Friday, March 25, 2011

[LINUX_Newbies] help me in openldap server (freebsd)

 

Dear all,

i have configured openldap in freebsd. when i start slapd service. it show
message in /var/log/messenge

"Mar 25 16:11:45 ldap2 slapd[1268]: nss_ldap: could not search LDAP server -
Server is unavailable "

++++++++++++++++++++++++++++++
myldap.conf file is....

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
base dc=albiruni,dc=com
uri ldap://localhost/
rootbinddn cn=admin,dc=albiruni,dc=com
#bind_policy soft
ssl start_tls
TLS_REQCERT allow
pam_login_attribute uid

++++++++++++++++++++++++++++++++++++++++++++++++++++++ and slapd.conf file
is.........

# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
Include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_bdb
# moduleload back_hdb
# moduleload back_ldap

# Sample security restrictions
security ssf=128
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /usr/local/etc/openldap/ssl/server.pem
TLSCertificateFile /usr/local/etc/openldap/ssl/server.pem
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/server.pem

# Sample access control policy:
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=albiruni,dc=com" write
by self write
by anonymous auth
by * none
access to *
by dn="cn=admin,dc=albiruni,dc=com" write
by * read

# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

database bdb
suffix "dc=albiruni,dc=com"
rootdn "cn=admin,dc=albiruni,dc=com"
rootpw {SSHA}lEYNuRTP9WHC6Byciv6v+rokRKngLxx0
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/db/openldap-data

# Indices to maintain
index objectClass eq
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber,memberUid,uniqueMember eq
index default sub

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
nsswitch.conf is

# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.6.1 2010/12/21 17:09:25 kensmith Ex
p $
#

group: files cache ldap
passwd: files cache ldap
sudoers: files cache ldap

#group: compat
#group_compat: nis
hosts: files dns
networks: files
#passwd: compat
#passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
~
++++++++++++++++++++++++++++++++++++++++++++ /etc/pam.d/sshd is
# PAM configuration for the "sshd" service

# auth
auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_p
ass
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass

# account
account required /usr/local/lib/pam_ldap.so
ignore_authinfo_unavail ignore_unknown_user
account required pam_nologin.so
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so

# session
session required /usr/local/lib/pam_mkhomedir.so debug mode=0755
skel=/usr/local/share/skel
#session optional pam_ssh.so
session required pam_permit.so

# password
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ /etc/pam.d/system is

# $FreeBSD: src/etc/pam.d/system,v 1.1.32.1.6.1 2010/12/21 17:09:25 kensmith Exp
$
#
# System-wide defaults
#

# auth
auth sufficient /usr/local/lib/pam_ldap.so no_warn
try_first_pass
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass
nullok

# account
account required /usr/local/lib/pam_ldap.so
ignore_authinfo_unavail ignore_unknown_user
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so

# session
session required /usr/local/lib/pam_mkhomedir.so debug umask=0077
skel=/usr/local/share/skel
session optional pam_ssh.so
session required pam_lastlog.so no_fail

# password
password sufficient /usr/local/lib/pam_ldap.so use_authok
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass

+++++++++++++++++++++++++++++++++++++++++++++ and /etc/rc.conf
# -- sysinstall generated deltas -- # Thu Mar 24 21:15:28 2011
# Created: Thu Mar 24 21:15:28 2011
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="10.1.1.1"
hostname="ldap2.albiruni.com"
ifconfig_em0="inet 10.1.1.7 netmask 255.255.255.0"
keymap="us.iso"
sshd_enable="YES"
natd_enable="YES"

slapd_enable="YES"
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/
ldaps://0.0.0.0/"'
slapd_sockets="/var/run/openldap/ldapi"

+++++++++++++++++++++++++++++++++++++

please guide me what should i do for available ldap server.

[Non-text portions of this message have been removed]

__._,_.___
Recent Activity:
To unsubscribe from this list, please email LINUX_Newbies-unsubscribe@yahoogroups.com & you will be removed.
.

__,_._,___

No comments:

Post a Comment