Spilled the Beans
I'm getting stuck at the end of LDAP. config file
any idea's please...
root@server02:/home/user# slapadd -v -l /etc/ldap/init.ldif
/etc/ldap/slapd.conf: line 8: unknown directive <################################################# #######################> outside backend info and database definitions.
slapadd: bad configuration file!
Just Give Me the Beans!
If you saw my original post, ignore it! The problem is on line 8 of your slapd.conf file. At the very beginning of the ######## line is a space. Remove that space and save it. (Also I fixed that mistake in the original post!)Originally Posted by kwadman
Last edited by abishur; December 11th, 2009 at 02:49 PM.
Spilled the Beans
I'm really sorry about this error, the problem lies in the way the forum removes the beginning space from the line. I've made a note about it in the original post so hopefully new people won't hit this problem
OKAY! I finally figured out how to make the file look the way I want it to on these forums! I am REALLY sorry it took so long. Go back and look at the original post to get the correct formatting to make slapd work (smaba is fine)
Hey abishur,
I am still getting that same error, when you have a minute do you mind looking over my slapd.conf? I'm sure I am making some rookie mistake somewhere lol! Thanks again for all your help I really appreciate it!
# Remember to replace suffix "dc=example,dc=local" with your domain name
# Change the rootpw entry with the results from slappaswd (Must match the same you pasted on init.ldif)
# /etc/ldap/slapd.conf
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
################################################## ######################
Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/misc.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible valuesloglevel 0
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb
# The maximum number of entries that is returned for a search
operationsizelimit 500
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
################################################## #####################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
#checkpoint 512 30
################################################## #####################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
################################################## #####################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
# The base of your directory in database #1
suffix "dc=BEAVER,dc=local"
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
rootdn "cn=admin,dc=BEAVER,dc=local"
rootpw {SSHA}8F5/srwaQhHwFlN0+nzfg6kYtCDJy8xo
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057
# for more information.
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500
# Indexing options for database #1
#index objectClass eq, pres
index ou,cn,sn,mail,givenname eq,pres,sub
index uidNumber,gidNumber,memberUid eq,pres
index loginShell eq,pres
index uniqueMember eq,pres
index uid pres,sub,eq
index displayName pres,sub,eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
#index uid pres,eq,sub
# Save the time that the entry gets modified, for database #1
lastmod on
# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange,sambaNTPasswor d,sambaLMPassword
by dn="cn=admin,dc=BEAVER,dc=local" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=BEAVER,dc=local" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=BEAVER,dc=ch" write
# by dnattr=owner write
################################################## ####################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>
# The base of your directory for database #2
#suffix "dc=debian,dc=org"
Just Give Me the Beans!
Hey cbhr4u, the problem is found in these two blocks of code
Code:access to attrs=userPassword,shadowLastChange,sambaNTPasswor d,sambaLMPassword by dn="cn=admin,dc=BEAVER,dc=local" write by anonymous auth by self write by * nonethe lines that say "by" are supposed to have a space in the front of them also it looks like the "sambaNTPassword" has a space between the r and the d. The correct code should look like this:Code:access to * by dn="cn=admin,dc=BEAVER,dc=local" write by * read
Code:access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by dn="cn=admin,dc=BEAVER,dc=local" write by anonymous auth by self write by * noneLike I was saying, until recently I did not know how to make this forum let me put extra spaces at the beginning of the line, so it was messing up the slapd file. You should be good to go after fixing those two blocks.Code:access to * by dn="cn=admin,dc=BEAVER,dc=local" write by * read
Spilled the Beans
Hey Abishur,
Thanks again for all your help i made those corrections but no go, I took a screen shot of that code block from my terminal window, when you have a moment will you take a look at it? Thanks again!!
Just Give Me the Beans!
I don't see anything wrong with that block of code... can you post your actual errror message? I know the first time I set up my domain I had a TON of problems. It's easy to miss one part and have the whole fail. It's even easier to look in the wrong place for a solution not realize it's not where you made your mistake. Go ahead and go over the guide from the beginning. It might help to just earse the slapd file and copy and paste the code fresh?
Spilled the Beans
Thanks for taking the time to look at this for me! Here is the actual error message.
/etc/ldap/slapd.conf: line 10: unknown directive <Global> outside backend info and database definitions.
slapadd: bad configuration file!
I have redone it earlier but i will give it another shot. Probably a stupid question but it doesnt matter that i am using vi instead of gedit does it? Thanks again.
Just Give Me the Beans!
hmm... it's trying to say that there is something wrong on line 10 of your slapd.conf file (the line that says Global Directives: ) but I'm just not seeing a problem there. Do you have a space at the beginning of that line (if so delete it). It doesn't matter if you use vi, nano, or gedit. I use gedit because I personally find it easier to work with and catch mistakes. Some people use vi either out of a sense of "Linux Purity" or because the purists tell them to use itUse whatever you're comfortable with using.
If all else fails start at the beginning and take it slow. I literally do not remember how many times I had to start over from scratch while learning how to do this. Keep it up! Sometimes just having someone to talk about what's going on helps you find the real problem!
Dipped in Ubuntu
Hi abishur, I've a question, can Ubuntu pass policies to Windows clients authenticating to Ubuntu? Or what are the benefits of authentication using LDAP over just adding users on the Ubuntu Server? Thanks.
It's OK, everything we know will become obsolete at some time.
Just Give Me the Beans!
The following is my understanding, but someone with more expertise might now some better answer.
Can Ubuntu pass Poclies? Well.... yesno from what I've read Samba 4 will actually have built in Windows client authoring (and therefore completely replace the need for this guide) as well as the ability to apply group policies. I've also seen some software that claims to be able to do the job, but it costs money.
But remember! LDAP is a protocol of authentication. Active Directory and OpenLDAP are merely software that makes use of the LDAP protocol. NEITHER AD or OpenLDAP have the ability to assign group policies. Windows uses a special piece of software that interacts with AD (using the LDAP authentication protocol) to apply group policies.
Benefits of Authenticating with LDAP? My understanding is that Windows computers cannot authenticate to native Linux accounts. The whole point of using OpenLDAP is to provide a means of windows authentication (well... there are other benefits such as a security flexibility, centralized management, etc.). That said, just because LDAP is the only means I could find for windows authentication, doesn't mean it's the only one out there, and if you're dealing with a pure Linux environment, then using the Linux accounts would work fine for you (of course, since you're looking at this guide I think I can assume that you have windows computers to authenticate)
Posting Permissions
Adv Reply
Bookmarks