Re: failed to start slapd can't create password - please help.
Hi Gibson, Thank you for your response. How can I build Openldap with MD5 support? Would the following make options work? --enable-modules --enable-crypt Thanks Sam Quanah Gibson-Mount wrote: --On Sunday, June 20, 2010 11:20 AM +1000 sam s...@ip6.com.au wrote: Hi, With the following setup: hometest:openldap # uname -a FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 r...@hometest.ip6.com.au:/usr/ obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i sasl cyrus-sasl-2.1.23 RFC SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation I can't create password for ldap: hometest:openldap # slappasswd -h {MD5} -s password Password generation failed for scheme MD5: scheme not recognized It wasn't built with MD5 support. If it is, it works: [zim...@freelancer ~]$ /opt/zimbra/openldap/sbin/slappasswd -h {MD5} -s blah {MD5}bx7QAqtVlYWQFOvwlRUi2Q== hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd Run slapd -d -1 to see why it failed to start. --Quanah
Re: failed to start slapd can't create password - please help.
Hi Gibson, I just ave the password command working, but it failed at the the final step, please see below: # slappasswd -h {MD5} New password: Re-enter new password: Password generation failed for scheme MD5: scheme not recognized What have I missed? Thanks Sam Quanah Gibson-Mount wrote: --On Sunday, June 20, 2010 11:20 AM +1000 sam s...@ip6.com.au wrote: Hi, With the following setup: hometest:openldap # uname -a FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 r...@hometest.ip6.com.au:/usr/ obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i sasl cyrus-sasl-2.1.23 RFC SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation I can't create password for ldap: hometest:openldap # slappasswd -h {MD5} -s password Password generation failed for scheme MD5: scheme not recognized It wasn't built with MD5 support. If it is, it works: [zim...@freelancer ~]$ /opt/zimbra/openldap/sbin/slappasswd -h {MD5} -s blah {MD5}bx7QAqtVlYWQFOvwlRUi2Q== hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd Run slapd -d -1 to see why it failed to start. --Quanah
Re: failed to start slapd can't create password - please help.
sam wrote: Hi Gibson, Thank you for your response. How can I build Openldap with MD5 support? Would the following make options work? Quanah's post leapt to a premature conclusion. You should first check to see if using quotes works {MD5} since curly brackets are special in most command shells. And of course, you should pay attention to the docs since the slappasswd(8) manpage already warns you that quotes will probably be needed. --enable-modules --enable-crypt Thanks Sam Quanah Gibson-Mount wrote: --On Sunday, June 20, 2010 11:20 AM +1000 sams...@ip6.com.au wrote: Hi, With the following setup: hometest:openldap # uname -a FreeBSD hometest.ip6.com.auhttp://hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 r...@hometest.ip6.com.au:/usr/ obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i sasl cyrus-sasl-2.1.23 RFC SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation I can't create password for ldap: hometest:openldap # slappasswd -h {MD5} -s password Password generation failed for scheme MD5: scheme not recognized It wasn't built with MD5 support. If it is, it works: [zim...@freelancer ~]$ /opt/zimbra/openldap/sbin/slappasswd -h {MD5} -s blah {MD5}bx7QAqtVlYWQFOvwlRUi2Q== hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd Run slapd -d -1 to see why it failed to start. --Quanah -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Re: failed to start slapd can't create password - please help.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/20/10 08:21, sam wrote: Hi Gibson, I just ave the password command working, but it failed at the the final step, please see below: # slappasswd -h {MD5} New password: Re-enter new password: Password generation failed for scheme MD5: scheme not recognized What have I missed? Thanks Sam The very same thing as in the beginning. Your OpenLDAP/crypt is missing MD5 (scheme) support. The answer is probably here: http://www.mail-archive.com/openldap-softw...@openldap.org/msg07304.html Yes, --enable-crypt could/should do. Please, don't top-post. It's quite ... annoying. Regards, Zdenek - -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: sty...@turnovfree.net jabber: sty...@jabber.turnovfree.net Quanah Gibson-Mount wrote: --On Sunday, June 20, 2010 11:20 AM +1000 sam s...@ip6.com.au wrote: Hi, With the following setup: hometest:openldap # uname -a FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 r...@hometest.ip6.com.au:/usr/ obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i sasl cyrus-sasl-2.1.23 RFC SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation I can't create password for ldap: hometest:openldap # slappasswd -h {MD5} -s password Password generation failed for scheme MD5: scheme not recognized It wasn't built with MD5 support. If it is, it works: [zim...@freelancer ~]$ /opt/zimbra/openldap/sbin/slappasswd -h {MD5} -s blah {MD5}bx7QAqtVlYWQFOvwlRUi2Q== hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd Run slapd -d -1 to see why it failed to start. --Quanah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwdyBsACgkQ8MreUbSH7imStQCgux+MQE3J+UkU3oodcFj63LDi 9dYAnjk2QQerbYJWCIDMK16TRcdUJpO3 =4b4Q -END PGP SIGNATURE-
Re: failed to start slapd can't create password - please help.
Zdenek Styblik wrote: On 06/20/10 08:21, sam wrote: # slappasswd -h {MD5} New password: Re-enter new password: Password generation failed for scheme MD5: scheme not recognized What have I missed? Yes, --enable-crypt could/should do. AFAIK --enable-crypt is for using hashed password values generated by crypt(3) (password scheme {CRYPT}). But {MD5} is a built-in password scheme. I've built slapd with --enable-crypt=no and {MD5} still works for me (whereas {CRYPT} does not then). $ slappasswd -h {CRYPT} -s test Password generation failed for scheme {CRYPT}: scheme not recognized $ slappasswd -h {MD5} -s test {MD5}CY9rzUYh03PK3k6DJie09g== Maybe the shell is (partially) consuming the curly brackets {} for whatever reason? It works without quotes for me using bash though. Ciao, Michael.
Re: failed to start slapd can't create password - please help.
Harry Jede wrote: Am Sonntag, 20. Juni 2010 schrieb sam: Hi, With the following setup: hometest:openldap # uname -a FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1 FreeBSD 8.1-RC1 #0: Fri Jun 18 15:26:58 EST 2010 r...@hometest.ip6.com.au:/usr/ obj/usr/src/sys/mail.db.java.portal i386 hometest:openldap # pkg_info | grep -i ldap openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation hometest:openldap # pkg_info | grep -i db db46-4.6.21.4 The Berkeley DB package, revision 4.6 hometest:openldap # pkg_info | grep -i sasl cyrus-sasl-2.1.23 RFC SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.22 Open source LDAP server implementation I can't create password for ldap: hometest:openldap # slappasswd -h {MD5} -s password Password generation failed for scheme MD5: scheme not recognized and: hometest:rc.d # ./slapd start Starting slapd. ./slapd: WARNING: failed to start slapd slapd.conf file is shown below: # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema #X.500 RFC1274 COSINE Pilot Schema include /usr/local/etc/openldap/schema/cosine.schema #For Addressbooks include /usr/local/etc/openldap/schema/inetorgperson.schema #For Authentication include /usr/local/etc/openldap/schema/nis.schema TLSCACertificateFile /usr/local/etc/ssl/cacert.pem TLSCertificateFile /usr/local/etc/openldap/ssl/portal.ip6.com.au.pem TLSCertificateKeyFile /usr/local/etc/openldap/ssl/private/cakey.pem TLSCipherSuite HIGH # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org http://root.openldap.org pidfile /var/run/openldap/slapd.pid argsfile/var/run/openldap/slapd.args # Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb # ## # BDB database definitions # ## databasebdb suffix dc=ip6,dc=com,dc=au rootdn cn=Manager,dc=ip6,dc=com,dc=au # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/db/openldap-data # Indices to maintain index objectClass eq Can anyone tell me how to start openldap and how to assign password to it? I do not know why your slapd is not starting. Have you added some data to your database? Who is the owner of /var/db/openldap-data? Hi, thanks for the reply regarding to the problem of ldap is not starting. I haven't added any data to the ldap database yet, because I had problem of creating ldap password before. Should I add data to the ldap database before I can start ldap? Thanks agian for your help Sam Most people do not want the md5-scheme, they need the md5 algo from crypt. Try this: slappasswd -c '$1$%.8s' -s secret {CRYPT}$1$HlW67YUS$DNY2T6859V9xh8frUpbXJ/ Read the man pages of slappasswd and slapd.conf. But pay attention, that slappasswd is NOT reading the config file slpad.conf. This is at least true for my quite old version of slapd in Debian Lenny (slapd 2.4.11) :-( . strace -e trace=file /usr/sbin/slappasswd -s secret 21 | grep slapd.conf returns nothing Your help is very much appreciated. Thanks Sam -