Hallo Lesende,
ich habe ein Problem bei der Konfiguration von OpenLDAP.
Ich möchte gerne postfix und dovecot einrichten. Als Authentifizierung OpenLDAP einrichten.
Lt. engl. WIKI vorgegangen.
Alles nur erst einmal zur Nutzung im lokalen Netz. Später öffentlich.
Der Hostname lautet pingu03.famhager.
Meine config.ldif:
#The root config entry
Dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /run/openldap/slapd.args
olcPidFile: /run/openldap/slapd.pid
#Schemas
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
#TODO: Include further schemas as necessary
include: file:///etc/openldap/schema/core.ldif
# Additional schemas
# RFC1274: Cosine and Internet X.500 schema
include: file:///etc/openldap/schema/cosine.ldif
# RFC2798: Internet Organizational Person
include: file:///etc/openldap/schema/inetorgperson.ldif
# RFC2307: An Approach for Using LDAP as a Network Information Service
include: file:///etc/openldap/schema/nis.ldif
#The config database
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcRootDN: cn=Manager,famhager
#The database for our entries
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcSuffix: famhager
olcRootDN: cn=Manager,famhager
OLCRootPW: {SSHA}ubio9GOY9P5z2WWcXIW2G/4f11zkjsQR
olcDbDirectory: /var/lib/openldap/openldap-data
olcDbIndex: objectClass eq
olcDbIndex: uid pres,eq
olcDbIndex: mail pres,sub,eq
olcDbIndex: cn,sn pres,sub,eq
olcDbIndex: dc eq
~
Meine slapd.conf:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /run/openldap/slapd.pid
argsfile /run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib/openldap
moduleload back_mdb.la
# moduleload back_ldap.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# config database definitions
#######################################################################
database config
# Uncomment the rootpw line to allow binding as the cn=config
# rootdn so that temporary modifications to the configuration can be made
# while slapd is running. They will not persist across a restart.
# rootpw secret
#######################################################################
# MDB database definitions
#######################################################################
database mdb
maxsize 1073741824
#suffix "dc=my-domain,dc=com"
#von mir geändert
suffix "dc=famhager"
#rootdn "cn=Manager,dc=my-domain,dc=com"
#von mir geändert
rootdn "cn=Manager,dc=famhager"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/openldap/openldap-data
# Indices to maintain
index objectClass eq
#######################################################################
# monitor database definitions
#######################################################################
database monitor
######################################################################
#Access Control lt. org-WIKI
######################################################################
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=cn,givenName,sn,userPassword,shadowLastChange,mail,loginShell,photo by self write by anonymous auth by dn.base="cn=Manager,dc=pingu03.famhager" write by * none
olcAccess: {1}to * by self read by dn.base="cn=Manager,dc=famhager" write by * read
Ein #chown -R ldap:ldap /etc/openldap/*
und danach
slapadd -n 0 -F /etc/openldap/slapd.d/ -l ./config.ldif
bringt:
slapadd: could not add entry dn="cn=config" (line=1): �E��
Closing DB
Ein slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
bringt:
config_setup_ldif: expected directory /etc/openldap/slapd.d/ to be empty!
slaptest: bad configuration directory!
Beide Meldungen bringen mich nicht weiter. Was kann/muss ich ändern ?
Gruß
Andreas