[FUG-BR] Problemas com a configuração do LDAP
Miguel Martins
migueljr01 em gmail.com
Quinta Janeiro 22 14:21:09 BRST 2009
Verifiquei o NIS.SCHEMA esta lah retirei as linhas "userPassword: {crypt}*"
e continua...
sauron# cat /usr/local/etc/openldap/slapd.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
include /usr/local/etc/openldap/schema/bind.schema
referral ldap://localhost
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_bdb
moduleload back_ldap
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Banco de dados LDAP
database bdb
suffix "dc=assesc,dc=edu,dc=br"
# Definimos a conta administradora como "root"
rootdn "cn=root,dc=assesc,dc=edu,dc=br"
# A senha deve ser gerada com o slappaswd.
##Ex: # slappasswd
## New password:
## Re-enter new password:
## {SSHA}e7C9/YlcGzCsk7gCkzVzhYFNB/4DzcGB
rootpw {SSHA}kGX3aMbe9pQHzoGeYvOe0j4MNAln6OYQ
# Caminho para a base de dados LDAP
directory /var/db/openldap-data
password-hash {CRYPT}
password-crypt-salt-format "$1$.8s"
#indices para otimizar acesso
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index default sub
# ACLs
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
sauron#
sauron# ls /usr/local/etc/openldap/schema/
README cosine.schema
java.schema.default openldap.schema.default
bind.schema cosine.schema.default
misc.schema ppolicy.schema
corba.schema dyngroup.schema
misc.schema.default ppolicy.schema.default
corba.schema.default dyngroup.schema.default
nis.schema samba.schema
core.ldif inetorgperson.schema
nis.schema.default
core.schema inetorgperson.schema.default
openldap.ldif
core.schema.default java.schema
openldap.schema
sauron#
sauron# more base.ldif
dn: dc=assesc,dc=edu,dc=br
dc: ASSESC
objectClass: top
objectClass: domain
dn: ou=People,dc=assesc,dc=edu,dc=br
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=assesc,dc=edu,dc=br
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou=Computers,dc=assesc,dc=edu,dc=br
ou: Computers
objectClass: top
objectClass: organizationalUnit
dn: cn=wheel,ou=Group,dc=assesc,dc=edu,dc=br
objectClass: posixGroup
objectClass: top
cn: wheel
gidNumber: 0
memberUid: root
memberUid: miguel
dn: cn=nogroup,ou=Group,dc=assesc,dc=edu,dc=br
objectClass: posixGroup
objectClass: top
cn: nogroup
gidNumber: 65533
dn: cn=nobody,ou=Group,dc=assesc,dc=edu,dc=br
objectClass: posixGroup
objectClass: top
cn: nobody
gidNumber: 65534
dn: uid=root,ou=People,dc=assesc,dc=edu,dc=br
uid: root
cn: Charlie &
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /bin/csh
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Charlie &
dn: uid=nobody,ou=People,dc=assesc,dc=edu,dc=br
uid: nobody
cn: Unprivileged user
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /usr/sbin/nologin
uidNumber: 65534
gidNumber: 65534
homeDirectory: /nonexistent
gecos: Unprivileged user
dn: uid=miguel,ou=People,dc=assesc,dc=edu,dc=br
uid: miguel
cn: Miguel Martins Jr
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /bin/csh
uidNumber: 1001
gidNumber: 0
homeDirectory: /home/miguel
gecos: Miguel Martins Jr
dn: uid=sauron,ou=Computers,dc=assesc,dc=edu,dc=br
uid: sauron
cn: Servidor
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /usr/bin/nologin
uidNumber: 200
gidNumber: 200
homeDirectory: noexistent
gecos: Servidor
dn: cn=NextFreeUnixId,dc=assesc,dc=edu,dc=br
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
uidNumber: 1000
gidNumber: 1000
cn: NextFreeUnixId
sn: NextFreeUnixId
dn: zoneName=assesc.com.br,dc=assesc,dc=edu,dc=br
objectClass: top
objectClass: dNSZone
relativeDomainName: assesc.edu.br
zoneName: assesc.edu.br
dn: relativeDomainName=assesc.com.br,zoneName=assesc.com.br
,dc=assesc,dc=edu,dc=br
objectClass: top
objectClass: dNSZone
relativeDomainName: assesc.edu.br
zoneName: assesc.edu.br
dNSTTL: 3600
dNSClass: IN
SOARecord: ns1.assesc.edu.br. hostmaster.assesc.edu.br. 1 10800 3600 604800
86400
NSRecord: ns1.assesc.edu.br.
NSRecord: ns2.assesc.edu.br.
ARecord: 192.168.3.254
MXRecord: 10 mail.assesc.edu.br.
dn: relativeDomainName=@,zoneName=assesc.com.br,dc=assesc,dc=edu,dc=br
objectClass: top
objectClass: dNSZone
relativeDomainName: @
zoneName: assesc.edu.br
dNSTTL: 3600
dNSClass: IN
SOARecord: ns1.assesc.edu.br. hostmaster.assesc.edu.br. 1 10800 3600 604800
86400
NSRecord: ns1.assesc.edu.br.
NSRecord: ns2.assesc.edu.br.
ARecord: 192.168.3.254
MXRecord: 10 mail.assesc.edu.br.
dn: relativeDomainName=ns1,zoneName=assesc.com.br,dc=assesc,dc=edu,dc=br
objectClass: top
objectClass: dNSZone
relativeDomainName: ns1
zoneName: assesc.edu.br
dNSTTL: 3600
dNSClass: IN
ARecord: 192.168.3.254
dn: relativeDomainName=ns2,zoneName=assesc.com.br,dc=assesc,dc=edu,dc=br
objectClass: top
objectClass: dNSZone
relativeDomainName: ns2
zoneName: assesc.edu.br
dNSTTL: 3600
dNSClass: IN
ARecord: 200.135.16.114
dn: relativeDomainName=mail,zoneName=assesc.com.br,dc=assesc,dc=edu,dc=br
objectClass: top
objectClass: dNSZone
relativeDomainName: mail
zoneName: assesc.edu.br
dNSTTL: 3600
dNSClass: IN
ARecord: 192.168.3.254
dn: relativeDomainName=sauron,zoneName=assesc.com.br,dc=assesc,dc=edu,dc=br
objectClass: top
objectClass: dNSZone
relativeDomainName: sauron
zoneName: assesc.edu.br
dNSTTL: 3600
dNSClass: IN
ARecord: 192.168.3.254
2009/1/22 Flavio Junior <billpp em gmail.com>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> MIguel,
>
> Teu erro esta nas entradas de grupo, essa por exemplo:
>
> dn: cn=wheel,ou=Group,dc=assesc,dc=edu,dc=br
> objectClass: posixGroup
> objectClass: top
> cn: wheel
> userPassword: {crypt}*
> gidNumber: 0
> memberUid: root
> memberUid: miguel
>
> Pode ser a falta do schema "nis.schema" no teu ldap, pode ser por
> causa do conteudo do userPassword...
>
> remove a linha userPassword e tenta de novo, mas antes confirma o
> nis.schema no slapd.conf
>
> - --
>
> Flávio do Carmo Júnior aka waKKu
>
>
Mais detalhes sobre a lista de discussão freebsd