Can't create ldapi connection

[azop]

I'm currently using Hardy Beta however this problem existed in 7.10.  I'm sure I mucked up a configuration file somewhere...but I don't know where.

I had ebox-samba / ebox-usersandgroups working at one time. Then...something happened (I don't know what) and now the module is loaded however when I try to add / edit a user or save the samba configuration I get:

Can't create ldapi connection

\n$VAR1 = bless( {
'-stacktrace' => 'Can\'t create ldapi connection at /usr/share/perl5/EBox/Ldap.pm line 113
EBox::Ldap::ldapCon(\'EBox::Ldap=HASH(0x33bd680)\' ) called at /usr/share/perl5/EBox/Ldap.pm line 233
EBox::Ldap::search(\'EBox::Ldap=HASH(0x33bd680)\', \'HASH(0x2ad0f50)\') called at /usr/share/perl5/EBox/UsersAndGroups.pm line 907
EBox::UsersAndGroups::groups(\'EBox::UsersAndGroup s=HASH(0x33bfd40)\') called at /usr/share/perl5/EBox/CGI/UsersAndGroups/Users.pm line 48
EBox::CGI::UsersAndGroups::Users::_process(\'EBox: :CGI::UsersAndGroups::Users=HASH(0x1ee9140)\') called at /usr/share/perl5/EBox/CGI/Base.pm line 254
EBox::CGI::Base::run(\'EBox::CGI::UsersAndGroups:: Users=HASH(0x1ee9140)\') called at /usr/share/perl5/EBox/CGI/Run.pm line 92
EBox::CGI::Run::run(\'EBox::CGI::Run\', \'UsersAndGroups/Users\') called at /usr/share/ebox/cgi/ebox.cgi line 19
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_c gi_ebox_2ecgi::handler(\'Apache2::RequestRec=SCALA R(0x1ee88d0)\') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run(\'ModPerl::Registry=H ASH(0x1ee89f0)\') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler(\'ModPerl ::Registry=HASH(0x1ee89f0)\') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler(\'ModPerl::Registry\', \'Apache2::RequestRec=SCALAR(0x1ee88d0)\') called at -e line 0
eval {...} called at -e line 0
',
'-file' => '/usr/share/perl5/EBox/Ldap.pm',
'-text' => 'Can\'t create ldapi connection',
'-line' => 113,
'-package' => 'EBox::Ldap'
}, 'EBox::Exceptions::Internal' );

I've removed ebox-samba and ebox-usersandgroups along with removing slapd (purging during the removal) and reinstalling however I still can't see to fix this. I've also tried to reconfigure slapd / libpam-ldap .

I'm really out of ideas and would love to have some suggestions.

[drdebian]

That sounds like the OpenLDAP daemon slapd isn't starting properly. Try restarting it and watching the log output it generates in /var/log/syslog. Post the output here so we can see what's going wrong.

[javi]

Did you reboot the machine? If you did and you didn't have the last available version of slapd, it's probably, as drdebian says, that slapd didn't start properly at boot time. Make sure you update your slapd package.

Anyway,  as you removed slapd now you have to initialise the openLDAP directory and configure samba again. You have to keep in mind that for eBox your slapd directory and samba have already been initialised. That initialisation takes place when you enable the module for first time.

I have a script to set the service as not configured, this way you are able to go to module status and enable the module again.

This is the script:

Code: [Select]

#!/bin/perl

use EBox;
use EBox::Global;

EBox::init();

my $module = $ARGV[0];

unless (defined($module)) {
    print "Usage: $0 module";
    exit 1;
}

my $global = EBox::Global->getInstance();

unless ($global->modExists($module)) {
    print "Module $module doesn't exists";
}

my $mod = $global->modInstance($module);
$mod->st_set_bool('_serviceConfigured', undef);


You can also download it from here.

Once you have installed ebox-samba and ebox-usersandgroups again, run the above script as follows:

Code: [Select]

sudo ./ebox-reconfigure-module.pl users
sudo ./ebox-reconfigure-module.pl samba

Now you can go to module status and enable users and groups and samba

[azop]

That script fixed the problems.  I now no longer see the error and I can access the server with \\justice name

However...when I go into Windows XP and try to join into the domain with Network Identification Wizard I get "Windows cannot find an account for your computer on the callawaylaw.com domain"

I've added the user and group and I setup samba as a PDC.

[javi]

So  could you add machines to the PDC before you had to reinstall ebox-samba and stuff?

If that's the case, maybe there's some kind of inconsistency due to the reinstall. You could try purge samba along with ebox-usersandgroups and ebox-samba and reinstall again following the above steps. That should give you a completely clean installation as far as samba is concerned.

[azop]

I've never been able to add machines with the network identification wizard.  I did purge several times both ebox-usersandgroups and ebox-samba and just did again and I can't connect.

So  could you add machines to the PDC before you had to reinstall ebox-samba and stuff?

If that's the case, maybe there's some kind of inconsistency due to the reinstall. You could try purge samba along with ebox-usersandgroups and ebox-samba and reinstall again following the above steps. That should give you a completely clean installation as far as samba is concerned.

[javi]

Please, when trying to join the machine to your domain, take a look at the logs stored in /var/log/samba/*

A stupid question, both machines are in the same network, right?

I successfully added windows XP SP 1 machines to eBox. What's your windows box?

[sixstone]

Just to keep in mind... The user who add machines to the PDC requires to be administrator. This option is set under the "edit user" screen.

Best regards,

[azop]

Both machines are on the same network.

There's nothing being updated in /var/log/samba except the a blank file that has the ip address of the workstation.

Nothing being logged about an attempt or failure to login.

The computer is a Windows XP machine.  I do have administrator rights in Ebox under my username. 

I _can_ open my share and login if I just connect to the samba server with \\10.10.10.251


In /var/log/debug I see:

Apr 15 15:27:23 justice slapd[28385]: <= bdb_equality_candidates: (sambaDomainName) not indexed
Apr 15 15:27:23 justice slapd[28385]: <= bdb_equality_candidates: (uid) not indexed
Apr 15 15:27:23 justice slapd[28385]: <= bdb_equality_candidates: (gidNumber) not indexed
Apr 15 15:27:23 justice slapd[28385]: <= bdb_equality_candidates: (uid) not indexed
Apr 15 15:27:23 justice slapd[28385]: <= bdb_equality_candidates: (gidNumber) not indexed
Apr 15 15:27:23 justice slapd[28385]: <= bdb_equality_candidates: (uid) not indexed
Apr 15 15:27:23 justice slapd[28385]: <= bdb_equality_candidates: (memberUid) not indexed
Apr 15 15:27:23 justice slapd[28385]: <= bdb_equality_candidates: (uniqueMember) not indexed
Apr 15 15:27:23 justice last message repeated 4 times
Apr 15 15:27:30 justice slapd[28385]: <= bdb_equality_candidates: (uid) not indexed
Apr 15 15:27:30 justice slapd[28385]: <= bdb_equality_candidates: (gidNumber) not indexed
Apr 15 15:27:30 justice slapd[28385]: <= bdb_equality_candidates: (uid) not indexed
Apr 15 15:27:30 justice slapd[28385]: <= bdb_equality_candidates: (memberUid) not indexed
Apr 15 15:27:30 justice slapd[28385]: <= bdb_equality_candidates: (uniqueMember) not indexed
Apr 15 15:27:30 justice last message repeated 4 times
Apr 15 15:27:30 justice slapd[28385]: <= bdb_equality_candidates: (gidNumber) not indexed
Apr 15 15:27:30 justice last message repeated 15 times
Apr 15 15:27:30 justice slapd[28385]: <= bdb_equality_candidates: (sambaSID) not indexed
Apr 15 15:27:30 justice slapd[28385]: <= bdb_equality_candidates: (sambaGroupType) not indexed
Apr 15 15:27:30 justice slapd[28385]: <= bdb_equality_candidates: (sambaSIDList) not indexed
Apr 15 15:27:30 justice last message repeated 24 times
Apr 15 15:27:30 justice slapd[28385]: <= bdb_equality_candidates: (sambaGroupType) not indexed
Apr 15 15:27:30 justice slapd[28385]: <= bdb_equality_candidates: (sambaSIDList) not indexed
Apr 15 15:27:30 justice last message repeated 24 times
Apr 15 15:27:30 justice slapd[28385]: <= bdb_equality_candidates: (sambaSID) not indexed
Apr 15 15:27:30 justice last message repeated 2 times
Apr 15 15:28:23 justice slapd[28385]: <= bdb_equality_candidates: (sambaDomainName) not indexed
Apr 15 15:28:23 justice slapd[28385]: <= bdb_equality_candidates: (uid) not indexed
Apr 15 15:28:23 justice slapd[28385]: <= bdb_equality_candidates: (gidNumber) not indexed
Apr 15 15:28:23 justice slapd[28385]: <= bdb_equality_candidates: (uid) not indexed
Apr 15 15:28:23 justice slapd[28385]: <= bdb_equality_candidates: (gidNumber) not indexed

Please, when trying to join the machine to your domain, take a look at the logs stored in /var/log/samba/*

A stupid question, both machines are in the same network, right?

I successfully added windows XP SP 1 machines to eBox. What's your windows box?

[azop]

Well...now it kinda works.  I ended up logging out of the windows xp machine out of frustration.  The domain changed to 'callawayso.org' at which point I thought I was screwed because I didn't think a login would work.  I tried my administrator login that I have setup on ebox and it worked just fine. 

The only thing that I did differently was add the numerical ip address of callawayso.org into the client's hosts file.  I don't know why this mattered since it uses ebox for dns and it should have gotten the ip address locally.

I'll play around with it more and see if it's totally fixed now.

Just to keep in mind... The user who add machines to the PDC requires to be administrator. This option is set under the "edit user" screen.

Best regards,