[Ayuda] Servidor Open LDAP
Héctor Suárez Planas
nihilanthlnx en yahoo.es
Mar Sep 13 17:57:28 CDT 2005
Aquí están los archivos de configuración y los
errores.
slapd.conf:
#
# See slapd.conf(5) for details on configuration
options.
# This file should NOT be world readable.
#
include/etc/openldap/schema/core.schema
include/etc/openldap/schema/cosine.schema
include/etc/openldap/schema/inetorgperson.schema
include/etc/openldap/schema/nis.schema
# Allow LDAPv2 client connections. This is NOT the
default.
allow bind_v2
# Do not enable referrals until AFTER you have a
working directory
# service AND an understanding of referrals.
#referralldap://root.openldap.org
pidfile/var/run/slapd.pid
argsfile/var/run/slapd.args
# Load dynamic backend modules:
# modulepath/usr/sbin/openldap
# moduleloadback_bdb.la
# moduleloadback_ldap.la
# moduleloadback_ldbm.la
# moduleloadback_passwd.la
# moduleloadback_shell.la
# The next three lines allow use of TLS for encrypting
connections using a
# dummy test certificate which you can generate by
changing to
# /usr/share/ssl/certs, running "make slapd.pem", and
fixing permissions on
# slapd.pem so that the ldap user or group can read
it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile
/usr/share/ssl/certs/ca-bundle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
# Sample security restrictions
#Require integrity protection (prevent hijacking)
#Require 112-bit (3DES or better) encryption for
updates
#Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
#Root DSE: allow anyone to read it
#Subschema (sub)entry DSE: allow anyone to read it
#Other DSEs:
#Allow self write access
#Allow authenticated users read access
#Allow anonymous users to authenticate
#Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#by self write
#by users read
#by anonymous auth
#
# if no access controls are present, the default
policy
# allows anyone and everyone to read anything but
restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
databasebdb
suffix"dc=my-domain,dc=com"
rootdn"cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn,
should
# be avoided. See slappasswd(8) and slapd.conf(5) for
details.
# Use of strong authentication encouraged.
# rootpwsecret
# rootpw{crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running
slapd AND
# should only be accessible by the slapd and slap
tools.
# Mode 700 recommended.
directory/var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com en EXAMPLE.COM
# Directorio del dominio HSL.SCU.SLD.CU
database bdb
suffix "dc=hsl,dc=scu,dc=sld,dc=cu"
rootdn
"cn=Nihilanth,dc=hsl,dc=scu,dc=sld,dc=cu"
rootpw unpassword
directory /var/lib/ldap/authenticate
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
base.ldif:
dn: dc=sld,dc=cu
dc: sld
objectClass: top
objectClass: domain
dn: dc=scu,dc=sld,dc=cu
dc: scu
objectClass: top
objectClass: domain
dn: dc=hsl,dc=scu,dc=sld,dc=cu
dc: hsl
objectClass: top
objectClass: domain
dn: ou=Hosts,dc=hsl,dc=scu,dc=sld,dc=cu
ou: Hosts
objectClass: top
objectClass: organizationalUnit
dn: ou=Rpc,dc=hsl,dc=scu,dc=sld,dc=cu
ou: Rpc
objectClass: top
objectClass: organizationalUnit
dn: ou=Services,dc=hsl,dc=scu,dc=sld,dc=cu
ou: Services
objectClass: top
objectClass: organizationalUnit
dn:
nisMapName=netgroup.byuser,dc=hsl,dc=scu,dc=sld,dc=cu
nismapname: netgroup.byuser
objectClass: top
objectClass: nisMap
dn: ou=Mounts,dc=hsl,dc=scu,dc=sld,dc=cu
ou: Mounts
objectClass: top
objectClass: organizationalUnit
dn: ou=Networks,dc=hsl,dc=scu,dc=sld,dc=cu
ou: Networks
objectClass: top
objectClass: organizationalUnit
dn: ou=People,dc=hsl,dc=scu,dc=sld,dc=cu
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=hsl,dc=scu,dc=sld,dc=cu
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou=Netgroup,dc=hsl,dc=scu,dc=sld,dc=cu
ou: Netgroup
objectClass: top
objectClass: organizationalUnit
dn: ou=Protocols,dc=hsl,dc=scu,dc=sld,dc=cu
ou: Protocols
objectClass: top
objectClass: organizationalUnit
dn: ou=Aliases,dc=hsl,dc=scu,dc=sld,dc=cu
ou: Aliases
objectClass: top
objectClass: organizationalUnit
dn:
nisMapName=netgroup.byhost,dc=hsl,dc=scu,dc=sld,dc=cu
nismapname: netgroup.byhost
objectClass: top
objectClass: nisMap
Claro está que este base.ldif se genera luego de haber
puesto la siguiente instrucción
./usr/share/openldap/migration/migratebase.pl >
base.ldif
y cuando le pongo la instrucción
ldapadd -x -W -D 'cn=Nihilanth, dc=hsl, dc=scu,
dc=sld, dc=cu' -h 127.0.0.1 -f base.ldif
me da ese error.
Y ni seguir con lo que dice le manual porque me siguen
dando más errores.
______________________________________________
Renovamos el Correo Yahoo!
Nuevos servicios, más seguridad
http://correo.yahoo.es
_______________________________________________
Ayuda mailing list
Ayuda en linux.org.mx
Para salir de la lista: http://mail.linux.org.mx/cgi-bin/mailman/listinfo/ayuda/
Más información sobre la lista de distribución Ayuda