PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : LDAP-Probleme



Tuxist
07.04.05, 14:09
Habe versucht ldap zu starten kommt folgenede meldung:

/etc/ldap/schema/nis.schema: line 27: Duplicate attributeType: "1.3.6.1.1.1.1.0"

die anderen scheme machen ähnliche fehler

hier meine anderen configs

ldap.conf


# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE dc=local-net, dc=org
URI ldap://ldap.local-net.org
pam_crypt local

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
LDAP VERSIO_VERSION 3
nssbasepasswd ou=people ,dc=local-net ,dc=org
nssbaseshadow ou=people ,dc=local-net ,dc=org
nssbasegroup ou=groups ,dc=local-net ,dc=org




slapd.conf

# Allow LDAPv2 binds
allow bind_v2

# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

################################################## #####################
# Global Directives:

# Features to permit
allow bind_v2

# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema


# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile /var/run/slapd.args

# Read slapd.conf(5) for possible values
loglevel 0

# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb

################################################## #####################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb

################################################## #####################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>

################################################## #####################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb

# The base of your directory in database #1
suffix "dc=local-net, dc=org"

# Where the database file are physically stored for database #1
directory "/var/lib/ldap"

# Indexing options for database #1
index objectClass eq

# Save the time that the entry gets modified, for database #1
lastmod on

# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
#access to attribute=userPassword
# by dn="cn=admin,dc=local-net,dc=org" write
# by anonymous auth
# by self write
# by * none

# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
#access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
#access to *
# by dn="cn=admin,dc=local-net,dc=org" write
# by * read

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=local-net,dc=org" write
# by dnattr=owner write

################################################## #####################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>

# The base of your directory for database #2
suffix "dc=local-net,dc=org"

index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index uid , uidNumber ,gidNumber ,memberUid eq
index cn ,mail ,surname ,givenname eq, subinitial

access to dn="(.*,)?dc=local-net,dc=org" g attr=homePhone
by self write
by="(.*,)?dc=local-net, dc=org search
by domain=.*\local-net\.org read
by anonymous auth

mamue
07.04.05, 16:36
Hi,


include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema

Du hast diese zwei Schemata doppelt eingebunden - das würde ich ändern...

mamue

Tuxist
07.04.05, 23:02
Es geht danke. man ist mir das peinlich muss wohl blind gewesen sein :rolleyes:

Tuxist
08.04.05, 14:19
Habe jetzt probleme mit samba und ldap
Fogelnde Meldung:

/etc/ldap/slapd.conf: line 115: index attribute "sambaSID" undefined
meine config


# Allow LDAPv2 binds
allow bind_v2

# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

################################################## #####################
# Global Directives:

# Features to permit
allow bind_v2

# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema


# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile /var/run/slapd.args

# Read slapd.conf(5) for possible values
loglevel 0

# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb

################################################## #####################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb

################################################## #####################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>

################################################## #####################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb

# The base of your directory in database #1
suffix "dc=local-net, dc=org"

# Where the database file are physically stored for database #1
directory "/var/lib/ldap"

# Indexing options for database #1
index objectClass eq

# Save the time that the entry gets modified, for database #1
lastmod on

# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
#access to attribute=userPassword
# by dn="cn=admin,dc=local-net,dc=org" write
# by anonymous auth
# by self write
# by * none

# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
#access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
#access to *
# by dn="cn=admin,dc=local-net,dc=org" write
# by * read

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=local-net,dc=org" write
# by dnattr=owner write

################################################## #####################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>

# The base of your directory for database #2
suffix "dc=local-net,dc=org"

index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index uid , uidNumber ,gidNumber ,memberUid eq
index cn ,mail ,surname ,givenname eq, subinitial

access to dn="(.*,)?dc=local-net,dc=org" g attr=homePhone
by self write
by="(.*,)?dc=local-net, dc=org search
by domain=.*\local-net\.org read
by anonymous auth

Simcemilia
08.04.05, 15:29
Moin Moin

vielleicht liegts am Samba - Schema.
Du könntest probieren das Schema von
/usr/share/doc/packages/samba/examples/LDAP/samba.schema
in dein openldap schema (/etc/openldap/schema) Verzeichnis kopieren.

MfG
Simcemilia

Tuxist
08.04.05, 15:53
jetzt kommt der Fehler

/etc/ldap/slapd.conf: line 118: extra junk after "index <attr> [pres,eq,approx,sub]" line (ignored)
/etc/ldap/slapd.conf: line 118: no indexes selected

Simcemilia
08.04.05, 16:27
Moin,

so sehen die Indices meine slapd.conf aus

index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq

vielleicht hilft dir das ja weiter.

MfG
Simcemilia

Tuxist
08.04.05, 20:50
dann kommt diese meldung

/etc/ldap/slapd.conf: line 118: extra junk after "index <attr> [pres,eq,approx,sub]" line (ignored)
/etc/ldap/slapd.conf: line 118: duplicate index definition for attr "objectClass" (ignored)

Hat jemand vielleicht eine ähnliche funktionierende config ?

mamue
09.04.05, 11:10
Ich weiß jetzt nicht, was Zeile 118 ist, bzw. bin zu faul zum zählen.
Laß doch erst einmal sämtliche indizes weg, sie sind ja nicht zwingend erforderlich. Wenn es dann startet würde ich die schrittweise wieder reinnehmen. Ansonsten müsste man erst in den Schemata nachschauen, ob es wirklich alle Attribute gibt, und ob der spezielle Index wirklich zugelassen ist, objectclass kennt sub, pres und eq. sambaSID AFAIK nur eq. Vielleicht liegt irgendwo dort der Fehler.

HTH
mamue

Tuxist
09.04.05, 12:21
Dann kommt dieser Fehler:

/etc/ldap/slapd.conf: line 124: missing "=" in "g" in to clause

<access clause> ::= access to <what> [ by <who> <access> [ <control> ] ]+
<what> ::= * | [dn[.<dnstyle>]=<regex>] [filter=<ldapfilter>] [attrs=<attrlist>]
<attrlist> ::= <attr> | <attr> , <attrlist>
<attr> ::= <attrname> | entry | children
<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<regex> ]
[dnattr=<attrname>]
[group[/<objectclass>[/<attrname>]][.<style>]=<regex>]
[peername[.<style>]=<regex>] [sockname[.<style>]=<regex>]
[domain[.<style>]=<regex>] [sockurl[.<style>]=<regex>]
[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]
<dnstyle> ::= regex | base | exact (alias of base) | one | subtree | children
<style> ::= regex | base | exact (alias of base)
<groupflags> ::= R
<access> ::= [self]{<level>|<priv>}
<level> ::= none | auth | compare | search | read | write
<priv> ::= {=|+|-}{w|r|s|c|x}+
<control> ::= [ stop | continue | break ]

wuwu
09.04.05, 21:35
Hm ...
seltsam sowas geht da auch ? Cool ! Scheint ein Interpretationsproblem zu sein .
Nennt man sowas Regular Expressions ? Mist hab ich nie richtig aufgepasst bei so 'nem Zeug.
Evtl. wo "" vergessen ?
Oops seh ich obendrüber nur ein " ? Sollten die Dinger nicht immer paarweise auftreten ?
hm...

mamue
09.04.05, 22:55
@tuxist:
Naja, die access-regel wird wohl falsch sein. Ich schreibe die auch nur höchst selten, da wirst Du Dich wohl noch mal genauer mit deren Syntax befassen müssen.

Sorry,
mamue