I'm getting this error when trying to add a module to OpenLDAP:
# ldapadd -H ldapi:/// -Y EXTERNAL -D 'cn=config' -f ./module.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
additional info: <olcModuleLoad> handler exited with 1
Here's the ldif:
# cat module.ldif
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/local/libexec/openldap
olcModuleLoad: pw-sha2.la
It's the slapd-sha2.so module. The readme instructions seem out of date.
Here are the module directory contents:
# ls /usr/local/libexec/openldap
pw-sha2.a pw-sha2.la pw-sha2.so pw-sha2.so.0 pw-sha2.so.0.0.0
Here's a different module currently in OpenLDAP:
# ldapsearch -H ldapi:/// -Y EXTERNAL -b 'cn=module{0},cn=config'
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=module{0},cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# module{0}, config
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModuleLoad: {0}syncprov.la
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
I tried suffixing module with {1} in the ldif to no success.
OpenLDAP version:
# slapd -V
@(#) $OpenLDAP: slapd 2.4.40 (Sep 29 2015 10:26:27) $
[email protected]:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/build-servers/servers/slapd
I followed the steps below to compile the module.
Install prerequisites:
yum -y install git libtool openldap-devel nss nss-devel openssl openssl-devel db4 db4-devel
Get module source:
git clone https://github.com/gcp/openldap.git
Build the module:
cd openldap
./configure
make depend
make
cd contrib/slapd-modules/passwd/sha2/
make
make install
Is the module already loaded? I do not see it in cn=config.
How do I add it to the OpenLDAP configuration?
@473183469 suggested this ldif:
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/local/libexec/openldap/
olcModuleLoad: pw-sha2
When I try it, I get this error:
# ldapadd -H ldapi:/// -Y EXTERNAL -D 'cn=config' -f ./module.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module{0},cn=config"
ldap_add: Naming violation (64)
Edit 2:
Just to be clear, I'm trying to use pw-sha2 compiled from the github source repo with the slapd from CentOS package repos.
ls -laFtr /usr/local/libexec/openldap/
total 124
-rwxr-xr-x 1 root root 46158 Nov 6 11:53 pw-sha2.so.0.0.0*
lrwxrwxrwx 1 root root 16 Nov 6 11:53 pw-sha2.so.0 -> pw-sha2.so.0.0.0*
lrwxrwxrwx 1 root root 16 Nov 6 11:53 pw-sha2.so -> pw-sha2.so.0.0.0*
-rw-r--r-- 1 root root 910 Nov 6 11:53 pw-sha2.la
-rw-r--r-- 1 root root 61274 Nov 6 11:53 pw-sha2.a
drwxr-xr-x 2 root root 4096 Nov 6 11:53 ./
drwxr-xr-x. 3 root root 4096 Nov 19 14:19 ../
Official CentOS slapd:
# slapd -VVV
@(#) $OpenLDAP: slapd 2.4.40 (Nov 10 2015 09:41:16) $
[email protected]:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/build-servers/servers/slapd
Included static backends:
config
ldif
monitor
bdb
hdb
ldap
mdb
meta
null
passwd
relay
shell
sock
slapd built from source:
# /usr/local/libexec/slapd -VVV
@(#) $OpenLDAP: slapd 2.X (Nov 19 2015 14:18:36) $
root@my_hostname.my_domain.com:/root/openldap/servers/slapd
Included static overlays:
syncprov
Included static backends:
config
ldif
monitor
bdb
hdb
mdb
relay
I am quite confident the following will be inserted without errors:
My confidence arises from the fact it is the exact
ldifI used to enable the module.As an aside: if you want a password schema be the default, modify
PasswordHashonfrontend: