# openldap / sasl problem (it seems ...)

## One

Hi,

I tried to set up an openLDAP server, but every time I run /usr/lib/openldap/slapd -d 255 the following thing happens:

```
  # ./slapd -d 255

  @(#) $OpenLDAP: slapd 2.0.25-Release  ....

  daemon_init: <null>

  daemon_init: listen on ldap:///

  daemon_init: 1 listeners to open...

  ldap_url_parse_ext(ldap:///)

  daemon: initialized ldap:///

  daemon_init: 1 listeners opened

  slapd init: initiated server.

  sasl_server_init failed

  slapd shutdown: freeing system resources. slapd stopped.

  connections_destroy: nothing to destroy.

```

while this is quite annoying I couldn't figure out why this happens. I freshyl installed cyrus-sasl and afterwards openLDAP, but the error remains. Starting with the init script didn't help either, but starting saslauthd with the init scripts works (which doesn't change anything about the error above  :Smile: .

Can anyone help me or explain to me what he has done to get openLDAP working? I also noticed I have no /usr/lib/sasl/slapd.conf file, which I seem to require, and I have no clue how this one may look inside ... .

thanks in advance and greetings, 

    axel.

----------

## acidreign

You will need to setup a configuration file for this to work correctly.

Documention on doing so is at 

http://www.openldap.org/doc/admin21/slapdconfig.html

I generally start openldap by issuing the command

/etc/init.d/slapd, which is the nicer way of doing things.

----------

## One

... which I tried first and didn't work, and which is why I tried all the stuff ...  :Smile: 

----------

## MoonWalker

"one" did you ever get this to work? I'm looking at setting up ldap now as well and notice that sasl support was removed in openldap.2.0.25-r3 - I'm not sure why but guess the current in gentoo stable release 2.0.27 don't have propper support for sasl version 2. On ldap.org 2.1.12 now are consider to be stable so hope gentoo also get in phase with time here... which also imply to bump up the berkelyDB stable to be version 4 and not 3 as now. 

I will try to have some go with this and will report back to this threed (instead of open a new - I guess it's called recycling   :Laughing:  )

----------

## One

Nope, I never get the damn thing working. 

No error codes, no error messages, and the sasl docs say something like  "compile and run and you will never have any problems". 

(I had and couldn't solve them for about one week, which was definitely too much in the end)

So I kicked it and was happy 

But this was some time ago, and maybe I really misconfigured something, so have a try!

 :Cool: 

----------

## MoonWalker

I think the way is to go for the new version of openldap 2.1.12, now considered stable at openldap.org but still masked in Gentoo. This mainly because of Gentoo 1.4 profile set system profile to take no newer then berkeleydb 3.2.9 although 4.1.25 is the version sleepycat.com recomend and consider stable.

So I changed "/etc/make.profile/pakages" read:

```

*>=sys-libs/db-4.1.25

```

instead of

```

*<sys-libs/db-3.2.10

```

then

```

#mkdir /usr/local/portage

#mkdir /usr/local/portage/sys-libs

#mkdir /usr/local/portage/sys-libs/db

#mkdir /usr/local/portage/sys-libs/db/files

#cp /usr/portage/sys-libs/db/db-4.1.24.ebuild /usr/local/portage/sys-libs/db/db-4.1.25.ebuild

#nano -w /usr/local/portage/sys-libs/db/db-4.1.25.ebuild

```

remove the "-" sign infront of x86 so it reads

```
KEYWORDS="x86 -ppc -sparc "
```

Now 

```
#ebuild /usr/local/portage/sys-libs/db/db-4.1.25.ebuild fetch

#ebuild /usr/local/portage/sys-libs/db/db-4.1.25.ebuild digest

#emerge db
```

it will emerge the latest 4.1.25 and not unmerge the old versions if some packages depends on them. version 4.1.25 should be backward compatible, but probably there is or have been some problem with some package - I havn't looked into this yet. Just searched the forum and found notting about it. Anyway, next step.

edit /usr/portage/net-nds/openldap/openldap-2.1.12 so 

```
KEYWORDS="-x86 -ppc"
```

change to 

```
KEYWORDS="x86 -ppc"
```

(removing the "-"

if 2.0.27 still are installed unmerge it with #emerge -C openldap

now 

```
#emerge sasl
```

if not alreaddy done. Note it will first emerge openldap (should be 2.1.12) as a dep, so openldap cant find sasl support yet. So you have to emerge openldap again after sasl.

Well that's were I am right now. All compiled without errors etc. so now I will try to config the things and will report back about my success   :Laughing: 

----------

## MoonWalker

Ok next phase. Just a reminder, don't forget to update the files under /etc by running #etc-update

Well I got it working (not fully tested yet though) although it appear to be a tricky one. Anyhow, this seam to work, at least for version 2.1.12  (note when you read this ebuild may have been updated so you don't need to do all this - it's the case if it ends with r1 or higher number)

Adding to my previous post, kerberos (krb5) is a nice package to emerge as well, before you emerge openldap. Well it's highly recomended top do so, or 'heimdal' which provade basicly the same. So... after emerge of openldap run #etc-update but then you have to edit some file by hand as well:

in /etc/init.d/slapd

```

 comment out

        #touch /var/state/openldap/slapd.pid

        #chown ldap:ldap /var/state/openldap/slapd.pid
```

and change path for pidfile under stop() to

```
/var/run/openldap/slapd.pid
```

so the file read:

```

#!/sbin/runscript

# Copyright 1999-2002 Gentoo Technologies, Inc.

# Distributed under the terms of the GNU General Public License, v2 or later

# $Header: /home/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-2.1-r1.rc6,v 1.1 2003/01/30 00:18:16 raker Exp $

depend() {

        need net

}

start() {

        ebegin "Starting ldap-server"

        start-stop-daemon --start --quiet --exec /usr/lib/openldap/slapd -- -u ldap -g ldap ${OPTS}

        #touch /var/state/openldap/slapd.pid

        #chown ldap:ldap /var/state/openldap/slapd.pid

        eend $?

}

stop() {

        ebegin "Stopping ldap-server"

        start-stop-daemon --stop --quiet --pidfile /var/run/openldap/slapd.pid --exec /usr/lib/openldap/slapd

        eend $?

}

```

then do

```

#mkdir /var/run/openldap

#chown ldap:ldap /var/run/openldap

```

Edit slapd.conf

```
#nano -w /etc/openldap/slapd.conf
```

and set path for pidfile and argsfile to same as above

```
 "/var/run/openldap/filename"
```

There is no need for the start script to creat the pid file. However, there still are something strange as the pidfile never get killed but stays and there is also an slapd.args file created when openldap startup. Anyhow this seam to work with 2.1.12 and if some dev bite in on it we might can have a ready-to-go ebuild soon.

I run it with Berkeley 4.1.25 (just used 4.1.24 script and bumped version in scriptname, removed "-" infront of x86 and put it in PORTDIR_OVERLAY corresponding to sys-libs/db. Then you have to change in /etc/make.profile/pakages if not done so before (see above) and

```
#ebuild /path/to/db-4.1.25.ebuild fetch
```

and when file is home

```
#ebuild /path/to/db-4.1.25.ebuild digest

#emerge db
```

to emerge berkeley db4 4.1.25 (latest)

It now seam to work although not truely tested yet. An ldapsearch according to documentation works as it should. Well ldap is prolly new to me so now I have to go read docs on how to fully set it all up by configuration. If no scream heared all probably work fine   :Laughing: 

Any comments are welcome

----------

