I'm trying to follow this tutorial to setup a basic LDAD server (OpenLDAP) for cleint authentication, but I am stuck on the step where I add the back-end configuration.
I've created my backend.ldif file as specified, and I'm attempting to add it with:
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif
But I get:
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
additional info: <olcModuleLoad> handler exited with 1
The full LDIF is:
#Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb
# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=mydomain,dc=us
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=mydomain,dc=us
olcRootPW: dmx512
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn="cn=admin,dc=mydomain,dc=us" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=mydomain,dc=us" write by * read
Any suggestions on how to troubleshoot? I know nothing about LDAP servers this is my first.
UPDATE:
I have started over with a brand new install of 11.04 Server.
I have done the following:
hostname ldap.mycompany.com
nano /etc/hosts (set to ldap.mycompany.com)
nano /etc/hostname (set to ldap.mycompany.com)
sudo apt-get install slapd ldap-utils
I try to load the first schema:
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
I get:
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
additional info: olcAttributeTypes: Duplicate attributeType: "0.9.2342.19200300.100.1.2"
I tried the command that was suggested below:
root@ldap:~# cat /etc/ldap/slapd.d/cn\=config/cn\=module\{0\}.ldif
dn: cn=module{0}
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
structuralObjectClass: olcModuleList
entryUUID: 3bedbe64-e4b2-1030-832a-17900c7b3644
creatorsName: cn=config
createTimestamp: 20120206020131Z
entryCSN: 20120206020131.785958Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120206020131Z
But its not complining about a module this time, its complaining about a "Duplicate attributeType".
So I need a command that says "show loaded attribute types" to see if "cosine" is in the list already?
OK, I'm going o assume that:
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
are unnecessary since they all products the same error.
So I moved on to adding ~/backend.ldif. I removed the load modeule lines from the top, since the module seems to be loaded already.
Now when I try to add:
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif
I get:
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcDatabase=hdb,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
additional info: <olcSuffix> namingContext "dc=mycompany,dc=us" already served by a preceding hdb database
Which makes no sense since this is the only database on the computer, and this is the first entry I'm adding to it.
The error message indicates that the
back_hdb
module is already included into the configuration. You can verify this with the commandIf this includes lines similar to the following, it's already included:
If this is the case, just remove the first six lines from your
backend.ldif
and try again.If you want to start from scratch, you can use the command
to get rid of the complete ldap installation including all data files.
After that, you will need to reinstall OpenLDAP with the corresponding command
BTW, I just followed this tutorial (while using all default values from their script) and this worked fine on a freshly created Lucid VM.
Edit
OK, in your other post you talked about 10.04. In fact, the auto configuration in 11.04 for
slapd
is much better when compared to 10.04. What it does for you is everything in the tutorial concerning the schema files and the backend.ldif and even a part from the frontend: You can remove the following lines from the fronted.ldif and try to continue from there:Some further hint: The backend configuration of OpenLDAP (
cn=config
) is nothing more than a collection of LDIF files in a filesystem structure equivalent to the LDAP structure. You can browse it yourself in/etc/ldap/slapd.d
. 10.04 had the bare minimum there to getslapd
working, while 11.04 prepared everything so that you can start right off.add .la to the end of back_hdb
the LDIF should now read
for explanation: http://ubuntuforums.org/archive/index.php/t-1594138.html