Re: [Ldapdns-users] Ldapdns v3 questions
Brought to you by:
nimh
Menu
▾
▴
Re: [Ldapdns-users] Ldapdns v3 questions
|
From: Chris H. <ch...@am...> - 2003-11-23 19:50:04
|
Thank you for replying. Quoting "Mrs. Brisby" <mrs...@ni...>: > A couple things: > > 1. Instead of using sudo, set UID and GID to the uid and gid of the > ldapdns user and let ldapdns-dg setuid/setgid itself. This way, when > ready, you can set PORT to 53. Hmm, -bash: UID: readonly variable. I can set it from ksh. > > 2. Make sure you can run ldapdns and _see_ that it starts up. This means > essentially running your /usr/sbin/ldapdns script and seeing what output > it provides. Send us that output. Outside of sudo, it just complains about GID and UID not set. It does execute 3 ldapdns-dg when launched by sudo. #tail /var/log/ldapdns.log LDAPDNS starting thread 1 LDAPDNS starting thread 2 > > 3. That setting for /proc/cpuinfo won't work on anything but linux... This is a linux setup and it comes back with 2 which is correct. > > 4. Your dig statement doesn't list a fully qualified domain name. > Perhaps you meant: > dig @localhost -p 5300 -t any ns.ambigc.com.sg Yes, sorry. it doesnt work fully qualified either. > > 5. Your LDAP server needs to have an equality (exact) index for > associatedDomain - OR your tree needs to be extremely small. From my slapd.conf: (and I ran slapindex) index objectClass,uid,uidNumber,gidNumber eq index cn,mail,surname,givenName,associatedDomain eq,subinitial > > 6. the $SELFNS and $REPLICAS environment variables are NECESSARY for > creating NS and SOA RRs. OK I set both to ns.ambigc.com.sg as I have only one server. Is this OK? It is still not responding. Further testing shows the ldapdns-dg seems to be spawning lots of open connections to the ldap server (flooding netstat output). Debugging from slapd -d256 shows: conn=1674 op=0 BIND dn="" method=128 conn=1674 op=0 RESULT tag=97 err=2 text=requested protocol version not allowed conn=1676 fd=12 ACCEPT from IP=127.0.0.1:59060 (IP=:: 389) conn=1673 fd=13 closed I dont have any slapd security settings and I have 'allow bind_v2' in slapd.conf and can get the whole tree by 'ldapsearch -x'. It also reports this (except different dn) when I try to make ldapdns login as the admin. -Chris > > > On Sat, 2003-11-22 at 13:57, Chris Hamilton wrote: > > I do not know what I am doing wrong. I have tried to get ldapdns 3 up > > with the following: > > > > From my rc: > > start) > > title "Starting ldapdns." > > touch $logfile;chown ldapdns $logfile || error=$? > > sudo -u ldapdns -b "/usr/sbin/ldapdns" >$logfile 2>$logfile || > > error=$? > > status > > ;; > > > > > > /usr/sbin/ldapdns: > > #!/bin/sh > > source /etc/profile > > cd /var/ldapdns > > > > rm -f root/ldap.tmp root/ldap > > /usr/sbin/ldapdns-hosts hosts root/ldap root/ldap.tmp > > > > CPU=`cat /proc/cpuinfo | grep processor | wc -l` > > ROOT=/var/ldapdns/root > > source /etc/ldapdns.conf > > > > pre=$1 > > shift > > $pre /usr/sbin/ldapdns-dg "$@" > > > > /etc/ldapdns.conf: > > SCHEMA=LDAPDNS > > LISTEN=0:5300 > > HOSTMASTER=hostmaster@localhost > > #SELFNS=a.ns.myhostname > > #REPLICAS=b.ns.myhostname:c.ns.myhostname > > export ROOT CPU LISTEN SCHEMA HOSTMASTER SELFNS REPLICAS > > > > /var/ldapdns/hosts/ns: > > base o=top > > address 127.0.0.1 > > dn cn=admin,o=top > > password **** > > method simple > > is root > > > > And: > > dn: dc=ns,ou=Hosts,ou=Network,o=top > > objectClass: top > > objectClass: dnsdomain > > objectClass: domainRelatedObject > > dc: ns > > aRecord: 10.0.0.2 > > mXRecord: mail.ambigc.com > > associatedDomain: ns.ambigc.com.sg > > > > But: > > # dig @localhost -p 5300 -t any ns > > > > ; <<>> DiG 9.2.2 <<>> @localhost -p 5300 -t any ns > > ;; global options: printcmd > > ;; connection timed out; no servers could be reached > > > > Any ideas on what to try would be appreciated. > > > > Thanks, > > Chris Hamilton > > > ---------------------------------------------------------------- Mail by Ambiguous Computer Computer Ltd. an open source company. http://www.ambigc.com |
