Re: [Ldapdns-users] Ldapdns v3 questions
Brought to you by:
nimh
Menu
▾
▴
Re: [Ldapdns-users] Ldapdns v3 questions
|
From: Mrs. B. <mrs...@ni...> - 2003-11-23 21:22:10
|
On Sun, 2003-11-23 at 14:50, Chris Hamilton wrote: > Thank you for replying. > > Quoting "Mrs. Brisby" <mrs...@ni...>: > > > A couple things: > > > > 1. Instead of using sudo, set UID and GID to the uid and gid of the > > ldapdns user and let ldapdns-dg setuid/setgid itself. This way, when > > ready, you can set PORT to 53. > Hmm, -bash: UID: readonly variable. I can set it from ksh. Set it temporarily to another name; I use REAL_UID and REAL_GID then use ENV to rewrite: env UID=$REAL_UID GID=$REAL_GID ldapdns-dg > > 2. Make sure you can run ldapdns and _see_ that it starts up. This means > > essentially running your /usr/sbin/ldapdns script and seeing what output > > it provides. Send us that output. > Outside of sudo, it just complains about GID and UID not set. > It does execute 3 ldapdns-dg when launched by sudo. > #tail /var/log/ldapdns.log > LDAPDNS starting thread 1 > LDAPDNS starting thread 2 That's because it doesn't like running as root. See above. > > 4. Your dig statement doesn't list a fully qualified domain name. > > Perhaps you meant: > > dig @localhost -p 5300 -t any ns.ambigc.com.sg > Yes, sorry. it doesnt work fully qualified either. What does ldapdns output when you do that? > > 6. the $SELFNS and $REPLICAS environment variables are NECESSARY for > > creating NS and SOA RRs. > OK I set both to ns.ambigc.com.sg as I have only one server. Is this OK? This is fine. > It is still not responding. > Further testing shows the ldapdns-dg seems to be spawning lots of open > connections to the ldap server (flooding netstat output). > Debugging from slapd -d256 shows: > conn=1674 op=0 BIND dn="" method=128 > conn=1674 op=0 RESULT tag=97 err=2 text=requested protocol version not allowed > conn=1676 fd=12 ACCEPT from IP=127.0.0.1:59060 (IP=:: 389) > conn=1673 fd=13 closed ... > I dont have any slapd security settings and I have 'allow bind_v2' in slapd.conf > and can get the whole tree by 'ldapsearch -x'. It also reports this (except > different dn) when I try to make ldapdns login as the admin. Read that text (requested protocol version not allowed)-- bind with protocol 2 is apparently not allowed- at least for your cn=root user. Try using no "dn" or "password" settings and allow LDAPDNS to connect anonymously. |
