lỗi khi kết nối openvpn khi chứng thực Ldap

chào mọi người.
mình đang cấu hình dịch vụ vpn có chứng thực ldap trên centos version 5.8 và đang gặp những lỗi sau
1. cảnh báo khi restart ldap
[root@vpn-ldap openvpn]#
[root@vpn-ldap openvpn]# /sbin/service ldap restart
Stopping slapd: [ OK ]
Checking configuration files for slapd: [WARNING]
/etc/openldap/slapd.conf: line 115: rootdn is always granted unlimited privileges.
/etc/openldap/slapd.conf: line 120: rootdn is always granted unlimited privileges.
config file testing succeeded
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
và đây là file ldap.config
Code:

2 # See slapd.conf(5) for details on configuration options.
      3 # This file should NOT be world readable.
      4 #
      5 include         /etc/openldap/schema/core.schema
      6 include         /etc/openldap/schema/cosine.schema
      7 include         /etc/openldap/schema/inetorgperson.schema
      8 include         /etc/openldap/schema/nis.schema
      9 
     10 # Allow LDAPv2 client connections.  This is NOT the default.
     11 allow bind_v2
     12 
     13 # Do not enable referrals until AFTER you have a working directory
     14 # service AND an understanding of referrals.
     15 #referral       ldap://root.openldap.org
     16 
     17 pidfile         /var/run/openldap/slapd.pid
     18 argsfile        /var/run/openldap/slapd.args
     19 
     20 # Load dynamic backend modules:
     21 # modulepath    /usr/lib/openldap
     22 
     23 # Modules available in openldap-servers-overlays RPM package
     24 # Module syncprov.la is now statically linked with slapd and there
     25 # is no need to load it here
     26 # moduleload accesslog.la
     27 # moduleload auditlog.la
     28 # moduleload denyop.la
     29 # moduleload dyngroup.la
     30 # moduleload dynlist.la
     31 # moduleload lastmod.la
     32 # moduleload pcache.la
	 33 # moduleload ppolicy.la
     34 # moduleload refint.la
     35 # moduleload retcode.la
     36 # moduleload rwm.la
     37 # moduleload smbk5pwd.la
     38 # moduleload translucent.la
     39 # moduleload unique.la
     40 # moduleload valsort.la
     41 
     42 # modules available in openldap-servers-sql RPM package:
     43 # moduleload back_sql.la
     44 
     45 # The next three lines allow use of TLS for encrypting connections us        ing a
	 46 # dummy test certificate which you can generate by changing to
     47 # /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions         on
     48 # slapd.pem so that the ldap user or group can read it.  Your client s        oftware
     49 # may balk at self-signed certificates, however.
     50 # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
     51 # TLSCertificateFile /etc/pki/tls/certs/slapd.pem
     52 # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
     53 
     54 # Sample security restrictions
     55 #       Require integrity protection (prevent hijacking)
     56 #       Require 112-bit (3DES or better) encryption for updates
     57 #       Require 63-bit encryption for simple bind
     58 # security ssf=1 update_ssf=112 simple_bind=64
     59 
     60 # Sample access control policy:
     61 #       Root DSE: allow anyone to read it
     62 #       Subschema (sub)entry DSE: allow anyone to read it
     63 #       Other DSEs:
     64 #               Allow self write access
     65 #               Allow authenticated users read access
     66 #               Allow anonymous users to authenticate
	67 #       Directives needed to implement policy:
     68 # access to dn.base="" by * read
     69 # access to dn.base="cn=Subschema" by * read
     70 # access to *
     71 #       by self write
     72 #       by users read
     73 #       by anonymous auth
     74 #
     75 # if no access controls are present, the default policy
     76 # allows anyone and everyone to read anything but restricts
     77 # updates to rootdn.  (e.g., "access to * by * read")
     78 #
     79 # rootdn can always read and write EVERYTHING!
     80 
     81 ######################################################################        #
     82 # ldbm and/or bdb database definitions
     83 ######################################################################        #
     84 
     85 database        bdb
     86 suffix          "dc=gtvt,dc=edu"
     87 rootdn          "cn=Manager,dc=gtvt,dc=edu"
     88 # Cleartext passwords, especially for the rootdn, should
     89 # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
	 90 # Use of strong authentication encouraged.
     91 rootpw                  123123
     92 # rootpw                {crypt}ijFYNcSNctBYg
     93 
     94 # The database directory MUST exist prior to running slapd AND
     95 # should only be accessible by the slapd and slap tools.
     96 # Mode 700 recommended.
     97 directory       /var/lib/ldap
     98 
     99 # Indices to maintain for this database
    100 index objectClass                       eq,pres
    101 index ou,cn,mail,surname,givenname      eq,pres,sub
    102 index uidNumber,gidNumber,loginShell    eq,pres
    103 index uid,memberUid                     eq,pres,sub
	104 index nisMapName,nisMapEntry            eq,pres,sub
    105 
    106 # Replicas of this database
    107 #replogfile /var/lib/ldap/openldap-master-replog
    108 #replica host=ldap-1.example.com:389 starttls=critical
    109 #     bindmethod=sasl saslmech=GSSAPI
    110 #     authcId=host/ldap-master.example.com@EXAMPLE.COM
    111 access to attrs=userPassword
    112     by self write
    113     by dn="cn=Manager,dc=gtvt,dc=edu" write
    114     by anonymous auth

//lỗi ở đây
[color=red] 115 by * none
116
117 access to *
118 by dn="cn=Manager,dc=gtvt,dc=edu" write
119 by self write
120 by * read[/color]
2. lỗi khi cấu hình dịch vụ open vpn , (minh làm theo http://www.howtoforge.com/setting-up-an-openvpn-server-with-authentication-against-openldap-on-ubuntu-10.04-lts)
khi restart dich vu open vpn thi gap loi nhu sau
[root@vpn-ldap admin]# /sbin/service openvpn restart
Shutting down openvpn: [ OK ]
Starting openvpn: /etc/init.d/openvpn: line 169: script_security---script-security 2: command not found
[ OK ]
[root@vpn-ldap admin]#
v đây là file /etc/init.d/openvpn
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Code:

1 #!/bin/sh
      2 #
      3 # openvpn       This shell script takes care of starting and stopping
      4 #               openvpn on RedHat or other chkconfig-based system.
      5 #
      6 # chkconfig: - 24 76
      7 #
      8 # processname: openvpn
      9 # description: OpenVPN is a robust and highly flexible tunneling appli        cation \
     10 #              that uses all of the encryption, authentication, and \
     11 #              certification features of the OpenSSL library to secure        ly \
     12 #              tunnel IP networks over a single UDP port.
     13 #
     14 
     15 ### BEGIN INIT INFO
     16 # Provides: openvpn
     17 # Required-Start: $network
     18 # Required-Stop: $network
     19 # Short-Description: start and stop openvpn
     20 # Description: OpenVPN is a robust and highly flexible tunneling appli        cation \
     21 #              that uses all of the encryption, authentication, and \
	 22 #              certification features of the OpenSSL library to secure        ly \
     23 #              tunnel IP networks over a single UDP port.
     24 ### END INIT INFO
     25 
     26 # Contributed to the OpenVPN project by
     27 # Douglas Keller <doug@voidstar.dyndns.org>
     28 # 2002.05.15
     29 
     30 # To install:
     31 #   copy this file to /etc/rc.d/init.d/openvpn
     32 #   shell> chkconfig --add openvpn
     33 #   shell> mkdir /etc/openvpn
     34 #   make .conf or .sh files in /etc/openvpn (see below)
     35 
     36 # To uninstall:
     37 #   run: chkconfig --del openvpn
     38 
     39 # Author's Notes:
     40 #
     41 # I have created an /etc/init.d init script and enhanced openvpn.spec         to
     42 # automatically register the init script.  Once the RPM is installed y        ou
	 43 # can start and stop OpenVPN with "service openvpn start" and "service
     44 # openvpn stop".
     45 #
     46 # The init script does the following:
     47 #
     48 # - Starts an openvpn process for each .conf file it finds in
     49 #   /etc/openvpn.
     50 #
     51 # - If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes
     52 #   it before starting openvpn (useful for doing openvpn --mktun...).
     53 #
     54 # - In addition to start/stop you can do:
     55 #
     56 #   service openvpn reload - SIGHUP
     57 #   service openvpn reopen - SIGUSR1
     58 #   service openvpn status - SIGUSR2
     59 #
     60 # Modifications:
     61 #
     62 # 2003.05.02
     63 #   * Changed == to = for sh compliance (Bishop Clark).
     64 #   * If condrestart|reload|reopen|status, check that we were
     65 #     actually started (James Yonan).
	 66 #   * Added lock, piddir, and work variables (James Yonan).
     67 #   * If start is attempted twice, without an intervening stop, or
     68 #     if start is attempted when previous start was not properly
     69 #     shut down, then kill any previously started processes, before
     70 #     commencing new start operation (James Yonan).
     71 #   * Do a better job of flagging errors on start, and properly
     72 #     returning success or failure status to caller (James Yonan).
     73 #
     74 # 2005.04.04
     75 #   * Added openvpn-startup and openvpn-shutdown script calls
     76 #     (James Yonan).
     77 #
     78 
     79 # Location of openvpn binary
     80 openvpn=""
     81 openvpn_locations="/usr/sbin/openvpn /usr/local/sbin/openvpn"
     82 for location in $openvpn_locations
     83 do
     84   if [ -f "$location" ]
     85   then
     86     openvpn=$location
     87   fi
     88 done
     89 
	 90 # Lockfile
     91 lock="/var/lock/subsys/openvpn"
     92 
     93 # PID directory
     94 piddir="/var/run/openvpn"
     95 
     96 # Our working directory
     97 work=/etc/openvpn
     98 
     99 # Source function library.
    100 . /etc/rc.d/init.d/functions
    101 
    102 # Source networking configuration.
    103 . /etc/sysconfig/network
    104 
    105 # Check that networking is up.
    106 if [ ${NETWORKING} = "no" ]
    107 then
    108   echo "Networking is down"
    109   exit 0
    110 fi
    111 
    112 # Check that binary exists
	113 if ! [ -f  $openvpn ]
    114 then
    115   echo "openvpn binary not found"
    116   exit 0
    117 fi
    118 
    119 # See how we were called.
    120 case "$1" in
    121   start)
    122         echo -n $"Starting openvpn: "
    123 
    124         /sbin/modprobe tun >/dev/null 2>&1
    125 
    126         # From a security perspective, I think it makes
    127         # sense to remove this, and have users who need
    128         # it explictly enable in their --up scripts or
    129         # firewall setups.
    130 
    131         #echo 1 > /proc/sys/net/ipv4/ip_forward
    132 
    133         # Run startup script, if defined
    134         if [ -f $work/openvpn-startup ]; then
    135             $work/openvpn-startup
    136         fi
    137 
	138         if [ ! -d  $piddir ]; then
    139             mkdir $piddir
    140         fi
    141 
    142         if [ -f $lock ]; then
    143             # we were not shut down correctly
    144             for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
    145               if [ -s $pidf ]; then
    146                 kill `cat $pidf` >/dev/null 2>&1
    147               fi
    148               rm -f $pidf
    149             done
    150             rm -f $lock
    151             sleep 2
    152         fi
    153 
    154         rm -f $piddir/*.pid
    155         cd $work
    156 
    157         # Start every .conf in $work and run .sh if exists
    158         errors=0
    159         successes=0
    160         for c in `/bin/ls *.conf 2>/dev/null`; do
    161             bn=${c%%.conf}
    162             if [ -f "$bn.sh" ]; then
	163                 . ./$bn.sh
    164             fi
    165             rm -f $piddir/$bn.pid
    166         # Handle backward compatibility, see Red Hat Bugzilla ID #4585        94
    167         script_security=''

---->> lỗi ở dòng này
168 if [ -z "$( grep '^[[:space:]]*script-security[[:space:]]' $c )" ]; then
169 script_security-"--script-security 2"
170 Code:

fi
    171             $openvpn --daemon --writepid $piddir/$bn.pid --config $c -        -cd $work $script_security
    172             if [ $? = 0 ]; then
    173                 successes=1
    174             else
    175                 errors=1
    176             fi
    177         done
    178 
    179         if [ $errors = 1 ]; then
    180             failure; echo
    181         else
	182             success; echo
    183         fi
    184 
    185         if [ $successes = 1 ]; then
    186             touch $lock
    187         fi
    188         ;;
    189   stop)
    190         echo -n $"Shutting down openvpn: "
    191         for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
    192           if [ -s $pidf ]; then
    193             kill `cat $pidf` >/dev/null 2>&1
    194           fi
    195           rm -f $pidf
    196         done
    197 
    198         # Run shutdown script, if defined
    199         if [ -f $work/openvpn-shutdown ]; then
    200             $work/openvpn-shutdown
    201         fi
    202 
    203         success; echo
    204         rm -f $lock
    205         ;;
	206   restart)
    207         $0 stop
    208         sleep 2
    209         $0 start
    210         ;;
    211   reload)
    212         if [ -f $lock ]; then
    213             for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
    214                 if [ -s $pidf ]; then
    215                     kill -HUP `cat $pidf` >/dev/null 2>&1
    216                 fi
    217             done
    218         else
    219             echo "openvpn: service not started"
    220             exit 1
    221         fi
    222         ;;
    223   reopen)
    224         if [ -f $lock ]; then
    225             for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
    226                 if [ -s $pidf ]; then
    227                     kill -USR1 `cat $pidf` >/dev/null 2>&1
	228                 fi
    229             done
    230         else
    231             echo "openvpn: service not started"
    232             exit 1
    233         fi
    234         ;;
    235   condrestart)
    236         if [ -f $lock ]; then
    237             $0 stop
    238             # avoid race
    239             sleep 2
    240             $0 start
    241         fi
    242         ;;
    243   status)
    244         if [ -f $lock ]; then
    245             for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
    246                 if [ -s $pidf ]; then
    247                     kill -USR2 `cat $pidf` >/dev/null 2>&1
    248                 fi
    249             done
    250             echo "Status written to /var/log/messages"
    251         else
	252             echo "openvpn: service not started"
    253             exit 1
    254         fi
    255         ;;
    256   *)
    257         echo "Usage: openvpn {start|stop|restart|condrestart|reload|re        open|status}"
    258         exit 1
    259         ;;
    260 esac
    261 exit 0

mình đã loay hoay 2 ngày rồi mà vẫn chưa được, hiện tại mình đã cài xong nhưng user ldap vẫn chưa thế kết nối tới vpn .
mong các bạn giúp đỡ, thanks