Hi!
The problem was permission.
I know it is not indicated, but I decided to stop the service and edit the
file to add the permission. I did not know how to solve it otherwise,
follow what i did...
Replaced the line below in "olcDatabase={0}config.ldif":
olcAccess: {0}to * by * none
For:
olcAccess: {0}to * by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by
* break
olcAccess: {1}to * by * none
For the RootDN password, i did...
cat > /root/change-password.ldif << EOF
dn: olcDatabase={1}bdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}8U62/+KIChkjd0+1NyIgBYBEL8TvMrh/
EOF
ldapadd -Y EXTERNAL -H ldapi:/// -f /root/change-password.ldif
Thanks for the help Dieter and Clément!
--
João
2017-08-16 17:48 GMT-03:00 Dieter Klünter <[email protected]>:
> Am Wed, 16 Aug 2017 14:43:28 -0300
> schrieb playerum <[email protected]>:
>
> > All right, now I have the files below in the directory
> > "/usr/local/openldap/etc/openldap/slapd.d/cn=config"
> > drwxr-x--- 2 ldap ldap 4096 Ago 16 13:53 cn=schema
> > -rw------- 1 ldap ldap 85100 Ago 16 13:53 cn=schema.ldif
> > -rw------- 1 ldap ldap 584 Ago 16 13:53 olcDatabase={0}config.ldif
> > drwxr-x--- 2 ldap ldap 4096 Ago 16 13:53 olcDatabase={1}bdb
> > -rw------- 1 ldap ldap 2907 Ago 16 13:53 olcDatabase={1}bdb.ldif
> > -rw------- 1 ldap ldap 810 Ago 16 13:53
> > olcDatabase={-1}frontend.ldif -rw------- 1 ldap ldap 617 Ago 16
> > 13:53 olcDatabase={2}monitor.ldif
> >
> >
> > I saw that "olcDatabase={1}bdb.ldif" has the "olcRootDN" and
> > "olcRootPW", but the comand do not work.
> >
> > ldapsearch -Y EXTERNAL -H ldapi:/// -b olcDatabase={1}bdb,cn=config
> > -s sub "(objectClass=olcDatabaseConfig)" olcRootDN olcRootPW
> >
> > SASL/EXTERNAL authentication started
> > SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> > SASL SSF: 0
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <olcDatabase={1}bdb,cn=config> with scope subtree
> > # filter: (objectClass=olcDatabaseConfig)
> > # requesting: olcRootDN olcRootPW
> > #
> >
> > # search result
> > search: 2
> > result: 32 No such object
> >
> > # numResponses: 1
> [...]
>
> This sounds like an access control problem. You MUST act as root, that
> is you must be uid=0 and gid=0, check this with 'id', and check
> cn=config.ldif whether there is an attribute value of:
>
> olcAuthzRegexp:
> {0}"gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth "
> "cn=config"
>
> -Dieter
>
> --
> Dieter Klünter | Systemberatung
> https://sys4.de
> GPG Key ID:DA147B05
> 53°37'09,95"N
> 10°08'02,42"E
> _______________________________________________
> ltb-users mailing list
> [email protected]
> https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-users
>
_______________________________________________
ltb-users mailing list
[email protected]
https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-users
