OpenLDAP adatbázis létrehozása

HALI

Van egy kis gondom az LDAP-al.

Rendesen bekonfigurálatam a slapd-ot majd elindítottam.

az in.ldif nevű fájlba beleirtam ezt:

dn: dc=home,dc=tst
objectClass: dcObject
objectClass: organization
dc: home
description: The example corporation
o: Example Corporation Inc.

Majd megpróbáltm létrehozni a bejedzéseket ezzel a parancsal:
srv:/etc/ldap# ldapadd -W -x -D "cn=manager,dc=home,dc=tst" -f in.ldif
Enter LDAP Password:

A válasz ez:
ldap_bind: Confidentiality required (13)
additional info: confidentiality required

Mi lehet a baj? Légyszi segítsen aki tud egész reggel óta ezzel szívok.

A slapd.conf :
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/krb5-kdc.schema

schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd.args
loglevel 0
modulepath /usr/lib/ldap
moduleload back_bdb
backend bdb
database bdb
suffix "dc=home,dc=tst"
rootdn "dc=manager,dc=home,dc=tst"
rootpw {CLEANTEXT}szati
directory "/var/lib/ldap"

index default eq,pres
index objectClass eq
index cn,sn,givenname,mail eq,pres,sub
index uid,uidNumber,gidNumber
index memberUid
index krb5PrincipalName,krb5PrincipalRealm

sasl_host srv.home.tst
sasl_realm HOME.TST

password-hash {CLEARTEXT}

security simple_bind=64

Letöröltem az egész adatbázist majd ujraindítottam a slapd-ot.

létrhoztam ezt a ldif file-t:

dn: dc=home,dc=tst
objectClass: dcObject
objectClass: organization
objectClass: top
dc: home
description: The example corporation
o: Example Corporation Inc.

dn: ou=kerberos,dc=home,dc=tst
objectClass: organizationalUnit
ou: kerberos
description: Kerberos only principals

dn: ou=group,dc=home,dc=tst
objectClass: organizationalUnit
ou: group
description: Groups in example

dn: ou=people,dc=home,dc=tst
objectClass: organizationalUnit
ou: people
description: People in example

Ezzel a parncsal hozzáadtam a az adatbázishoz:

slapadd -b "cn=manager,dc=home,dc=tst" -l in.ldif

hibaüzenetet nem irt ki.

A következő parancs pedig nem talál semmit:
srv:/etc/ldap# ldapsearch -x -b 'dc=home,dc=tst'

Ezt irja ki:

# extended LDIF
#
# LDAPv3
# base <dc=home,dc=tst> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

ha megpróbálom újra a :

slapadd -b "cn=manager,dc=home,dc=tst" -l in.ldif

parancsöot hibaüzenetet kapok hogy ez már létezik.

Mért van ez?
Másnak is ilyen furán viselkedik az LDAP?

a ldapsearch -ra ezt mondaj a slapd -d 1:

[code:1:afccd03fc4]
ldap_pvt_gethostbyname_a: host=srv, r=0
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ber_scanf fmt (m) ber:
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
do_bind
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 10
do_bind: v3 anonymous bind
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 37 contents:
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
ber_scanf fmt (m) ber:
ber_scanf fmt ({M}}) ber:
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=32
ber_flush: 14 bytes to sd 10
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_get_next
ber_get_next on fd 10 failed errno=0 (Success)
connection_read(10): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=10 for close
connection_close: deferring conn=0 sd=10
do_unbind
connection_resched: attempting closing conn=0 sd=10
connection_close: conn=0 sd=10

[/code:1:afccd03fc4]

Nem tudom ebbe mi a rendellenes még nem igazán vagyok gyakorlott az LDAP-ba.
akkor légyszi nézz rá, hátha neked feltűnik valami.

kösz

de nezzel ra az elöző hozzászólásomra is...

Bocs nem vettem észre amikor irtad szerintem én is gépeltem a hozzászólásom.

slapcat

EZ ezt irja ki (emlékeim szerinte ezeket adtam hozzá az adatbázishoz):

[code:1:9229876590]
srv:~# slapcat
dn: dc=home,dc=tst
objectClass: dcObject
objectClass: organization
objectClass: top
dc: home
description: The example corporation
o: Example Corporation Inc.
structuralObjectClass: organization
entryUUID: 36c390da-319a-1029-8fbb-e60c71570957
creatorsName: dc=manager,dc=home,dc=tst
modifiersName: dc=manager,dc=home,dc=tst
createTimestamp: 20050325165353Z
modifyTimestamp: 20050325165353Z
entryCSN: 2005032516:53:53Z#0x0001#0#0000

dn: ou=kerberos,dc=home,dc=tst
objectClass: organizationalUnit
ou: kerberos
description: Kerberos only principals
structuralObjectClass: organizationalUnit
entryUUID: 36c902e0-319a-1029-8fbc-e60c71570957
creatorsName: dc=manager,dc=home,dc=tst
modifiersName: dc=manager,dc=home,dc=tst
createTimestamp: 20050325165353Z
modifyTimestamp: 20050325165353Z
entryCSN: 2005032516:53:53Z#0x0002#0#0000

dn: ou=group,dc=home,dc=tst
objectClass: organizationalUnit
ou: group
description: Groups in example
structuralObjectClass: organizationalUnit
entryUUID: 36ca5d8e-319a-1029-8fbd-e60c71570957
creatorsName: dc=manager,dc=home,dc=tst
modifiersName: dc=manager,dc=home,dc=tst
createTimestamp: 20050325165353Z
modifyTimestamp: 20050325165353Z
entryCSN: 2005032516:53:53Z#0x0003#0#0000

dn: ou=people,dc=home,dc=tst
objectClass: organizationalUnit
ou: people
description: People in example
structuralObjectClass: organizationalUnit
entryUUID: 36cbcc46-319a-1029-8fbe-e60c71570957
creatorsName: dc=manager,dc=home,dc=tst
modifiersName: dc=manager,dc=home,dc=tst
createTimestamp: 20050325165353Z
modifyTimestamp: 20050325165353Z
entryCSN: 2005032516:53:53Z#0x0004#0#0000

dn: cn=root,ou=group,dc=home,dc=tst
objectClass: posixGroup
objectClass: top
cn: root
gidNumber: 0
structuralObjectClass: posixGroup
entryUUID: 36483738-319e-1029-8941-a774df774094
creatorsName: dc=manager,dc=home,dc=tst
modifiersName: dc=manager,dc=home,dc=tst
createTimestamp: 20050325172230Z
modifyTimestamp: 20050325172230Z
entryCSN: 2005032517:22:30Z#0x0001#0#0000
[/code:1:9229876590]

Mondj neki egy slapindex-et

Ugyanaz:

[code:1:d499e25c00]

srv:/etc/ldap# ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1
[/code:1:d499e25c00]

Közbe változtattam egy kicsit a slapd.conf-on, íme az új:

[code:1:fd7cfd8f33]

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/krb5-kdc.schema

schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd.args
loglevel 0
modulepath /usr/lib/ldap
moduleload back_bdb
backend bdb
database bdb
suffix "dc=home,dc=tst"
rootdn "cn=manager,dc=home,dc=tst"
rootpw {CLEANTEXT}szati
directory "/var/lib/ldap"

index default eq,pres
index objectClass eq
index cn,sn,givenname,mail eq,pres,sub
index uid,uidNumber,gidNumber
index memberUid
index krb5PrincipalName,krb5PrincipalRealm

access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
by self write
by users read
by anonymous auth
by * none

sasl_host srv.home.tst
sasl_realm HOME.TST

password-hash {CLEARTEXT}

[/code:1:fd7cfd8f33]