[csw-users] CSW OpenLDAP Seg Faults

Roy McMorran mcmorran at mdibl.org
Fri Jan 6 17:37:46 CET 2006 

Hi Alex, thanks for the reply.

Alex Moore wrote:

> Maybe it would help if you attached slapd.conf and ldap.conf
>
>from /opt/csw/etc/openldap.
>  
>
########################################################################
# slapd.conf 
########################################################################
#
# include required schemas
include         /opt/csw/etc/openldap/schema/core.schema
include         /opt/csw/etc/openldap/schema/cosine.schema
include         /opt/csw/etc/openldap/schema/inetorgperson.schema
include         /opt/csw/etc/openldap/schema/misc.schema
include         /opt/csw/etc/openldap/schema/nis.schema
include         /opt/csw/etc/openldap/schema/openldap.schema
# req'd for Solaris native LDAP client:
include         /opt/csw/etc/openldap/schema/solaris.schema
include         /opt/csw/etc/openldap/schema/DUAConfigProfile.schema
# req'd for Samba / PDC:
include         /opt/csw/etc/openldap/schema/samba.schema
# req'd for address book
include         /opt/csw/etc/openldap/schema/mozillaAbPerson.schema

########################################################################
# misc
########################################################################
pidfile		/opt/csw/var/openldap/slapd.pid
argsfile	/opt/csw/var/openldap/slapd.args
# Load dynamic backend modules:
modulepath      /opt/csw/libexec/openldap
moduleload      back_bdb.la

allow 		bind_v2 bind_anon_dn
password-hash	{CRYPT}

########################################################################
TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
TLSCACertificateFile /opt/csw/ssl/certs/rapidssl_01.cer
TLSCertificateFile /opt/csw/ssl/certs/mdibl.org.crt
TLSCertificateKeyFile /opt/csw/ssl/private/mdibl.org.key
TLSVerifyClient never
########################################################################
# ACL directives
########################################################################
access to attrs=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange
	by self write
	by dn="uid=root,ou=People,dc=mdibl,dc=org" write
	by dn="uid=Administrator,ou=People,dc=mdibl,dc=org" write
	by dn="cn=samba,ou=DSA,dc=mdibl,dc=org" write
	by dn="cn=smbldap-tools,ou=DSA,dc=mdibl,dc=org" write
	by dn="cn=nssldap,ou=DSA,dc=mdibl,dc=org" write
	by dn="cn=proxyagent,ou=profile,dc=mdibl,dc=org" read
	by anonymous auth

access to dn.base=""
	by * read

# some attributes need to be readable anonymously so that 'id user' 
# can answer correctly
access to attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid
	by dn="uid=root,ou=People,dc=mdibl,dc=org" write
	by dn="uid=Administrator,ou=People,dc=mdibl,dc=org" write
	by dn="cn=samba,ou=DSA,dc=mdibl,dc=org" write
	by dn="cn=smbldap-tools,ou=DSA,dc=mdibl,dc=org" write
	by * read

# some attributes can be writable by users themselves
access to attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname
	by self write
	by dn="uid=root,ou=People,dc=mdibl,dc=org" write
	by dn="uid=Administrator,ou=People,dc=mdibl,dc=org" write
	by dn="cn=samba,ou=DSA,dc=mdibl,dc=org" write
	by dn="cn=smbldap-tools,ou=DSA,dc=mdibl,dc=org" write
	by * read

# some attributes need to be writable for samba
access to attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaMungedDial,sambaBadPasswordCount,sambaBadPasswordTime,sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,sambaShareName,sambaOptionName,sambaBoolOption,sambaIntegerOption,sambaStringOption,sambaStringListoption
	by dn="uid=root,ou=People,dc=mdibl,dc=org" write
	by dn="uid=Administrator,ou=People,dc=mdibl,dc=org" write
	by dn="cn=samba,ou=DSA,dc=mdibl,dc=org" write
	by dn="cn=smbldap-tools,ou=DSA,dc=mdibl,dc=org" write
	by self read
	by anonymous auth
	by * none

# samba need to be able to create the samba domain account
access to dn.base="dc=mdibl,dc=org"
	by dn="uid=root,ou=People,dc=mdibl,dc=org" write
	by dn="uid=Administrator,ou=People,dc=mdibl,dc=org" write
	by dn="cn=proxyagent,ou=profile,dc=mdibl,dc=org" read
	by dn="cn=samba,ou=DSA,dc=mdibl,dc=org" write
	by dn="cn=smbldap-tools,ou=DSA,dc=mdibl,dc=org" write
	by * read

# Solaris needs anonymous access to the profile ou
access to dn.subtree="ou=Profile,dc=mdibl,dc=org"
	by self write
	by dn="uid=root,ou=People,dc=mdibl,dc=org" write
	by dn="cn=proxyagent,ou=profile,dc=mdibl,dc=org" write
	by * read

# samba need to be able to create new users account
access to dn.subtree="ou=People,dc=mdibl,dc=org"
	by self write
	by dn="uid=root,ou=People,dc=mdibl,dc=org" write
	by dn="uid=Administrator,ou=People,dc=mdibl,dc=org" write
	by dn="cn=proxyagent,ou=profile,dc=mdibl,dc=org" read
	by dn="cn=samba,ou=DSA,dc=mdibl,dc=org" write
	by dn="cn=smbldap-tools,ou=DSA,dc=mdibl,dc=org" write
	by * read

# samba need to be able to create new groups account
access to dn.subtree="ou=Groups,dc=mdibl,dc=org"
	by dn="uid=root,ou=People,dc=mdibl,dc=org" write
	by dn="uid=Administrator,ou=People,dc=mdibl,dc=org" write
	by dn="cn=proxyagent,ou=profile,dc=mdibl,dc=org" read
	by dn="cn=samba,ou=DSA,dc=mdibl,dc=org" write
	by dn="cn=smbldap-tools,ou=DSA,dc=mdibl,dc=org" write
	by * none

access to * by self write
	by dn="uid=root,ou=People,dc=mdibl,dc=org" write
	by dn="uid=Administrator,ou=People,dc=mdibl,dc=org" write
	by dn="cn=Manager,dc=mdibl,dc=org" write
	by anonymous auth
	by * none

#######################################################################
# BDB database definitions
#######################################################################

database	bdb
suffix		"dc=mdibl,dc=org"
rootdn		"cn=Manager,dc=mdibl,dc=org"
rootpw		{CRYPT}.FseczJ5HEu2U

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /opt/csw/var/openldap-data

# Indices to maintain
index objectClass,uidNumber,gidNumber,ou                eq
index cn,sn,uid,displayName                             pres,eq,sub
index memberUid,mail,givenname                          eq,sub
index nisDomain                                         eq
index uniqueMember                                      pres
index sambaSID,sambaPrimaryGroupSID,sambaDomainName     eq

# Performance tuning directives
sizelimit 5000
threads 8
idletimeout 14400
cachesize 10000
checkpoint 256 15

######################################################################

#######################################################################
# ldap.conf
#######################################################################
HOST		testbed.mdibl.org
BASE		dc=mdibl,dc=org
SSL		start_tls
TLS_CACERT	/opt/csw/ssl/certs/rapidssl_01.cer
TLS_CERT	/opt/csw/ssl/certs/mdibl.org.crt
TLS_KEY		/opt/csw/ssl/private/mdibl.org.key
TLS_REQCERT	demand

>When I start my slapd process with truss, I see no references
>to /var/ldap.
>  
>
Yes, I thought that seemed odd.  Perhaps because I'm using the native 
Sun LDAP client?
Thanks.

-- 

Roy McMorran
Systems Administrator
MDI Biological Laboratory
mcmorran at mdibl.org

More information about the users mailing list