On Tuesday 22 March 2011 22:00:21 Johannes Geiss wrote:
Hi there,
I try to start an LDAP-service for managing by eMail-Addresses
centralised on my server. Unfortunately I constantly fail to start
slapd.
Are you trying to start is using the init-script?
I tried a lot of documentations I've found on the web, including
Gentoo's non-official doc at
http://www.gentoo.org/doc/en/ldap-howto.xml
as well as
http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html
but to no avail.
The daemon slapd only starts as root and connecting to it via
ldapadd -f stooges.ldif -xv -D cn=StoogeAdmin,o=stooges \
-h 127.0.0.1 -w secret1
always fails with
ldap_initialize( ldap://127.0.0.1 )
ldap_bind: Invalid credentials (49)
This indicates that the login-details are incorrect or not allowed to connect.
I suspect something is wrong with my backend database.
Is stooges.ldif the first LDIF you are trying to import? eg. is the backend
database still empty?
Has anybody installed and started OpenLDAP successfully on Gentoo?
I am interested in config files and which components/use flags are
involved.
I have and am happily using it.
I configured the database-part in the /etc/openldap/slapd.conf file:
**
###
# BDB database definitions
###
databasehdb
suffix dc=example,dc=org
checkpoint 32 30
# checkpoint: kbyte min
rootdn cn=Manager,dc=example,dc=org
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
password-hash {crypt}
rootpw IDONOTTHINKSO_:)
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/openldap-data
**
Also, when I restore a backup (or build a new one) I always first use slapadd
to initialize the openldap backend database prior to trying to start slapd:
1) /etc/init.d/slapd stop
2) rm /var/lib/openldap-data/*
3) slapadd -f backup-file.ldif
4) chown -R ldap:ldap /var/lib/openldap-data/
5) /etc/init.d/slapd start
Please adjust the paths and suffix/rootdn to match your installation.
HTH,
Joost Roeleveld
PS. step 4 is important as slapadd will create the files owned by current
user (root) and slapd will run as ldap which means slapd will not be able to
access without that step.