[FUG-BR] Erro na inicialização do ldap

Jorge Petry jorge em jspnet.com.br
Terça Junho 17 16:00:01 BRT 2008


Altere esses parâmetros nos arquivos nss_ldap.conf e ldap.conf que seu 
ldap vai iniciar bem mais rápido.
Reporta ai depois.

Abraço.

timelimit 3
bind_timelimit 3
bind_policy soft




_________________________________________
* *Jorge Petry Neto *
*Administrador de Redes e Servidores
(48) 8401-4436
jorge em jspnet.com.br <mailto:jorge em jspnet.com.br>*
**www.jspnet.com.br * <http://www.jspnet.com.br/>




Jose Raimundo da S. Barbosa escreveu:
> ola colegas, acabei de instalar e configurar um servidor LDAP. Parece que
> tudo ta funcionando legal: construi a base LDAP, importei minha base de
> usuário para dentro dele, estou consultando a base, etc. Mas agora vou
> partir para a integracao com o SAMBA, postfix, etc. Só que consultando meu
> /var/log/messages vejo as seguintes mensagens na inicializacao do LDAP:
>
> Jun 17 13:22:00 ariranha slapd[9073]: nss_ldap: could not search LDAP
> server - Server is unavailable
> Jun 17 13:22:00 ariranha slapd[9073]: sql_select option missing
> Jun 17 13:22:00 ariranha slapd[9073]: auxpropfunc error no mechanism
> available
>
> fiz um teste...parei o servidor (/usr/local/etc/rc.d/slapd stop) e startei
> novamente...reparei que a partir de entao ele leva uns 30 segundos para
> entrar no ar...dai visualizei novamente o log messages e a mensagem acima
> consta no arquivo.
>
> Alguma idéia?
>
> Acabei de instalar o FreeBSD 7.0
>
> nss_ldap.conf
> --------------
>  @(#)$Id: ldap.conf,v 2.47 2006/05/15 08:13:44 lukeh Exp $
> #
> # This is the configuration file for the LDAP nameservice
> # switch library and the LDAP PAM module.
> #
> # PADL Software
> # http://www.padl.com
> #
>
> host 127.0.0.1
> base dc=cpaa,dc=embrapa,dc=br
> uri ldap://cegonha.cpaa.embrapa.br/
> ldap_version 3
>
>
> slapd.conf
> ------------
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include         /usr/local/etc/openldap/schema/core.schema
> include         /usr/local/etc/openldap/schema/cosine.schema
> include         /usr/local/etc/openldap/schema/nis.schema
> include         /usr/local/etc/openldap/schema/inetorgperson.schema
> include         /usr/local/etc/openldap/schema/qmail.schema
> include         /usr/local/etc/openldap/schema/samba.schema
>
> # Ativando suporte a TLS
> TLSCertificateFile /usr/local/etc/openldap/ssl/servercrt.pem
> TLSCertificateKeyFile /usr/local/etc/openldap/ssl/serverkey.pem
> TLSCACertificateFile /usr/local/etc/openldap/ssl/cacert.pem
> #TLSCipherSuite HIGH:MEDIUM:+SSLv2
>
> # Define global ACLs to disable default read access.
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral       ldap://root.openldap.org
>
> pidfile         /var/run/openldap/slapd.pid
> argsfile        /var/run/openldap/slapd.args
>
> # Load dynamic backend modules:
> modulepath      /usr/local/libexec/openldap
> moduleload      back_bdb
> # moduleload    back_ldap
> # moduleload    back_ldbm
> # moduleload    back_passwd
> # moduleload    back_shell
>
> access to attrs=userPassword,sambaLMPassword,sambaNTPassword
>      by dn="cn=root,dc=embrapa,dc=br" write
>      by anonymous auth
>      by self write
>      by * none
>
> access to attrs=uidNumber,gidNumber
>    by dn="cn=root,dc=embrapa,dc=br" write
>    by * read
>
> access to *
>    by dn="cn=root,dc=embrapa,dc=br" write
>    by self write
>    by * read
>
> database        bdb
> suffix          "dc=embrapa,dc=br"
> rootdn          "cn=root,dc=embrapa,dc=br"
>
> rootpw  secret
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory       /var/db/openldap-data
> # Indices to maintain
> index   objectClass             eq
> index   uid                     pres,eq,sub
> index   gidNumber               eq
> index   uidNumber               eq
> index   cn                      pres,eq,sub
> index   memberuid               pres,eq,sub
> index   mail                    pres,eq,sub
> index   mailAlternateAddress    pres,eq,sub
> index   sn                      pres,eq,sub
> #index   displayName             pres,eq,sub
> #index   sambaSID,sambaPrimaryGroupSID,sambaDomainName  eq
> #index   default                 sub
>
>
>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
>   

-- 



Mais detalhes sobre a lista de discussão freebsd