Dear all,
i have configured openldap in freebsd. when i start slapd service. it show
message in /var/log/messenge
"Mar 25 16:11:45 ldap2 slapd[1268]: nss_ldap: could not search LDAP server -
Server is unavailable "
++++++++++++++++++++++++++++++
myldap.conf file is....
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
base dc=albiruni,dc=com
uri ldap://localhost/
rootbinddn cn=admin,dc=albiruni,dc=com
#bind_policy soft
ssl start_tls
TLS_REQCERT allow
pam_login_attribute uid
++++++++++++++++++++++++++++++++++++++++++++++++++++++ and slapd.conf file
is.........
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
Include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_bdb
# moduleload back_hdb
# moduleload back_ldap
# Sample security restrictions
security ssf=128
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /usr/local/etc/openldap/ssl/server.pem
TLSCertificateFile /usr/local/etc/openldap/ssl/server.pem
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/server.pem
# Sample access control policy:
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=albiruni,dc=com" write
by self write
by anonymous auth
by * none
access to *
by dn="cn=admin,dc=albiruni,dc=com" write
by * read
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=albiruni,dc=com"
rootdn "cn=admin,dc=albiruni,dc=com"
rootpw {SSHA}lEYNuRTP9WHC6Byciv6v+rokRKngLxx0
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/db/openldap-data
# Indices to maintain
index objectClass eq
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber,memberUid,uniqueMember eq
index default sub
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
nsswitch.conf is
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.6.1 2010/12/21 17:09:25 kensmith Ex
p $
#
group: files cache ldap
passwd: files cache ldap
sudoers: files cache ldap
#group: compat
#group_compat: nis
hosts: files dns
networks: files
#passwd: compat
#passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
~
++++++++++++++++++++++++++++++++++++++++++++ /etc/pam.d/sshd is
# PAM configuration for the "sshd" service
# auth
auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_p
ass
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass
# account
account required /usr/local/lib/pam_ldap.so
ignore_authinfo_unavail ignore_unknown_user
account required pam_nologin.so
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
session required /usr/local/lib/pam_mkhomedir.so debug mode=0755
skel=/usr/local/share/skel
#session optional pam_ssh.so
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ /etc/pam.d/system is
# $FreeBSD: src/etc/pam.d/system,v 1.1.32.1.6.1 2010/12/21 17:09:25 kensmith Exp
$
#
# System-wide defaults
#
# auth
auth sufficient /usr/local/lib/pam_ldap.so no_warn
try_first_pass
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass
nullok
# account
account required /usr/local/lib/pam_ldap.so
ignore_authinfo_unavail ignore_unknown_user
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
session required /usr/local/lib/pam_mkhomedir.so debug umask=0077
skel=/usr/local/share/skel
session optional pam_ssh.so
session required pam_lastlog.so no_fail
# password
password sufficient /usr/local/lib/pam_ldap.so use_authok
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass
+++++++++++++++++++++++++++++++++++++++++++++ and /etc/rc.conf
# -- sysinstall generated deltas -- # Thu Mar 24 21:15:28 2011
# Created: Thu Mar 24 21:15:28 2011
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="10.1.1.1"
hostname="ldap2.albiruni.com"
ifconfig_em0="inet 10.1.1.7 netmask 255.255.255.0"
keymap="us.iso"
sshd_enable="YES"
natd_enable="YES"
slapd_enable="YES"
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/
ldaps://0.0.0.0/"'
slapd_sockets="/var/run/openldap/ldapi"
+++++++++++++++++++++++++++++++++++++
please guide me what should i do for available ldap server.
[Non-text portions of this message have been removed]
No comments:
Post a Comment