So, here I go, almost a month ago i posted asking for advice about xserve and etc, and now here I am with my dual g5 xserve, after reading tons of docs I did plan everything and I'm starting to configure all of it, starting with the OD server
I use a mac mini to manage my server with server admin and workgroup manager, but when i open workgroup manager i get the following message:
"you are working in a directory node that is not visible to the network.." once i click ok i see that i'm Authenticated as admin to a local directory /Netinfo/DefaultLocalNode at my server.. instead of the LDAP server.
going to the server admin and checking the open directory tab i see that slapd is stopped. here is the pertinent log:
Mar 6 09:11:41 localhost slapd[58]: @(#) $OpenLDAP: slapd 2.2.19 $\n Mar 6 09:11:41 localhost slapd[58]: bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)\n Mar 6 09:11:41 localhost slapd[58]: bdb_db_init: Initializing BDB database\n Mar 6 09:11:41 localhost slapd[58]: slapd starting\n Mar 6 09:48:49 xserve slapd[58]: slapd shutdown: waiting for 0 threads to terminate\n Mar 6 09:48:49 xserve slapd[58]: bdb(dc=xserve,dc=local): Locker still has locks\n Mar 6 09:48:49 xserve slapd[58]: bdb_locker_id_free: 9 err Invalid argument(22)\n Mar 6 09:48:50 xserve slapd[58]: slapd stopped.\n
my ldap.conf
# # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_REQCERT never
my slapd.conf
# # See slapd.conf(5) for details on configuration options. # # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/fmserver.schema include /etc/openldap/schema/apple.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd.pid argsfile /var/run/slapd.args replica-pidfile /var/run/slurpd.pid replica-argsfile /var/run/slurpd.args replicationinterval 3 loglevel 32768 sizelimit 11000 gentlehup off schemacheck on # Sample security restrictions # # Disallow clear text exchange of passwords # disallow bind_simple_unprotected # # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Allow read access of root DSE # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: #access to dn.base="" by * read #access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy is: # Allow read by all # # rootdn can always write! # Some settings are maintained in slapd_macosxserver.conf, # which is updated by Server Admin. Put your own changes in # this file. include /etc/openldap/slapd_macosxserver.conf
my slapd_macosxserver.com
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
# This file is maintained by Server Admin.
#
# Access Controls
access specified-in-directory apple-acl "cn=default,cn=accesscontrols,dc=xserve,dc=local"
allow update_anon
#######################################################################
# bdb database definitions
#######################################################################
database bdb
suffix "dc=xserve,dc=local"
rootdn "uid=root,cn=users,dc=xserve,dc=local"
rootpw {SMD5}HvpdJs26RPc7oVShrEHYyQbU9zc=
sasl-regexp
uid=host/(.*),cn=.*,cn=gssapi,cn=auth
"uid=$1,cn=computers,dc=xserve,dc=local"
sasl-regexp
uid=(.*),cn=.*,cn=.*,cn=auth
"uid=$1,cn=users,dc=xserve,dc=local"
sasl-regexp
uid=(.*),cn=.*,cn=auth
"uid=$1,cn=users,dc=xserve,dc=local"
schemaconfigdn "cn=schema,cn=config,dc=xserve,dc=local"
# use crypt passwords to support older clients
password-hash {CRYPT}
password-crypt-salt-format "%.2s"
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /Volumes/Dados/openldap/openldap-data
# checkpoint the database every 10MB of logging and every 1 hour
checkpoint 10240 60
# Indices to maintain
index cn,sn,uid pres,eq,approx,sub
index uidNumber,gidNumber eq
index memberUid eq
index apple-generateduid eq
index ou eq
index apple-group-realname eq
index macAddress eq
index apple-category eq
index apple-networkview eq
index apple-group-memberguid eq
index apple-group-nestedgroup eq
index objectClass eq
timelimit 300
and the dns conf..
named.conf
//
// Include keys file
//
include "/etc/rndc.key";
// Declares control channels to be used by the rndc utility.
//
// It is recommended that 127.0.0.1 be the only address used.
// This also allows non-privileged users on the local host to manage
// your name server.
//
// Default controls
//
controls {
inet 127.0.0.1 port 54 allow {any;} keys {
"rndc-key";
};
};
options {
directory "/var/named";
recursion true;
allow-transfer {none;};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "mycompany.com." in {
file "mycompany.com.zone";
type master;
};
zone "50.16.172.in-addr.arpa" IN {
file "db.172.16.50";
type master;
};
logging {
category default {
_default_log;
};
channel _default_log {
file "/Library/Logs/named.log";
severity info;
print-time yes;
};
};
my zone file
mycompany.com.zone
$TTL 86400 mycompany.com. IN SOA nameserver.mycompany.com. admin.mycompany.com. ( 2006030602 ; serial 3h ; refresh 1h ; retry 1w ; expiry 1h ) ; minimum mycompany.com. IN NS nameserver.mycompany.com. mycompany.com. IN A 172.16.50.111 nameserver IN A 172.16.50.111 www IN CNAME nameserver mail IN CNAME nameserver xserve IN CNAME nameserver ldap IN CNAME nameserver kerberos IN CNAME nameserver webmail IN CNAME nameserver cotrasa.com.br. IN MX 0 nameserver mini IN A 172.16.50.74
dunno if i forgot to mention something.... anybody can point me to the right direction ?
Fernando Battistella.