subject:"failed to start slapd can't create password \- please help."

Re: failed to start slapd can't create password - please help.

2010-06-20 Thread sam


Hi Gibson,

Thank you for your response.
How can I build Openldap with MD5 support?
Would the following make options work?

--enable-modules --enable-crypt

Thanks
Sam


Quanah Gibson-Mount wrote:

--On Sunday, June 20, 2010 11:20 AM +1000 sam s...@ip6.com.au wrote:


Hi,

With the following setup:

hometest:openldap # uname -a
FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1 FreeBSD
8.1-RC1 #0: Fri Jun 18
15:26:58 EST 2010
r...@hometest.ip6.com.au:/usr/
obj/usr/src/sys/mail.db.java.portal
i386
hometest:openldap # pkg_info | grep -i ldap
openldap-sasl-client-2.4.22 Open source LDAP client implementation
with SASL2 support
openldap-sasl-server-2.4.22 Open source LDAP server implementation
hometest:openldap # pkg_info | grep -i db
db46-4.6.21.4   The Berkeley DB package, revision 4.6
hometest:openldap # pkg_info | grep -i sasl
cyrus-sasl-2.1.23   RFC  SASL (Simple Authentication and Security
Layer)
cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
openldap-sasl-client-2.4.22 Open source LDAP client implementation
with SASL2 support
openldap-sasl-server-2.4.22 Open source LDAP server implementation

I can't create password for ldap:
hometest:openldap # slappasswd -h {MD5} -s password
Password generation failed for scheme MD5: scheme not recognized


It wasn't built with MD5 support.  If it is, it works:

[zim...@freelancer ~]$ /opt/zimbra/openldap/sbin/slappasswd -h {MD5} 
-s blah

{MD5}bx7QAqtVlYWQFOvwlRUi2Q==




hometest:rc.d # ./slapd start
Starting slapd.
./slapd: WARNING: failed to start slapd


Run slapd -d -1 to see why it failed to start.

--Quanah

Re: failed to start slapd can't create password - please help.

2010-06-20 Thread sam


Hi Gibson,

I just ave the password command working, but it failed at the the final 
step, please see below:


# slappasswd -h {MD5}
New password:
Re-enter new password:
Password generation failed for scheme MD5: scheme not recognized

What have I missed?

Thanks
Sam

Quanah Gibson-Mount wrote:

--On Sunday, June 20, 2010 11:20 AM +1000 sam s...@ip6.com.au wrote:


Hi,

With the following setup:

hometest:openldap # uname -a
FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1 FreeBSD
8.1-RC1 #0: Fri Jun 18
15:26:58 EST 2010
r...@hometest.ip6.com.au:/usr/
obj/usr/src/sys/mail.db.java.portal
i386
hometest:openldap # pkg_info | grep -i ldap
openldap-sasl-client-2.4.22 Open source LDAP client implementation
with SASL2 support
openldap-sasl-server-2.4.22 Open source LDAP server implementation
hometest:openldap # pkg_info | grep -i db
db46-4.6.21.4   The Berkeley DB package, revision 4.6
hometest:openldap # pkg_info | grep -i sasl
cyrus-sasl-2.1.23   RFC  SASL (Simple Authentication and Security
Layer)
cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
openldap-sasl-client-2.4.22 Open source LDAP client implementation
with SASL2 support
openldap-sasl-server-2.4.22 Open source LDAP server implementation

I can't create password for ldap:
hometest:openldap # slappasswd -h {MD5} -s password
Password generation failed for scheme MD5: scheme not recognized


It wasn't built with MD5 support.  If it is, it works:

[zim...@freelancer ~]$ /opt/zimbra/openldap/sbin/slappasswd -h {MD5} 
-s blah

{MD5}bx7QAqtVlYWQFOvwlRUi2Q==




hometest:rc.d # ./slapd start
Starting slapd.
./slapd: WARNING: failed to start slapd


Run slapd -d -1 to see why it failed to start.

--Quanah

Re: failed to start slapd can't create password - please help.

2010-06-20 Thread Howard Chu


sam wrote:

Hi Gibson,

Thank you for your response.
How can I build Openldap with MD5 support?
Would the following make options work?


Quanah's post leapt to a premature conclusion. You should first check to see 
if using quotes works {MD5} since curly brackets are special in most command 
shells.


And of course, you should pay attention to the docs since the slappasswd(8) 
manpage already warns you that quotes will probably be needed.



--enable-modules --enable-crypt

Thanks
Sam


Quanah Gibson-Mount wrote:

--On Sunday, June 20, 2010 11:20 AM +1000 sams...@ip6.com.au  wrote:


Hi,

With the following setup:

hometest:openldap # uname -a
FreeBSD hometest.ip6.com.auhttp://hometest.ip6.com.au  8.1-RC1 FreeBSD
8.1-RC1 #0: Fri Jun 18
15:26:58 EST 2010
r...@hometest.ip6.com.au:/usr/
obj/usr/src/sys/mail.db.java.portal
i386
hometest:openldap # pkg_info | grep -i ldap
openldap-sasl-client-2.4.22 Open source LDAP client implementation
with SASL2 support
openldap-sasl-server-2.4.22 Open source LDAP server implementation
hometest:openldap # pkg_info | grep -i db
db46-4.6.21.4   The Berkeley DB package, revision 4.6
hometest:openldap # pkg_info | grep -i sasl
cyrus-sasl-2.1.23   RFC  SASL (Simple Authentication and Security
Layer)
cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
openldap-sasl-client-2.4.22 Open source LDAP client implementation
with SASL2 support
openldap-sasl-server-2.4.22 Open source LDAP server implementation

I can't create password for ldap:
hometest:openldap # slappasswd -h {MD5} -s password
Password generation failed for scheme MD5: scheme not recognized


It wasn't built with MD5 support.  If it is, it works:

[zim...@freelancer ~]$ /opt/zimbra/openldap/sbin/slappasswd -h {MD5}
-s blah
{MD5}bx7QAqtVlYWQFOvwlRUi2Q==




hometest:rc.d # ./slapd start
Starting slapd.
./slapd: WARNING: failed to start slapd


Run slapd -d -1 to see why it failed to start.

--Quanah








--
  -- Howard Chu
  CTO, Symas Corp.   http://www.symas.com
  Director, Highland Sun http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Re: failed to start slapd can't create password - please help.

2010-06-20 Thread Zdenek Styblik

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/20/10 08:21, sam wrote:
 Hi Gibson,
 
 I just ave the password command working, but it failed at the the final
 step, please see below:
 
 # slappasswd -h {MD5}
 New password:
 Re-enter new password:
 Password generation failed for scheme MD5: scheme not recognized
 
 What have I missed?
 
 Thanks
 Sam
 

The very same thing as in the beginning. Your OpenLDAP/crypt is missing
MD5 (scheme) support.

The answer is probably here:
http://www.mail-archive.com/openldap-softw...@openldap.org/msg07304.html

Yes, --enable-crypt could/should do.

Please, don't top-post. It's quite ... annoying.

Regards,
Zdenek

- -- 
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: sty...@turnovfree.net
jabber: sty...@jabber.turnovfree.net

 Quanah Gibson-Mount wrote:
 --On Sunday, June 20, 2010 11:20 AM +1000 sam s...@ip6.com.au wrote:

 Hi,

 With the following setup:

 hometest:openldap # uname -a
 FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1 FreeBSD
 8.1-RC1 #0: Fri Jun 18
 15:26:58 EST 2010
 r...@hometest.ip6.com.au:/usr/
 obj/usr/src/sys/mail.db.java.portal
 i386
 hometest:openldap # pkg_info | grep -i ldap
 openldap-sasl-client-2.4.22 Open source LDAP client implementation
 with SASL2 support
 openldap-sasl-server-2.4.22 Open source LDAP server implementation
 hometest:openldap # pkg_info | grep -i db
 db46-4.6.21.4   The Berkeley DB package, revision 4.6
 hometest:openldap # pkg_info | grep -i sasl
 cyrus-sasl-2.1.23   RFC  SASL (Simple Authentication and Security
 Layer)
 cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
 openldap-sasl-client-2.4.22 Open source LDAP client implementation
 with SASL2 support
 openldap-sasl-server-2.4.22 Open source LDAP server implementation

 I can't create password for ldap:
 hometest:openldap # slappasswd -h {MD5} -s password
 Password generation failed for scheme MD5: scheme not recognized

 It wasn't built with MD5 support.  If it is, it works:

 [zim...@freelancer ~]$ /opt/zimbra/openldap/sbin/slappasswd -h {MD5}
 -s blah
 {MD5}bx7QAqtVlYWQFOvwlRUi2Q==



 hometest:rc.d # ./slapd start
 Starting slapd.
 ./slapd: WARNING: failed to start slapd

 Run slapd -d -1 to see why it failed to start.

 --Quanah


 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwdyBsACgkQ8MreUbSH7imStQCgux+MQE3J+UkU3oodcFj63LDi
9dYAnjk2QQerbYJWCIDMK16TRcdUJpO3
=4b4Q
-END PGP SIGNATURE-

Re: failed to start slapd can't create password - please help.

2010-06-20 Thread Michael Ströder

Zdenek Styblik wrote:
 On 06/20/10 08:21, sam wrote:
 # slappasswd -h {MD5}
 New password:
 Re-enter new password:
 Password generation failed for scheme MD5: scheme not recognized
 
 What have I missed?
 
 Yes, --enable-crypt could/should do.

AFAIK --enable-crypt is for using hashed password values generated by crypt(3)
(password scheme {CRYPT}). But {MD5} is a built-in password scheme. I've built
slapd with --enable-crypt=no and {MD5} still works for me (whereas {CRYPT}
does not then).

$ slappasswd -h {CRYPT} -s test
Password generation failed for scheme {CRYPT}: scheme not recognized
$ slappasswd -h {MD5} -s test
{MD5}CY9rzUYh03PK3k6DJie09g==

Maybe the shell is (partially) consuming the curly brackets {} for whatever
reason? It works without quotes for me using bash though.

Ciao, Michael.

Re: failed to start slapd can't create password - please help.

2010-06-20 Thread sam


Harry Jede wrote:

Am Sonntag, 20. Juni 2010 schrieb sam:
  

Hi,

With the following setup:

hometest:openldap # uname -a
FreeBSD hometest.ip6.com.au http://hometest.ip6.com.au 8.1-RC1
FreeBSD 8.1-RC1 #0: Fri Jun 18
15:26:58 EST 2010
r...@hometest.ip6.com.au:/usr/
obj/usr/src/sys/mail.db.java.portal
i386
hometest:openldap # pkg_info | grep -i ldap
openldap-sasl-client-2.4.22 Open source LDAP client implementation
with SASL2 support
openldap-sasl-server-2.4.22 Open source LDAP server implementation
hometest:openldap # pkg_info | grep -i db
db46-4.6.21.4   The Berkeley DB package, revision 4.6
hometest:openldap # pkg_info | grep -i sasl
cyrus-sasl-2.1.23   RFC  SASL (Simple Authentication and Security
Layer)
cyrus-sasl-saslauthd-2.1.23 SASL authentication server for
cyrus-sasl2 openldap-sasl-client-2.4.22 Open source LDAP client
implementation with SASL2 support
openldap-sasl-server-2.4.22 Open source LDAP server implementation

I can't create password for ldap:
hometest:openldap # slappasswd -h {MD5} -s password
Password generation failed for scheme MD5: scheme not recognized

and:

hometest:rc.d # ./slapd start
Starting slapd.
./slapd: WARNING: failed to start slapd

slapd.conf file is shown below:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema

#X.500 RFC1274 COSINE Pilot Schema
include /usr/local/etc/openldap/schema/cosine.schema
#For Addressbooks
include /usr/local/etc/openldap/schema/inetorgperson.schema
#For Authentication
include /usr/local/etc/openldap/schema/nis.schema

TLSCACertificateFile /usr/local/etc/ssl/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/ssl/portal.ip6.com.au.pem
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/private/cakey.pem
TLSCipherSuite HIGH


# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral   ldap://root.openldap.org http://root.openldap.org

pidfile /var/run/openldap/slapd.pid
argsfile/var/run/openldap/slapd.args

# Load dynamic backend modules:
modulepath  /usr/local/libexec/openldap
moduleload  back_bdb
#
## # BDB database definitions
#
##

databasebdb
suffix  dc=ip6,dc=com,dc=au
rootdn  cn=Manager,dc=ip6,dc=com,dc=au
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw  secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory   /var/db/openldap-data
# Indices to maintain
index   objectClass eq

Can anyone tell me how to start openldap and how to assign password
to it?


I do not know why your slapd is not starting.
Have you added some data to your database?
Who is the owner of /var/db/openldap-data?

  

Hi, thanks for the reply regarding to the problem of ldap is not starting.
I haven't added any data to the ldap database yet, because I had problem 
of creating ldap password before.

Should I add data to the ldap database before I can start ldap?

Thanks agian for your help
Sam


Most people do not want the md5-scheme, they need the md5 algo from 
crypt. Try this:


 slappasswd -c '$1$%.8s' -s secret
{CRYPT}$1$HlW67YUS$DNY2T6859V9xh8frUpbXJ/

Read the man pages of slappasswd and slapd.conf.

But pay attention, that slappasswd is NOT reading the config file 
slpad.conf. This is at least true for my quite old version of slapd in 
Debian Lenny (slapd 2.4.11) :-( .


 strace -e trace=file /usr/sbin/slappasswd -s secret 21 | grep 
slapd.conf


returns nothing



  

Your help is very much appreciated.

Thanks
Sam

-

Re: failed to start slapd can't create password - please help.

Re: failed to start slapd can't create password - please help.

Re: failed to start slapd can't create password - please help.

Re: failed to start slapd can't create password - please help.

Re: failed to start slapd can't create password - please help.

Re: failed to start slapd can't create password - please help.

6 matches

Site Navigation

Mail list logo

Footer information