Openldap problem

Darryl Hoar darryl at osborne-ind.com
Thu May 18 13:03:00 PDT 2006 

Greetings,
I have Freebsd 6.0-release and configured on my machine.
I need to install and have running openldap on this machine.

here is what I have done:

1. cd /usr/ports/net/openldap22-server
    mailman#  make
    mailman#  make install.

2. Added the following lines to /etc/rc.conf
   slapd_enable="YES"
   slapd_flags='-h "ldapi://var/run/openldap/ldapi/ ldap://0.0.0.0/"'
   slapd_sockets="/var/run/openldap/ldapi"

rebooted, and the system came up fine.  Unfortunately, it does not
start slapd.   Went into /usr/local/etc/rc.d and did a ./slapd start.

following the article at Onlamp.com to create an address book.
my slapd.conf is:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include        /usr/local/etc/openldap/schema/inetorgperson.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

# Load dynamic backend modules:
modulepath      /usr/local/libexec/openldap
moduleload      back_bdb
# moduleload    back_ldap
# moduleload    back_ldbm
# moduleload    back_passwd
# moduleload    back_shell

# Sample security restrictions
#       Require integrity protection (prevent hijacking)
#       Require 112-bit (3DES or better) encryption for updates
#       Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#       Root DSE: allow anyone to read it
#       Subschema (sub)entry DSE: allow anyone to read it
#       Other DSEs:
#               Allow self write access
#               Allow authenticated users read access
#               Allow anonymous users to authenticate
#       Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#       by self write
#       by users read
#       by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

database        bdb
suffix          "dc=osborneinternal, dc=com"
rootdn          "cn=Manager, dc=osborneinternal, dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/db/openldap-data
# Indices to maintain
index   objectClass     eq


when I try to do a :

mailman# ldapadd -D 'dc=osborneinternal, dc=com' -f directory.ldif -W
the system prompts
Enter LDAP Password:
I type in my password exactly as it is in the slapd.conf.  So in the above
slapd.conf it would be the password "secret" without quotes.  No, its not
really the word
secret, and yes its internal so its intended to be a clear text password.

The system replies with :
ldap_bind: Invalid credentials

how the heck do I get this to work ?

thanks for any pointers, tips, etc.  And sorry for the length.

-Darryl

More information about the freebsd-questions mailing list