OpenLDAP is actually pretty simple and the documentation is mature.
I migrated from RHEL 5 (OpenLDAP 2.3) to RHEL 6 (OpenLDAP 2.4) last year and
Here are my notes on installing and configuring OpenLDAP on RedHat 6 in 5 easy
steps.
Once it was up and running, it was easy to export from 2.3 and import to 2.4.
To make it easy, just run phpldapadmin.
1) yum install:
openldap
openldap-servers
openldap-clients
pam_ldap
nss-pam-ldapd
2) prep the directory
cd /etc/openldap
rm -rf slapd.d; mkdir slapd.d (to get a clean dir)
3) prep the files
copy /usr/share/openldap-servers/DB_CONFIG.example to /var/lib/ldap/DB_CONFIG
copy slapd.conf in to /etc/openldap (from previous version; or create
your own; must modify to work with what you are doing)
copy any schema needed in to /etc/openldap/schema
put the below text in to ldiffile.ldif
dn: dc=subdomain,dc=domain,dc=com
objectClass: dcObject
objectClass: organization
o: CompanyName
dc: subdomain
4) prep the database
run the slapadd command
slapadd -l ldiffile.ldif (this will create the database)
5) prep the configs
run the slaptest command to migrate slapd.conf
run 'slaptest -f slapd.conf -F slapd.d' and fix all the errors until
you get "config file testing succeeded"
NOTE:
Add the following to the end of slapd.conf so that you can log in to the config
DB.
The password was generated using slappasswd
database config
rootdn "cn=myuser,cn=config"
rootpw {SSHA}wpEZImnypu9bFjlmDXvujsajxoArUi3J
From: [email protected]
To: [email protected]
Date: Tue, 11 Feb 2014 10:46:35 -0500
CC: [email protected]
Subject: Re: [Ltb-users] Recommended version of BDB package --- Low
Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use
Only
The latest in the saga to install OpenLDAP.
I did not remove any packages this time.
I did wipe out all the of alock and
db.00* files.
I thought it was odd that I noticed
[today] that those files were all owned by root under the
/usr/local/openldap/var/openldap-data.
So, I decided for the first time ever while installing and configuring
OpenLDAP to switchuser (su - ldap) to ldap.
I also went back and wiped out the /usr/local/openldap/etc/openldap/slapd.d
directory.
Then I performed another slaptest with
the -v -u -f & -F options. The command completed
successfully (like it did for root).
Then after that completed successfully,
executed the command a second time, but dropped the -u switch. So
I ran the following command:
slaptest -v -f <path-to>/slap.conf
-F <path-to./slapd.d
--SUCCESS, again!
Then I executed the command to startup
slapd:
I exited as ldap; typed exit at the
shell prompt.
Then typed:
service slapd start
Amazing, I got it running again for
the first time in 2 weeks.
Now I need to go back and add my records
again.
Oh, I can't because the slapd.conf that
defined the cn=Manager for my domain, and the cn=admin for cn=config didn't
get recreated in the database after running the slaptest command.
I give up, no decent documentation.
A lot of people with tons of questions, but none that I am seeing,
but no real support. How does Open Source Software get adopted exactly?
I'm done.
Warron French, MBA,
SCSA
From:
Warron S French <[email protected]>
To:
Clément OUDOT <[email protected]>,
Cc:
"[email protected]"
<[email protected]>
Date:
02/11/2014 10:11 AM
Subject:
[WARNING: SPOOFED
E-MAIL--Non-Aerospace Sender] Re: [Ltb-users] Recommended version of BDB
package --- Low Sensitivity/Aerospace Internal Use Only
Sent by:
[email protected]
Low Sensitivity/Aerospace Internal Use
Only
Clément I did as you directed.
Command to test:
ldd /usr/local/openldap/libexec/slapd
My results show that libdb-4.6.so => /usr/local/berkeleydb/lib64/libdb-4.6.so
(and a hex-string).
Unfortunately, I do not have a backup as I only do/did have 2 records in
my DIT.
For learning purposes, does a package upgrade require me
to backup my DIT to and LDIF? Or is it just a precautionary measure
and in this case I needed it?
Also, is there anything else I can do, or what steps do you suggest I take
next?
Remove all packages? Deleted all directories? Then start all
over again?
Warron French, MBA, SCSA
From: Clément
OUDOT <[email protected]>
To: Warron
S French <[email protected]>,
Cc: "[email protected]"
<[email protected]>
Date: 02/11/2014
10:00 AM
Subject: Re:
Recommended version of BDB package --- Low Sensitivity/Aerospace Internal
Use Only
2014-02-11 14:36 GMT+01:00 Warron S French <[email protected]>:
Low Sensitivity/Aerospace Internal Use Only
After removing all LTB packages with rpm --erase (to include the
berkeleydb-ltb-4.6.21.NC-4.el6.patch4.x86_64
RPM) I still have a problem.
All of the new packages I used were:
openldap-ltb-2.4.39-2.el6.x86_64.rpm
openldap-ltb-check-password-1.1-8.el6.x86_64.rpm
openldap-ltb-contrib-overlays-2.4.39-2.el6.x86_64.rpm
openldap-ltb-debuginfo-2.4.39-2.el6.x86_64.rpm
openldap-ltb-mdb-utils-2.4.39-2.el6.x86_64.rpm
I installed these packages as opposed to updating||upgrading them.
After installing them and discovering that my original slapd.d was still
intact I used the following command to attempt to start up LDAP:
service slapd start
The following were the outputs:
slapd: [INFO] Using /etc/default/slapd for configuration
slapd: [INFO] Launching OpenLDAP configuration test...
slapd: [OK] OpenLDAP configuration test successful
slapd: [INFO] No db_recover done
slapd: [INFO] Launching OpenLDAP...
slapd: [OK] File descriptor limit set to 1024
52fa2547 @(#) $OpenLDAP: slapd 2.4.39 (Feb 10 2014 15:19:42) $
[email protected]:/home/clement/build/BUILD/openldap-2.4.39/servers/slapd
52fa2547 bdb(dc=lab,dc=aero,dc=org): Program version 4.6 doesn't match
environment version 4.7
52fa2548 bdb_db_open: database "dc=lab,dc=aero,dc=org" cannot
be opened, err -30972. Restore from backup!
52fa2548 bdb(dc=lab,dc=aero,dc=org): txn_checkpoint interface requires
an environment configured for the transaction subsystem
52fa2548 bdb_db_close: database "dc=lab,dc=aero,dc=org": txn_checkpoint
failed: Invalid argument (22).
52fa2548 backend_startup_one (type=bdb, suffix="dc=lab,dc=aero,dc=org"):
bi_db_open failed! (-30972)
52fa2548 bdb_db_close: database "dc=lab,dc=aero,dc=org": alock_close
failed
52fa2548 slapd stopped.
slapd: [ALERT] No PID file for OpenLDAP
How can I have a PID file before I start the daemon? This was the
same problem I had with the last revision of openldap-ltb packages.
This code appears to require berkeleydb-4.7. Is that correct?
If so, where do I get the appropriate RPM since the only berkeleydb package
available is 4.6.21?
Was I supposed to run the slaptest command again after modifying the slapd.conf
file again (or copying my other original back into place that I backed
up)? Or is there some other reason this is failing?
This is the last day I can mess with OpenLDAP, OpenLDAP-LTB or any other
revision or brand of OpenLDAP. Otherwise I have to make CentOS-6
machines use a Windows AD machine for authentication instead, because time
has become more pressing.
You can check that the newest packages are built for BDB 4.6 with this
command:
ldd /usr/local/openldap/libexec/slapd
Result on my VM is:
[root@localhost ~]# ldd /usr/local/openldap/libexec/slapd
linux-vdso.so.1 => (0x00007fff42dff000)
libdb-4.6.so
=> /usr/local/berkeleydb/lib64/libdb-4.6.so
(0x00007f7070f0f000)
libpthread.so.0 => /lib64/libpthread.so.0
(0x00007f7070cf2000)
libsasl2.so.2 => /usr/lib64/libsasl2.so.2
(0x00007f7070ad7000)
libssl.so.10 => /usr/lib64/libssl.so.10
(0x00007f707086c000)
libcrypto.so.10 => /usr/lib64/libcrypto.so.10
(0x00007f707048c000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f7070254000)
libresolv.so.2 => /lib64/libresolv.so.2
(0x00007f707003a000)
libltdl.so.7 => /usr/lib64/libltdl.so.7
(0x00007f706fe31000)
libc.so.6 => /lib64/libc.so.6 (0x00007f706fa9c000)
/lib64/ld-linux-x86-64.so.2 (0x00007f7071245000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f706f898000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2
(0x00007f706f654000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f706f36d000)
libcom_err.so.2 => /lib64/libcom_err.so.2
(0x00007f706f169000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3
(0x00007f706ef3d000)
libz.so.1 => /lib64/libz.so.1 (0x00007f706ed26000)
libfreebl3.so => /lib64/libfreebl3.so (0x00007f706eaaf000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0
(0x00007f706e8a3000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1
(0x00007f706e6a0000)
libselinux.so.1 => /lib64/libselinux.so.1
(0x00007f706e480000)
So your db must use BDB 4.6. If not you will have an error. Do you
have any LDIF backup of your data? If yes, remove all files from your
openldap-data
directory, and slapadd your LDIF (with /usr/local/openldap/sbin/slapadd)
Clément.
Low Sensitivity/Aerospace Internal Use
Only_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users
Low Sensitivity/Aerospace Internal Use Only
_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users
_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users
