[FUG-BR] Erro na inicialização do ldap
Jose Raimundo da S. Barbosa
jose.barbosa em cpaa.embrapa.br
Terça Junho 17 15:34:34 BRT 2008
ola colegas, acabei de instalar e configurar um servidor LDAP. Parece que
tudo ta funcionando legal: construi a base LDAP, importei minha base de
usuário para dentro dele, estou consultando a base, etc. Mas agora vou
partir para a integracao com o SAMBA, postfix, etc. Só que consultando meu
/var/log/messages vejo as seguintes mensagens na inicializacao do LDAP:
Jun 17 13:22:00 ariranha slapd[9073]: nss_ldap: could not search LDAP
server - Server is unavailable
Jun 17 13:22:00 ariranha slapd[9073]: sql_select option missing
Jun 17 13:22:00 ariranha slapd[9073]: auxpropfunc error no mechanism
available
fiz um teste...parei o servidor (/usr/local/etc/rc.d/slapd stop) e startei
novamente...reparei que a partir de entao ele leva uns 30 segundos para
entrar no ar...dai visualizei novamente o log messages e a mensagem acima
consta no arquivo.
Alguma idéia?
Acabei de instalar o FreeBSD 7.0
nss_ldap.conf
--------------
@(#)$Id: ldap.conf,v 2.47 2006/05/15 08:13:44 lukeh Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#
# PADL Software
# http://www.padl.com
#
host 127.0.0.1
base dc=cpaa,dc=embrapa,dc=br
uri ldap://cegonha.cpaa.embrapa.br/
ldap_version 3
slapd.conf
------------
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/qmail.schema
include /usr/local/etc/openldap/schema/samba.schema
# Ativando suporte a TLS
TLSCertificateFile /usr/local/etc/openldap/ssl/servercrt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/serverkey.pem
TLSCACertificateFile /usr/local/etc/openldap/ssl/cacert.pem
#TLSCipherSuite HIGH:MEDIUM:+SSLv2
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_bdb
# moduleload back_ldap
# moduleload back_ldbm
# moduleload back_passwd
# moduleload back_shell
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by dn="cn=root,dc=embrapa,dc=br" write
by anonymous auth
by self write
by * none
access to attrs=uidNumber,gidNumber
by dn="cn=root,dc=embrapa,dc=br" write
by * read
access to *
by dn="cn=root,dc=embrapa,dc=br" write
by self write
by * read
database bdb
suffix "dc=embrapa,dc=br"
rootdn "cn=root,dc=embrapa,dc=br"
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/db/openldap-data
# Indices to maintain
index objectClass eq
index uid pres,eq,sub
index gidNumber eq
index uidNumber eq
index cn pres,eq,sub
index memberuid pres,eq,sub
index mail pres,eq,sub
index mailAlternateAddress pres,eq,sub
index sn pres,eq,sub
#index displayName pres,eq,sub
#index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
#index default sub
Mais detalhes sobre a lista de discussão freebsd