[FUG-BR] Erro na inicialização do ldap
Jorge Petry
jorge em jspnet.com.br
Terça Junho 17 16:00:01 BRT 2008
Altere esses parâmetros nos arquivos nss_ldap.conf e ldap.conf que seu
ldap vai iniciar bem mais rápido.
Reporta ai depois.
Abraço.
timelimit 3
bind_timelimit 3
bind_policy soft
_________________________________________
* *Jorge Petry Neto *
*Administrador de Redes e Servidores
(48) 8401-4436
jorge em jspnet.com.br <mailto:jorge em jspnet.com.br>*
**www.jspnet.com.br * <http://www.jspnet.com.br/>
Jose Raimundo da S. Barbosa escreveu:
> ola colegas, acabei de instalar e configurar um servidor LDAP. Parece que
> tudo ta funcionando legal: construi a base LDAP, importei minha base de
> usuário para dentro dele, estou consultando a base, etc. Mas agora vou
> partir para a integracao com o SAMBA, postfix, etc. Só que consultando meu
> /var/log/messages vejo as seguintes mensagens na inicializacao do LDAP:
>
> Jun 17 13:22:00 ariranha slapd[9073]: nss_ldap: could not search LDAP
> server - Server is unavailable
> Jun 17 13:22:00 ariranha slapd[9073]: sql_select option missing
> Jun 17 13:22:00 ariranha slapd[9073]: auxpropfunc error no mechanism
> available
>
> fiz um teste...parei o servidor (/usr/local/etc/rc.d/slapd stop) e startei
> novamente...reparei que a partir de entao ele leva uns 30 segundos para
> entrar no ar...dai visualizei novamente o log messages e a mensagem acima
> consta no arquivo.
>
> Alguma idéia?
>
> Acabei de instalar o FreeBSD 7.0
>
> nss_ldap.conf
> --------------
> @(#)$Id: ldap.conf,v 2.47 2006/05/15 08:13:44 lukeh Exp $
> #
> # This is the configuration file for the LDAP nameservice
> # switch library and the LDAP PAM module.
> #
> # PADL Software
> # http://www.padl.com
> #
>
> host 127.0.0.1
> base dc=cpaa,dc=embrapa,dc=br
> uri ldap://cegonha.cpaa.embrapa.br/
> ldap_version 3
>
>
> slapd.conf
> ------------
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/cosine.schema
> include /usr/local/etc/openldap/schema/nis.schema
> include /usr/local/etc/openldap/schema/inetorgperson.schema
> include /usr/local/etc/openldap/schema/qmail.schema
> include /usr/local/etc/openldap/schema/samba.schema
>
> # Ativando suporte a TLS
> TLSCertificateFile /usr/local/etc/openldap/ssl/servercrt.pem
> TLSCertificateKeyFile /usr/local/etc/openldap/ssl/serverkey.pem
> TLSCACertificateFile /usr/local/etc/openldap/ssl/cacert.pem
> #TLSCipherSuite HIGH:MEDIUM:+SSLv2
>
> # Define global ACLs to disable default read access.
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
>
> # Load dynamic backend modules:
> modulepath /usr/local/libexec/openldap
> moduleload back_bdb
> # moduleload back_ldap
> # moduleload back_ldbm
> # moduleload back_passwd
> # moduleload back_shell
>
> access to attrs=userPassword,sambaLMPassword,sambaNTPassword
> by dn="cn=root,dc=embrapa,dc=br" write
> by anonymous auth
> by self write
> by * none
>
> access to attrs=uidNumber,gidNumber
> by dn="cn=root,dc=embrapa,dc=br" write
> by * read
>
> access to *
> by dn="cn=root,dc=embrapa,dc=br" write
> by self write
> by * read
>
> database bdb
> suffix "dc=embrapa,dc=br"
> rootdn "cn=root,dc=embrapa,dc=br"
>
> rootpw secret
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory /var/db/openldap-data
> # Indices to maintain
> index objectClass eq
> index uid pres,eq,sub
> index gidNumber eq
> index uidNumber eq
> index cn pres,eq,sub
> index memberuid pres,eq,sub
> index mail pres,eq,sub
> index mailAlternateAddress pres,eq,sub
> index sn pres,eq,sub
> #index displayName pres,eq,sub
> #index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
> #index default sub
>
>
>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
>
--
Mais detalhes sobre a lista de discussão freebsd