Bug 1206910 - openldap-servers doesn't provide slapd.conf
Summary: openldap-servers doesn't provide slapd.conf
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: openldap
Version: rawhide
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Jan Synacek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-03-29 13:58 UTC by Niranjan Mallapadi Raghavender
Modified: 2015-03-31 07:55 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2015-03-30 08:16:15 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Niranjan Mallapadi Raghavender 2015-03-29 13:58:14 UTC 
Description of problem:
openldap-servers should provide a sample slapd.conf ,without slapd.conf , it's not possible to configure cn=config database 

openldap-servers seems to list slapd.conf and slapd.conf.bak , but they are not available.

# rpm -ql openldap-servers | grep slapd.conf
/etc/openldap/slapd.conf
/etc/openldap/slapd.conf.bak
/usr/share/man/man5/slapd-config.5.gz
/usr/share/man/man5/slapd.conf.5.gz
# ls -l /etc/openldap/slapd.conf
ls: cannot access /etc/openldap/slapd.conf: No such file or directory
# ls -l /etc/openldap/slapd.conf.bak
ls: cannot access /etc/openldap/slapd.conf.bak: No such file or directory



Version-Release number of selected component (if applicable):
openldap-servers-2.4.40-10.fc23.x86_64

How reproducible:

Install openldap-servers-2.4.40-10.fc23.x86_64  , 
slaptest requires slapd.conf, which is not present.
Comment 1 Jan Synacek 2015-03-30 08:16:15 UTC 
# ldapsearch -LLL -H ldapi:// -b cn=config "(olcDatabase=config)"
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external
 ,cn=auth" manage by * none

It's been possible to configure the cn=config as root for quite a few releases now.

From the %files section in spec:

# obsolete configuration
%ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf
%ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf.bak

I have left these lines in there just so the slapd.conf{,.bak} are owned by the package if they exist. You can still provide your own slapd.conf and everything will work.
Comment 2 Niranjan Mallapadi Raghavender 2015-03-30 08:38:00 UTC 
On my system i get this:

After installing openldap-servers, I get this:

[root@pki1 ~]# ldapsearch -LLL -H ldapi:// -b cn=config "(olcDatabase=config)"
SASL/GSS-SPNEGO authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
        additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate)
Comment 3 Niranjan Mallapadi Raghavender 2015-03-30 08:58:43 UTC 
after installing openldap-servers on rawhide, I get the above error. Could you give some more info on how you could get ldapsearch with ldapi bind .
Comment 4 Jan Synacek 2015-03-31 06:36:58 UTC 
Try using ldapsearch with additional "-Y EXTERNAL" arguments. Also, is your server configured to listen on ldapi:/// ? Your client is trying to use GSSAPI for some reason.
Comment 5 Niranjan Mallapadi Raghavender 2015-03-31 07:55:33 UTC 
Thanks that worked

# ldapsearch -Y EXTERNAL  -LLL -H ldapi:// -b cn=config "(olcDatabase=config)"
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external
 ,cn=auth" manage by * none
Note You need to log in before you can comment on or make changes to this bug.