作者 主題: ldap的問題..  (閱讀 8447 次)

0 會員 與 1 訪客 正在閱讀本文。

kinux

  • 活潑的大學生
  • ***
  • 文章數: 211
    • 檢視個人資料
ldap的問題..
« 於: 2004-03-23 05:40 »
我在freebsd上用ports安裝了openldap..
改了slapd.conf
suffix "dc=test,dc=example,dc=org"
rootdn "cn=Manager,dc=test,dc=example,dc=org"

之後運行
su root -c /usr/local/libexec/slapd

看到slapd是運行了..
# sockstat -4 | grep 389
root slapd 187 9 tcp4 *:389 *:*
# netstat -a | grep ldap
tcp4 0 0 *.ldap *.* LISTEN
tcp6 0 0 *.ldap *.* LISTEN

但是當用ldapsearch時就不行了..

# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
ldap_bind: Can't contact LDAP server (-1)

這是什么問題??

我是看這裡做的..
http://www.openldap.org/doc/admin22/quickstart.html

damon

  • 管理員
  • 俺是博士!
  • *****
  • 文章數: 4227
    • 檢視個人資料
    • http://blog.damon.tw/
ldap的問題..
« 回覆 #1 於: 2004-03-23 09:29 »
/usr/local/etc/rc.d/會有寫好的script給你用

kinux

  • 活潑的大學生
  • ***
  • 文章數: 211
    • 檢視個人資料
ldap的問題..
« 回覆 #2 於: 2004-03-23 11:24 »
引述: "damon"
/usr/local/etc/rc.d/會有寫好的script給你用


不能運作..
-r-xr-xr-x  1 root  wheel  2472 Mar 23 11:19 slapd.sh

# /usr/local/etc/rc.d/slapd.sh start
# sockstat -4 | grep 389
# netstat -a | grep ldap

不過用/usr/local/libexec/slapd就可以了..
# /usr/local/libexec/slapd
# sockstat -4 | grep 389
root     slapd    88876    9 tcp4   *:389                 *:*
# netstat -a | grep ldap
tcp4       0      0  *.ldap                 *.*                    LISTEN
tcp6       0      0  *.ldap                 *.*                    LISTEN

還是一樣..
# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
ldap_bind: Can't contact LDAP server (-1)

kinux

  • 活潑的大學生
  • ***
  • 文章數: 211
    • 檢視個人資料
ldap的問題..
« 回覆 #3 於: 2004-03-25 09:32 »
以下這些是什麼意思, 有人懂嗎 ?

test# /usr/local/libexec/slapd -u ldap -d 16
@(#) $OpenLDAP: slapd 2.2.6 (Mar 24 2004 20:54:02) $
        kinux@test.example.com:/usr/ports/net/openldap22-server/work/openldap-
2.2.6/servers/slapd
daemon: bind(8) failed errno=48 (Address already in use)
daemon: bind(8) failed errno=48 (Address already in use)
slapd stopped.
connections_destroy: nothing to destroy.

test# /usr/local/libexec/slapd -u ldap -d 63
@(#) $OpenLDAP: slapd 2.2.6 (Mar 24 2004 20:54:02) $
        kinux@test.example.com:/usr/ports/net/openldap22-server/work/openldap-
2.2.6/servers/slapd
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: bind(8) failed errno=48 (Address already in use)
daemon: bind(8) failed errno=48 (Address already in use)
slap_open_listener: failed on ldap:///
slapd stopped.
connections_destroy: nothing to destroy.

test# /usr/local/libexec/slapd -u ldap -d 63 -h ldap://test.example.com:389
@(#) $OpenLDAP: slapd 2.2.6 (Mar 24 2004 20:54:02) $
        kinux@test.example.com:/usr/ports/net/openldap22-server/work/openldap-
2.2.6/servers/slapd
daemon_init: ldap://test.example.com:389
daemon_init: listen on ldap://test.example.com:389
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap://test.example.com:389)
daemon: initialized ldap://test.example.com:389
daemon_init: 1 listeners opened
slapd init: initiated server.
bdb_initialize: initialize BDB backend
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
could not open config file "/usr/local/etc/openldap/slapd.conf": Permission deni
ed (13)
slapd shutdown: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.

sincat

  • 憂鬱的高中生
  • ***
  • 文章數: 102
    • 檢視個人資料
ldap的問題..
« 回覆 #4 於: 2004-04-08 09:42 »
你的 slapd.conf 權限有誤
could not open config file "/usr/local/etc/openldap/slapd.conf": Permission deni
ed (13)

kinux

  • 活潑的大學生
  • ***
  • 文章數: 211
    • 檢視個人資料
ldap的問題..
« 回覆 #5 於: 2004-04-10 23:54 »
我把slapd.conf chmod 755 之後..
test# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
ldap_bind: Can't contact LDAP server (-1)
還是一樣

test# /usr/local/libexec/slapd -u ldap -d 63 -h ldap://test.example.org:389
@(#) $OpenLDAP: slapd 2.2.8 (Apr 10 2004 11:42:48) $
        snort@test.example.org:/usr/ports/net/openldap22-server/work/openldap-2.2.
8/servers/slapd
daemon_init: ldap://test.example.org:389
daemon_init: listen on ldap://test.example.org:389
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap://test.example.org:389)
daemon: initialized ldap://test.example.org:389
daemon_init: 1 listeners opened
slapd init: initiated server.
bdb_initialize: initialize BDB backend
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
bdb_initialize: initialize BDB backend
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
>>> dnNormalize: <cn=Subschema>
=> ldap_bv2dn(cn=Subschema,0)
<= ldap_bv2dn(cn=Subschema,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=subschema,272)=0
<<< dnNormalize: <cn=subschema>
bdb_db_init: Initializing BDB database
>>> dnPrettyNormal: <dc=test,dc=example,dc=org>
=> ldap_bv2dn(dc=test,dc=example,dc=org,0)
<= ldap_bv2dn(dc=test,dc=example,dc=org,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=test,dc=example,dc=org,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=test,dc=example,dc=org,272)=0
<<< dnPrettyNormal: <dc=test,dc=example,dc=org>, <dc=test,dc=example,dc=org>

>>> dnPrettyNormal: <cn=Manager,dc=test,dc=example,dc=org>
=> ldap_bv2dn(cn=Manager,dc=test,dc=example,dc=org,0)
<= ldap_bv2dn(cn=Manager,dc=test,dc=example,dc=org,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Manager,dc=test,dc=example,dc=org,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=manager,dc=test,dc=example,dc=org,272)=0
<<< dnPrettyNormal: <cn=Manager,dc=test,dc=example,dc=org>, <cn=manager,dc=test,dc
=example,dc=org>
matching_rule_use_init
    1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: ( 1.2.840.11355
6.1.4.804 NAME 'integerBitOrMatch' APPLIES supportedLDAPVersion )
    1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: ( 1.2.840.1135
56.1.4.803 NAME 'integerBitAndMatch' APPLIES supportedLDAPVersion )
    1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: ( 1.3.6.1.
4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( email $ associatedDomain
$ dc $ mail $ altServer ) )
    1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: ( 1.3.6.1.4
.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( email $ associatedDomain $
dc $ mail $ altServer ) )
    2.5.13.35 (certificateMatch): matchingRuleUse: ( 2.5.13.35 NAME 'certificate
Match' APPLIES ( cACertificate $ userCertificate ) )
    2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME 'certif
icateExactMatch' APPLIES ( cACertificate $ userCertificate ) )
    2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: ( 2.5.13.3
0 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedApplicationConte
xt $ ldapSyntaxes $ matchingRuleUse $ objectClasses $ attributeTypes $ matchingR
ules $ supportedFeatures $ supportedExtension $ supportedControl ) )
    2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29 NAME 'i
ntegerFirstComponentMatch' APPLIES supportedLDAPVersion )
    2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME 'general
izedTimeMatch' APPLIES ( modifyTimestamp $ createTimestamp ) )

    2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME 'pro
tocolInformationMatch' APPLIES protocolInformation )
    2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemb
erMatch' APPLIES uniqueMember )
    2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME 'pre
sentationAddressMatch' APPLIES presentationAddress )
    2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME 'telepho
neNumberMatch' APPLIES telephoneNumber )
    2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME 'octetString
Match' APPLIES userPassword )
    2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatc
h' APPLIES x500UniqueIdentifier )
    2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' A
PPLIES supportedLDAPVersion )
    2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' A
PPLIES hasSubordinates )
    2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME 'caseIgno
reListMatch' APPLIES ( registeredAddress $ postalAddress ) )
    2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME 'numericStri
ngMatch' APPLIES ( internationaliSDNNumber $ x121Address ) )
    2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME 'caseE
xactSubstringsMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumber
 ) )
    2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME 'caseExa
ctOrderingMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumber ) )
    2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch'
 APPLIES ( uid $ dmdName $ houseIdentifier $ dnQualifier $ generationQualifier $
 initials $ givenName $ destinationIndicator $ physicalDeliveryOfficeName $ post
OfficeBox $ postalCode $ businessCategory $ description $ title $ ou $ o $ stree
t $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ labeledURI $ cn $ na
me $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms ) )
    2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME 'case

IgnoreSubstringsMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumb
er ) )
    2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME 'caseIg
noreOrderingMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumber )
 )
    2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatc
h' APPLIES ( uid $ dmdName $ houseIdentifier $ dnQualifier $ generationQualifier
 $ initials $ givenName $ destinationIndicator $ physicalDeliveryOfficeName $ po
stOfficeBox $ postalCode $ businessCategory $ description $ title $ ou $ o $ str
eet $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ labeledURI $ cn $
name $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms ) )
    2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'disting
uishedNameMatch' APPLIES ( seeAlso $ roleOccupant $ owner $ member $ distinguish
edName $ aliasedObjectName $ namingContexts $ subschemaSubentry $ modifiersName
$ creatorsName ) )
    2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectId
entifierMatch' APPLIES ( supportedApplicationContext $ supportedFeatures $ suppo
rtedExtension $ supportedControl ) )
slapd startup: initiated.
bdb_db_open: dc=test,dc=example,dc=org
bdb_db_open: dbenv_open(/var/db/openldap-data)
bdb(dc=test,dc=example,dc=org): /var/db/openldap-data/__db.001: Permission denied
bdb_db_open: dbenv_open failed: Permission denied (13)
backend_startup: bi_db_open(0) failed! (13)
slapd shutdown: initiated
====> bdb_cache_release_all
slapd shutdown: freeing system resources.
bdb(dc=test,dc=example,dc=org): txn_checkpoint interface requires an environment c
onfigured for the transaction subsystem
bdb_db_destroy: txn_checkpoint failed: Invalid argument (22)
slapd stopped.
connections_destroy: nothing to destroy.

kinux

  • 活潑的大學生
  • ***
  • 文章數: 211
    • 檢視個人資料
ldap的問題..
« 回覆 #6 於: 2004-04-11 21:52 »
# slaptest
config file testing succeeded

# cat slapd.conf | grep -v ^#
include         /usr/local/etc/openldap/schema/core.schema

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

database        bdb
suffix          "dc=test,dc=example,dc=com"
rootdn          "cn=Manager,dc=test,dc=example,dc=com"
rootpw          secret
directory       /var/db/openldap-data
index   objectClass     eq

我的config file 已經是沒問題了, 還有其它的東西要設置嗎 ??

sincat

  • 憂鬱的高中生
  • ***
  • 文章數: 102
    • 檢視個人資料
ldap的問題..
« 回覆 #7 於: 2004-04-12 09:34 »
bdb(dc=test,dc=example,dc=org): /var/db/openldap-data/__db.001: Permission denied
bdb_db_open: dbenv_open failed: Permission denied (13)

你的/var/db/openldap-data 權限 有問題

kinux

  • 活潑的大學生
  • ***
  • 文章數: 211
    • 檢視個人資料
ldap的問題..
« 回覆 #8 於: 2004-04-12 20:30 »
引述: "sincat"
bdb(dc=test,dc=example,dc=org): /var/db/openldap-data/__db.001: Permission denied
bdb_db_open: dbenv_open failed: Permission denied (13)

你的/var/db/openldap-data 權限 有問題


t# ll /var/db
total 1518
drwx------    2 root    wheel      512 Oct 27 23:21 ipf
-r--r--r--    1 nobody  wheel  1522834 Apr 10 04:18 locate.database
-rw-r--r--    1 root    wheel        0 Mar 29 00:02 mountdtab
drwxr-xr-x    2 ldap    ldap       512 Apr 10 11:49 openldap-data
drwx------    2 root    wheel      512 Apr 10 11:46 openldap-slurp
drwxr-xr-x  111 root    wheel     3072 Apr 11 09:37 pkg
-rw-r--r--    1 root    wheel        9 Oct 27 23:25 port.mkversion
drwxr-xr-x    4 root    wheel      512 Apr  5 11:57 ports

t# ll /var/db/openldap-data/
total 542
-rw-------  1 ldap  ldap    8192 Apr 12 05:01 __db.001
-rw-------  1 ldap  ldap  270336 Apr 12 05:01 __db.002
-rw-------  1 ldap  ldap   98304 Apr 12 05:01 __db.003
-rw-------  1 ldap  ldap  368640 Apr 12 05:01 __db.004
-rw-------  1 ldap  ldap   16384 Apr 12 05:01 __db.005
-rw-------  1 ldap  ldap    8192 Apr 12 05:00 dn2id.bdb
-rw-------  1 ldap  ldap   32768 Apr 12 05:00 id2entry.bdb
-rw-------  1 ldap  ldap   45283 Apr 12 05:00 log.0000000001

有哪个是要改的..??