Low Sensitivity/Aerospace Internal Use Only
I did all that before, but still couldn't get the olcTLSxxx variables into
slapd-config.
I don't know if the Assertion I was running up against was preventing me,
and so I am at the mercy of openldap.org to update to 2.4.40 since I
posted the ITS the day before 2.4.39 came out or not.
I cannot rely on this software if I have to wait 1 month for a critical
component (to me albeit) to be updated. It's like saying you can have the
Lamborghini, but the engine that you paid for, won't be ready for 6
months.
I am trying to prove the concept to myself and document what I need to do
to reproduce this concept for a business need.
Thank you for the input Gou Yang,
Warron French, MBA, SCSA
From: Gou Yang <[email protected]>
To: Warron S French <[email protected]>,
Cc: "[email protected]"
<[email protected]>
Date: 02/11/2014 09:07 PM
Subject: RE: [Ltb-users] Recommended version of BDB package --- Low
Sensitivity/Aerospace Internal Use Only
OpenLDAP is actually pretty simple and the documentation is mature.
I migrated from RHEL 5 (OpenLDAP 2.3) to RHEL 6 (OpenLDAP 2.4) last year
and
Here are my notes on installing and configuring OpenLDAP on RedHat 6 in 5
easy steps.
Once it was up and running, it was easy to export from 2.3 and import to
2.4. To make it easy, just run phpldapadmin.
1) yum install:
openldap
openldap-servers
openldap-clients
pam_ldap
nss-pam-ldapd
2) prep the directory
cd /etc/openldap
rm -rf slapd.d; mkdir slapd.d (to get a clean dir)
3) prep the files
copy /usr/share/openldap-servers/DB_CONFIG.example to
/var/lib/ldap/DB_CONFIG
copy slapd.conf in to /etc/openldap (from previous version; or create
your own; must modify to work with what you are doing)
copy any schema needed in to /etc/openldap/schema
put the below text in to ldiffile.ldif
dn: dc=subdomain,dc=domain,dc=com
objectClass: dcObject
objectClass: organization
o: CompanyName
dc: subdomain
4) prep the database
run the slapadd command
slapadd -l ldiffile.ldif (this will create the database)
5) prep the configs
run the slaptest command to migrate slapd.conf
run 'slaptest -f slapd.conf -F slapd.d' and fix all the errors until
you get "config file testing succeeded"
NOTE:
Add the following to the end of slapd.conf so that you can log in to the
config DB.
The password was generated using slappasswd
database config
rootdn "cn=myuser,cn=config"
rootpw {SSHA}wpEZImnypu9bFjlmDXvujsajxoArUi3J
From: [email protected]
To: [email protected]
Date: Tue, 11 Feb 2014 10:46:35 -0500
CC: [email protected]
Subject: Re: [Ltb-users] Recommended version of BDB package --- Low
Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
The latest in the saga to install OpenLDAP.
I did not remove any packages this time.
I did wipe out all the of alock and db.00* files.
I thought it was odd that I noticed [today] that those files were all
owned by root under the /usr/local/openldap/var/openldap-data. So, I
decided for the first time ever while installing and configuring OpenLDAP
to switchuser (su - ldap) to ldap.
I also went back and wiped out the
/usr/local/openldap/etc/openldap/slapd.d directory.
Then I performed another slaptest with the -v -u -f & -F options. The
command completed successfully (like it did for root).
Then after that completed successfully, executed the command a second
time, but dropped the -u switch. So I ran the following command:
slaptest -v -f <path-to>/slap.conf -F <path-to./slapd.d --SUCCESS,
again!
Then I executed the command to startup slapd:
I exited as ldap; typed exit at the shell prompt.
Then typed: service slapd start
Amazing, I got it running again for the first time in 2 weeks.
Now I need to go back and add my records again.
Oh, I can't because the slapd.conf that defined the cn=Manager for my
domain, and the cn=admin for cn=config didn't get recreated in the
database after running the slaptest command.
I give up, no decent documentation. A lot of people with tons of
questions, but none that I am seeing, but no real support. How does Open
Source Software get adopted exactly?
I'm done.
Warron French, MBA, SCSA
From: Warron S French <[email protected]>
To: Clément OUDOT <[email protected]>,
Cc: "[email protected]"
<[email protected]>
Date: 02/11/2014 10:11 AM
Subject: [WARNING: SPOOFED E-MAIL--Non-Aerospace Sender] Re:
[Ltb-users] Recommended version of BDB package --- Low
Sensitivity/Aerospace Internal Use Only
Sent by: [email protected]
Low Sensitivity/Aerospace Internal Use Only
Clément I did as you directed.
Command to test:
ldd /usr/local/openldap/libexec/slapd
My results show that libdb-4.6.so =>
/usr/local/berkeleydb/lib64/libdb-4.6.so (and a hex-string).
Unfortunately, I do not have a backup as I only do/did have 2 records in
my DIT.
For learning purposes, does a package upgrade require me to backup my DIT
to and LDIF? Or is it just a precautionary measure and in this case I
needed it?
Also, is there anything else I can do, or what steps do you suggest I take
next?
Remove all packages? Deleted all directories? Then start all over again?
Warron French, MBA, SCSA
From: Clément OUDOT <[email protected]>
To: Warron S French <[email protected]>,
Cc: "[email protected]"
<[email protected]>
Date: 02/11/2014 10:00 AM
Subject: Re: Recommended version of BDB package --- Low
Sensitivity/Aerospace Internal Use Only
2014-02-11 14:36 GMT+01:00 Warron S French <[email protected]>:
Low Sensitivity/Aerospace Internal Use Only
After removing all LTB packages with rpm --erase (to include the
berkeleydb-ltb-4.6.21.NC-4.el6.patch4.x86_64 RPM) I still have a problem.
All of the new packages I used were:
openldap-ltb-2.4.39-2.el6.x86_64.rpm
openldap-ltb-check-password-1.1-8.el6.x86_64.rpm
openldap-ltb-contrib-overlays-2.4.39-2.el6.x86_64.rpm
openldap-ltb-debuginfo-2.4.39-2.el6.x86_64.rpm
openldap-ltb-mdb-utils-2.4.39-2.el6.x86_64.rpm
I installed these packages as opposed to updating||upgrading them.
After installing them and discovering that my original slapd.d was still
intact I used the following command to attempt to start up LDAP:
service slapd start
The following were the outputs:
slapd: [INFO] Using /etc/default/slapd for configuration
slapd: [INFO] Launching OpenLDAP configuration test...
slapd: [OK] OpenLDAP configuration test successful
slapd: [INFO] No db_recover done
slapd: [INFO] Launching OpenLDAP...
slapd: [OK] File descriptor limit set to 1024
52fa2547 @(#) $OpenLDAP: slapd 2.4.39 (Feb 10 2014 15:19:42) $
[email protected]:/home/clement/build/BUILD/openldap-2.4.39/servers/slapd
52fa2547 bdb(dc=lab,dc=aero,dc=org): Program version 4.6 doesn't match
environment version 4.7
52fa2548 bdb_db_open: database "dc=lab,dc=aero,dc=org" cannot be opened,
err -30972. Restore from backup!
52fa2548 bdb(dc=lab,dc=aero,dc=org): txn_checkpoint interface requires an
environment configured for the transaction subsystem
52fa2548 bdb_db_close: database "dc=lab,dc=aero,dc=org": txn_checkpoint
failed: Invalid argument (22).
52fa2548 backend_startup_one (type=bdb, suffix="dc=lab,dc=aero,dc=org"):
bi_db_open failed! (-30972)
52fa2548 bdb_db_close: database "dc=lab,dc=aero,dc=org": alock_close
failed
52fa2548 slapd stopped.
slapd: [ALERT] No PID file for OpenLDAP
How can I have a PID file before I start the daemon? This was the same
problem I had with the last revision of openldap-ltb packages.
This code appears to require berkeleydb-4.7. Is that correct?
If so, where do I get the appropriate RPM since the only berkeleydb
package available is 4.6.21?
Was I supposed to run the slaptest command again after modifying the
slapd.conf file again (or copying my other original back into place that I
backed up)? Or is there some other reason this is failing?
This is the last day I can mess with OpenLDAP, OpenLDAP-LTB or any other
revision or brand of OpenLDAP. Otherwise I have to make CentOS-6 machines
use a Windows AD machine for authentication instead, because time has
become more pressing.
You can check that the newest packages are built for BDB 4.6 with this
command:
ldd /usr/local/openldap/libexec/slapd
Result on my VM is:
[root@localhost ~]# ldd /usr/local/openldap/libexec/slapd
linux-vdso.so.1 => (0x00007fff42dff000)
libdb-4.6.so => /usr/local/berkeleydb/lib64/libdb-4.6.so
(0x00007f7070f0f000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f7070cf2000)
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f7070ad7000)
libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f707086c000)
libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f707048c000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f7070254000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f707003a000)
libltdl.so.7 => /usr/lib64/libltdl.so.7 (0x00007f706fe31000)
libc.so.6 => /lib64/libc.so.6 (0x00007f706fa9c000)
/lib64/ld-linux-x86-64.so.2 (0x00007f7071245000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f706f898000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2
(0x00007f706f654000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f706f36d000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f706f169000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f706ef3d000)
libz.so.1 => /lib64/libz.so.1 (0x00007f706ed26000)
libfreebl3.so => /lib64/libfreebl3.so (0x00007f706eaaf000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0
(0x00007f706e8a3000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f706e6a0000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f706e480000)
So your db must use BDB 4.6. If not you will have an error. Do you have
any LDIF backup of your data? If yes, remove all files from your
openldap-data directory, and slapadd your LDIF (with
/usr/local/openldap/sbin/slapadd)
Clément.
Low Sensitivity/Aerospace Internal Use Only
_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users
Low Sensitivity/Aerospace Internal Use Only
_______________________________________________ ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users
Low Sensitivity/Aerospace Internal Use Only_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users
