On 15 Feb., 17:56, "Menno Willemse" <fle...@wanadoo.nl> wrote:
> Oh fellow AIXers,
>
> A while back I reported on the success I had configuring a rather
> simple LDAP server on AIX. All it needs to do is spoon out passwords
> to everybody who asks. And for weeks on end it ran without fail,
> whereupon it shat itself afer a reboot. My Test/Dev domain has been
> without LDAP since.
>
> Now I do have one NON-NEGOTIABLE requirement: LDAP must keep its
> filthy mitts out of /home, because that is reserved, surprisingly, for
> users' home directories. It lives on an NFS server, and is accessed
> using the automounter. Putting a symlink there is Not Possible. I have
> also tried, and failed, to mount a local directory using the
> Automounter, so /home is a no-go area for authentication servers.
> Period.
>
> This rules out using mksecldap for the whole of the operation, because
> that piece of shi^H^Hoftware actually assumes not only that I want to
> put DB2 databases in ldapdb2's home directory, but also that that home
> directory is /home/ldapdb2. It is actually HARD-CODED in the script.
> After a week of installing, reinstalling, browsing the Usenet groups,
> perusing IBM-style documentation in dozens of PDFs, I want to meet the
> maker of that program. In a dark alley. With no witnesses.
>
> I am now turning to the Community At Large, asking what I'm doing
> wrong. This is the procedure, more or less in script form, though I
> type in the commands as you see them:
>
> #----------------------------------------------------------------------
> # STARTING POINT: Freshly installed AIX 5.3 system. TL5, SP5.
> #----------------------------------------------------------------------
>
> #----------------------------------------------------------------------
> # STAGE ONE: INSTALLING AND STARTING THE SERVER
> #----------------------------------------------------------------------
>
> # Make the users and groups
> mkgroup id=30006 ldap
> mkgroup id=30007 users=root dbsysadm
> mkuser id=30002 pgrp=ldap groups=ldap umask=002 home=/local/data/ldap/
> ldap \
> gecos="Lightweight Directory Access Protocol administrative
> user" ldap
> mkuser id=30003 pgrp=dbsysadm groups=ldap umask=002 \
> home=/local/data/ldap/ldapdb2 \
> gecos="LDAP DB2 database administrator" ldapdb2
>
> # Set passwords on non-personal accounts to p@ssw0rd
> # - security is overrated anyway.
> passwd ldap;pwdadm -c ldap
> passwd ldapdb2;pwdadm -c ldapdb2
>
> # Found this in a post somewhere...
> chmod 775 /local/data/ldap/ldapdb2
>
> # DB2 likes async I/O.
> chdev -l aio0 -a autoconfig=available
> mkdev -l aio0
>
> # Install the requisite software
> installp -acgXYd /data/sw/AIX/aix53/latest \
> db2_08_01.ca db2_08_01.cc db2_08_01.cj \
> db2_08_01.client db2_08_01.cnvucs db2_08_01.conn
> db2_08_01.conv \
> db2_08_01.cs.rte db2_08_01.das db2_08_01.db2.engn
> db2_08_01.db2.rte \
> db2_08_01.db2.samples db2_08_01.essg db2_08_01.icuc
> db2_08_01.icut \
> db2_08_01.jdbc db2_08_01.ldap \
> db2_08_01.msg.en_US.iso88591 db2_08_01.pext db2_08_01.repl \
> db2_08_01.sqlproc ldap.client.adt ldap.client.rte
> ldap.server.cfg \
> ldap.server.com ldap.server.java ldap.server.rte \
> X11.apps.config
> # X11.apps.config is just so I can ssh -X to the box, and run ldapxcfg
>
> # Reboot the server here...
> reboot
> #----------------------------------------------------------------------
>
> # License the DB2 server for LDAP
> /usr/opt/db2_08_01/adm/db2licm -a /usr/ldap/etc/ldap-custom-db2ese.lic
>
> # Pre-configure the LDAP server
> export LDAP_DBG=1
> cd /tmp
>
> ldapcfg \
> -u 'cn=root,dc=utopia,dc=johnguest,dc=com' \
> -p 'p@ssw0rd' \
> -n
>
> # Build an empty LDAP server
> ldapcfg \
> -a ldapdb2 \
> -w 'p@ssw0rd' \
> -c \
> -i \
> -o \
> -l /local/data/ldap/ldapdb2 \
> -d ldapdb2 \
> -t ldapdb2 \
> -n
>
> # Found this in another post and it can't hurt...
> chmod 775 /local/data/ldap/ldapdb2/ldap32kcont_ldapdb2
>
> # Start the empty LDAP server
> ibmslapd
>
> ...and hey presto, the ibmslapd starts. As far as I can tell, I now
> have a very clean, empty LDAP server. So now I need to create the
> directory tree where the users' login information goes. According to
> Yantian Tom Lu, Ph.D, in his document "Configuring an IBM Directory
> Server for User Authentication and Management in AIX"
>
> > There are cases when an IBM Directory server has
> > been setup and running and one wants to configure
> > the server for user authentication purpose. Still,
> > mksecldap is your friend. The mksecldap command
> > will not create new database in this case, rather, it will
> > use the existing database.
>
> With friends like that... I run the following command:
>
> mksecldap \
> -s \
> -a 'cn=root,dc=utopia,dc=johnguest,dc=com' \
> -p 'p@ssw0rd' \
> -d 'dc=utopia,dc=johnguest,dc=com' \
> -u NONE \
> -S rfc2307aix
>
> And this mumbles something about chmod: /home/ldapdb2 being out of
> bounds, then buggers up the LDAP server, so that it fails to connect
> to the database with the following error messages:
>
> ==========
> Plugin of type EXTENDEDOP is successfully loaded from libevent.a.
> Plugin of type DATABASE is successfully loaded from /lib/libback-
> config.a.
> Error code -1 from odbc string:" SQLAllocEnv " .
> Failed to initialize be_config.
> Error encountered. Server starting in configuration only mode.
> ==========
>
> At which point I restore a system backup and can try again. I am sure
> I'm leaving out something essential, but I cannot figure out what it
> is... HELP!!1!
>
> Now I have had the advice to try ITDS 6.0 instead (Hi Alex!), but I
> can't find the documentation I need and anyway it's a payable extra.
> So I'm stuck with AIX 5.3 and everything that comes with it or can be
> downloaded for free.
>
> And I haven't even started yet to try and make this thing play nice
> with Samba... I'm still hoping to build my AIX-based PDC so I can
> support all known operating systems from my AIX-based management
> server.
>
> Yours in hope,
> Menno Willemse


Have you read tech note:
Technote (FAQ)
On UNIX systems you cannot configure the database in a location other
than /home when /home is an NFS mount

Problem
Steps to manually configure the database in a location other than /
home, when /home is an NFS mount.

http://www-1.ibm.com/support/docview...&cc=us&lang=en

hth
Hajo