.* LISTEN

還是一樣..
# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
ldap_bind: Can't contact LDAP server (-1)

kinux · « **回覆 #3 於:** 2004-03-25 09:32 »

以下這些是什麼意思, 有人懂嗎 ?

test# /usr/local/libexec/slapd -u ldap -d 16
@(#) $OpenLDAP: slapd 2.2.6 (Mar 24 2004 20:54:02) $
kinux@test.example.com:/usr/ports/net/openldap22-server/work/openldap-
2.2.6/servers/slapd
daemon: bind(8) failed errno=48 (Address already in use)
daemon: bind(8) failed errno=48 (Address already in use)
slapd stopped.
connections_destroy: nothing to destroy.

test# /usr/local/libexec/slapd -u ldap -d 63
@(#) $OpenLDAP: slapd 2.2.6 (Mar 24 2004 20:54:02) $
kinux@test.example.com:/usr/ports/net/openldap22-server/work/openldap-
2.2.6/servers/slapd
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: bind(8) failed errno=48 (Address already in use)
daemon: bind(8) failed errno=48 (Address already in use)
slap_open_listener: failed on ldap:///
slapd stopped.
connections_destroy: nothing to destroy.

test# /usr/local/libexec/slapd -u ldap -d 63 -h ldap://test.example.com:389
@(#) $OpenLDAP: slapd 2.2.6 (Mar 24 2004 20:54:02) $
kinux@test.example.com:/usr/ports/net/openldap22-server/work/openldap-
2.2.6/servers/slapd
daemon_init: ldap://test.example.com:389
daemon_init: listen on ldap://test.example.com:389
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap://test.example.com:389)
daemon: initialized ldap://test.example.com:389
daemon_init: 1 listeners opened
slapd init: initiated server.
bdb_initialize: initialize BDB backend
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
could not open config file "/usr/local/etc/openldap/slapd.conf": Permission deni
ed (13)
slapd shutdown: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.

sincat · « **回覆 #4 於:** 2004-04-08 09:42 »

你的 slapd.conf 權限有誤
could not open config file "/usr/local/etc/openldap/slapd.conf": Permission deni
ed (13)

kinux · « **回覆 #5 於:** 2004-04-10 23:54 »

我把slapd.conf chmod 755 之後..
test# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
ldap_bind: Can't contact LDAP server (-1)
還是一樣

test# /usr/local/libexec/slapd -u ldap -d 63 -h ldap://test.example.org:389
@(#) $OpenLDAP: slapd 2.2.8 (Apr 10 2004 11:42:48) $
snort@test.example.org:/usr/ports/net/openldap22-server/work/openldap-2.2.
8/servers/slapd
daemon_init: ldap://test.example.org:389
daemon_init: listen on ldap://test.example.org:389
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap://test.example.org:389)
daemon: initialized ldap://test.example.org:389
daemon_init: 1 listeners opened
slapd init: initiated server.
bdb_initialize: initialize BDB backend
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
bdb_initialize: initialize BDB backend
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
>>> dnNormalize: <cn=Subschema>
=> ldap_bv2dn(cn=Subschema,0)
<= ldap_bv2dn(cn=Subschema,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=subschema,272)=0
<<< dnNormalize: <cn=subschema>
bdb_db_init: Initializing BDB database
>>> dnPrettyNormal: <dc=test,dc=example,dc=org>
=> ldap_bv2dn(dc=test,dc=example,dc=org,0)
<= ldap_bv2dn(dc=test,dc=example,dc=org,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=test,dc=example,dc=org,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=test,dc=example,dc=org,272)=0
<<< dnPrettyNormal: <dc=test,dc=example,dc=org>, <dc=test,dc=example,dc=org>

>>> dnPrettyNormal: <cn=Manager,dc=test,dc=example,dc=org>
=> ldap_bv2dn(cn=Manager,dc=test,dc=example,dc=org,0)
<= ldap_bv2dn(cn=Manager,dc=test,dc=example,dc=org,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Manager,dc=test,dc=example,dc=org,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=manager,dc=test,dc=example,dc=org,272)=0
<<< dnPrettyNormal: <cn=Manager,dc=test,dc=example,dc=org>, <cn=manager,dc=test,dc
=example,dc=org>
matching_rule_use_init
1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: ( 1.2.840.11355
6.1.4.804 NAME 'integerBitOrMatch' APPLIES supportedLDAPVersion )
1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: ( 1.2.840.1135
56.1.4.803 NAME 'integerBitAndMatch' APPLIES supportedLDAPVersion )
1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: ( 1.3.6.1.
4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( email $ associatedDomain
$ dc $ mail $ altServer ) )
1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: ( 1.3.6.1.4
.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( email $ associatedDomain $
dc $ mail $ altServer ) )
2.5.13.35 (certificateMatch): matchingRuleUse: ( 2.5.13.35 NAME 'certificate
Match' APPLIES ( cACertificate $ userCertificate ) )
2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME 'certif
icateExactMatch' APPLIES ( cACertificate $ userCertificate ) )
2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: ( 2.5.13.3
0 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedApplicationConte
xt $ ldapSyntaxes $ matchingRuleUse $ objectClasses $ attributeTypes $ matchingR
ules $ supportedFeatures $ supportedExtension $ supportedControl ) )
2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29 NAME 'i
ntegerFirstComponentMatch' APPLIES supportedLDAPVersion )
2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME 'general
izedTimeMatch' APPLIES ( modifyTimestamp $ createTimestamp ) )

2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME 'pro
tocolInformationMatch' APPLIES protocolInformation )
2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemb
erMatch' APPLIES uniqueMember )
2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME 'pre
sentationAddressMatch' APPLIES presentationAddress )
2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME 'telepho
neNumberMatch' APPLIES telephoneNumber )
2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME 'octetString
Match' APPLIES userPassword )
2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatc
h' APPLIES x500UniqueIdentifier )
2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' A
PPLIES supportedLDAPVersion )
2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' A
PPLIES hasSubordinates )
2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME 'caseIgno
reListMatch' APPLIES ( registeredAddress $ postalAddress ) )
2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME 'numericStri
ngMatch' APPLIES ( internationaliSDNNumber $ x121Address ) )
2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME 'caseE
xactSubstringsMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumber
) )
2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME 'caseExa
ctOrderingMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumber ) )
2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch'
APPLIES ( uid $ dmdName $ houseIdentifier $ dnQualifier $ generationQualifier $
initials $ givenName $ destinationIndicator $ physicalDeliveryOfficeName $ post
OfficeBox $ postalCode $ businessCategory $ description $ title $ ou $ o $ stree
t $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ labeledURI $ cn $ na
me $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms ) )
2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME 'case

IgnoreSubstringsMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumb
er ) )
2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME 'caseIg
noreOrderingMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumber )
)
2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatc
h' APPLIES ( uid $ dmdName $ houseIdentifier $ dnQualifier $ generationQualifier
$ initials $ givenName $ destinationIndicator $ physicalDeliveryOfficeName $ po
stOfficeBox $ postalCode $ businessCategory $ description $ title $ ou $ o $ str
eet $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ labeledURI $ cn $
name $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms ) )
2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'disting
uishedNameMatch' APPLIES ( seeAlso $ roleOccupant $ owner $ member $ distinguish
edName $ aliasedObjectName $ namingContexts $ subschemaSubentry $ modifiersName
$ creatorsName ) )
2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectId
entifierMatch' APPLIES ( supportedApplicationContext $ supportedFeatures $ suppo
rtedExtension $ supportedControl ) )
slapd startup: initiated.
bdb_db_open: dc=test,dc=example,dc=org
bdb_db_open: dbenv_open(/var/db/openldap-data)
bdb(dc=test,dc=example,dc=org): /var/db/openldap-data/__db.001: Permission denied
bdb_db_open: dbenv_open failed: Permission denied (13)
backend_startup: bi_db_open(0) failed! (13)
slapd shutdown: initiated
====> bdb_cache_release_all
slapd shutdown: freeing system resources.
bdb(dc=test,dc=example,dc=org): txn_checkpoint interface requires an environment c
onfigured for the transaction subsystem
bdb_db_destroy: txn_checkpoint failed: Invalid argument (22)
slapd stopped.
connections_destroy: nothing to destroy.

kinux · « **回覆 #6 於:** 2004-04-11 21:52 »

# slaptest
config file testing succeeded

# cat slapd.conf | grep -v ^#
include /usr/local/etc/openldap/schema/core.schema

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

database bdb
suffix "dc=test,dc=example,dc=com"
rootdn "cn=Manager,dc=test,dc=example,dc=com"
rootpw secret
directory /var/db/openldap-data
index objectClass eq

我的config file 已經是沒問題了, 還有其它的東西要設置嗎 ??

sincat · « **回覆 #7 於:** 2004-04-12 09:34 »

bdb(dc=test,dc=example,dc=org): /var/db/openldap-data/__db.001: Permission denied
bdb_db_open: dbenv_open failed: Permission denied (13)

你的/var/db/openldap-data 權限有問題

kinux · « **回覆 #8 於:** 2004-04-12 20:30 »

引述: "sincat"

bdb(dc=test,dc=example,dc=org): /var/db/openldap-data/__db.001: Permission denied
bdb_db_open: dbenv_open failed: Permission denied (13)

你的/var/db/openldap-data 權限有問題

t# ll /var/db
total 1518
drwx------ 2 root wheel 512 Oct 27 23:21 ipf
-r--r--r-- 1 nobody wheel 1522834 Apr 10 04:18 locate.database
-rw-r--r-- 1 root wheel 0 Mar 29 00:02 mountdtab
drwxr-xr-x 2 ldap ldap 512 Apr 10 11:49 openldap-data
drwx------ 2 root wheel 512 Apr 10 11:46 openldap-slurp
drwxr-xr-x 111 root wheel 3072 Apr 11 09:37 pkg
-rw-r--r-- 1 root wheel 9 Oct 27 23:25 port.mkversion
drwxr-xr-x 4 root wheel 512 Apr 5 11:57 ports

t# ll /var/db/openldap-data/
total 542
-rw------- 1 ldap ldap 8192 Apr 12 05:01 __db.001
-rw------- 1 ldap ldap 270336 Apr 12 05:01 __db.002
-rw------- 1 ldap ldap 98304 Apr 12 05:01 __db.003
-rw------- 1 ldap ldap 368640 Apr 12 05:01 __db.004
-rw------- 1 ldap ldap 16384 Apr 12 05:01 __db.005
-rw------- 1 ldap ldap 8192 Apr 12 05:00 dn2id.bdb
-rw------- 1 ldap ldap 32768 Apr 12 05:00 id2entry.bdb
-rw------- 1 ldap ldap 45283 Apr 12 05:00 log.0000000001

有哪个是要改的..??

酷!學園

最新消息: