Samba4 OpenLDAP backend

Andrew Bartlett abartlet at samba.org
Tue Apr 27 18:59:40 MDT 2010 

On Wed, 2010-04-28 at 10:32 +1000, Andrew Bartlett wrote:
> On Tue, 2010-04-27 at 18:12 +0530, nitin bhadauria wrote:
> > Hi Andrew,
> > 
> > Now i have recompiled openldap with sasl support ..
> > 
> > ldd /usr/local/libexec/slapd
> >     linux-gate.so.1 =>  (0x00c5e000)
> >     libltdl.so.3 => /usr/lib/libltdl.so.3 (0x04ace000)
> >     libdl.so.2 => /lib/libdl.so.2 (0x00d36000)
> >     libuuid.so.1 => /lib/libuuid.so.1 (0x00110000)
> >     libdb-4.7.so => /usr/lib/libdb-4.7.so (0x00de9000)
> >     libpthread.so.0 => /lib/libpthread.so.0 (0x00d3c000)
> >     libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x001e6000)
> >     libssl.so.6 => /lib/libssl.so.6 (0x04879000)
> > 
> > 
> > Now when i try to configure it i get the following error..
> >  
> > ./setup/provision --realm=SAMBA.DOMAIN.COM --domain=DOMAIN.COM
> > --adminpass=passw0rd --ldap-backend-type=openldap
> > --slapd-path="/usr/local/libexec/slapd" --server-role='domain
> > controller'
> 
> > Failed to bind - LDAP client internal error:
> > NT_STATUS_INVALID_PARAMETER
> > Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%
> > 2Fldapi'
> > 
> > 
> > Am i supposed to configure a running ldap server on some other port
> > and then run provision script.
> > If so how will i define ldap port with the  provision script.
> 
> No, the idea here is that OpenLDAP will be started by Samba4's provision
> script.  That way, we control the settings it is started with. 
> 
> It seems that OpenLDAP has started, but not accepted any connections. 

If you grab the current tree, I've improved the error message.  It will
now tell you if the OpenLDAP slapd has taken more than 15 seconds to
accept a connection, and then list the command it tried to use to start
it.

It seems likely that some interesting OpenLDAP bug has stalled the slapd
during startup, but you will be able to tell this when you re-run that
command manually.  Adding the '-d-1' option to the slapd command will
give a lot of debug, and potentially point to the issue. 

A potential future improvement to the scripts may be to automatically
start OpenLDAP with -d-1 when it fails to operate correctly. 

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100428/66b96c73/attachment.pgp>

More information about the samba-technical mailing list