ro_neto
(usa Fedora)
Enviado em 08/11/2007 - 15:01h
Olá gostaria de uma ajuda tenho que implementar um servidor de controle de domínio com os seguintes serviços, DNS, DHCP, SAMBA, NIS/NFS, LDAP e FIREWALL mas eu ainda não sai do LDAP, a distri escolhida foi o fedora 7 o meus pacotes db são:
db4-4.5.20-5.fc7
db4-devel-4.5.20-5.fc7
db4-utils-4.5.20-5.fc7
Meus pacotes openldap:
openldap-devel-2.3.34-3.fc7
openldap-2.3.34-3.fc7
openldap-clients-2.3.34-3.fc7
openldap-servers-2.3.34-3.fc7
Kerberos:
krb5-devel-1.6.1-4.fc7
krb5-auth-dialog-0.7-2
krb5-server-ldap-1.6.1-4.fc7
krb5-libs-1.6-6
krb5-workstation-1.6-6
Cyrus:
cyrus-sasl-md5-2.1.22-6
cyrus-sasl-devel-2.1.22-6
cyrus-sasl-lib-2.1.22-6
cyrus-sasl-ldap-2.1.22-6
cyrus-sasl-2.1.22-6
cyrus-sasl-gssapi-2.1.22-6
cyrus-sasl-plain-2.1.22-6
Nome da maquina: serverpdc.empresa.com.br
eth0: Acesso a WAN
ip/mask: 192.168.0.254/255.255.255.0
eth1: Acesso a rede lan
ip/mask: 10.1.1.254/255.0.0.0
Gateway 192.168.0.1/255.255.255.0 = mode ADSL
DNS01: 200.175.182.139
DNS02: 200.175.89.139
/etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
# Allow LDAPv2 client connections. This is NOT the default.
# allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
# modulepath /usr/lib/openldap
# moduleload accesslog.la
# moduleload auditlog.la
# moduleload back_sql.la
# moduleload denyop.la
# moduleload dyngroup.la
# moduleload dynlist.la
# moduleload lastmod.la
# moduleload pcache.la
# moduleload ppolicy.la
# moduleload refint.la
# moduleload retcode.la
# moduleload rwm.la
# moduleload syncprov.la
# moduleload translucent.la
# moduleload unique.la
# moduleload valsort.la
# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by * read
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=empresa,dc=com,dc=br"
rootdn "cn=Manager,dc=empresa,dc=com,dc=br"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
rootpw {SSHA}2AahDg8Cu3AJWCoo2ChP84OBye8zFquE
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
/etc/openldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=empresa,dc=com,dc=br
URI ldap://localhost
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
/var/lib/ldap/DB_CONFIG
# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1.2.3 2006/08/17 17:36:19 kurt Exp $
# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases.
#
# See Sleepycat Berkeley DB documentation
# <http://www.sleepycat.com/docs/ref/env/db_config.html>
# for detail description of DB_CONFIG syntax and semantics.
#
# Hints can also be found in the OpenLDAP Software FAQ
# <http://www.openldap.org/faq/index.cgi?file=2>
# in particular:
# <http://www.openldap.org/faq/index.cgi?file=1075>
# Note: most DB_CONFIG settings will take effect only upon rebuilding
# the DB environment.
# one 0.25 GB cache
set_cachesize 0 268435456 1
# Data Directory
#set_data_dir db
# Transaction Log settings
set_lg_regionmax 262144
set_lg_bsize 2097152
#set_lg_dir logs
# Note: special DB_CONFIG flags are no longer needed for "quick"
# slapadd(8) or slapindex(8) access (see their -q option).
com o DB_CONFIG na pasta /var/lib/ldap/ ocorre este erro:
bdb_db_open: DB_CONFIG for suffix dc=empresa,dc=com,dc=br has changed.
Performing database recovery to activate new settings.
bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if errors are encountered.
bdb_db_open: db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2)
bdb(dc=empresa,dc=com,dc=br): Unknown locker ID: 0
backend_startup_one: bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)
sem o arquivo DB_CONFIG ocorre esta outro erro:
[root@serverpdc ldap]# slaptest
bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2)
Expect poor performance for suffix dc=empresa,dc=com,dc=br.
bdb_db_open: db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2)
bdb(dc=empresa,dc=com,dc=br): Unknown locker ID: 0
backend_startup_one: bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)
Bom eu preciso de uma mão pois a minha apresentação da monográfi é dia 14/11/2007, e eu ainda tenho que configurar o samba e o NIS/NFS para trabalhar com o LDAP, de forma a conpletar o meu controdador de domínio.
eu já dei uma pesquisada no site do proprio openldap, e axei alguns comentarios sobre um bug do ldap e outro que me pareceu mais aceitavel, que o ldap não é 100% compativel com o DB$ da vers 4.3.X pra cima, pois o recomendado é o DB4-4.2.52, se for isso como eu configuro ldap com o ldbm, ou até mesmo SQL?
fico no aguardo, e serei muito agradescido a quem puder me ajudar, outra coisa depois de pronto meu trabalho eu postarei ele como um artigo caso der certo.