Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
#ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: namingContexts
#
#
dn:
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
------- because dn: is empty
----1) my slapd.conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd.args
loglevel 0
modulepath /usr/lib/ldap/
moduleload back_ldbm.so
backend ldbm
database ldbm
suffix "o=litho, c=com"
directory /var/lib/ldap
rootdn "cn=Admin,o=litho, c=com"
rootpw secret
index cn,sn,uid
index objectclass pres,eq
index default none
defaultaccess read
access to attr=userpassword
by self write
by dn="cn=Admin,o=litho, c=com" write
by * compare
# Root Organization
dn: dc=example,dc=com
dc: example
objectClass: dcObject
objectClass: organization
o: Example Inc
# Barbara's Entry
dn: cn=Barbara J Jensen, dc=example, dc=com
cn: Barbara J Jensen
objectClass: person
gn: Barbara
sn: Jensen
I can't say I've ever used the o=example,c=com format, but assuming it works the same way as using dc=, then you're missing the dn: prefix on the line for o=litho,c=com as well as on the cn=Manager, o=litho, c=com line. You should also change a lot of those equal signs to colons. So fixing it up, I would guess that your ldif should look more like this:
Disclaimer: I'm fairly new myself to LDAP, so there might be some mistakes in there, but hopefully that should get you on the right track. A good site on the LDIF format can be found here at the Linux Documentation Project, and another good one here.
Oh...sorry! I missed that part in your original post. If you're getting an Invalid credentials (49) error, then it's not a problem with your ldif file. It means either your administrative account isn't set up properly or your password isn't being accepted.
I noticed in your slapd.conf that you had this line:
Code:
rootpw secret
Most tutorials that I've seen show that, but don't explain that you need to change the secret part to an actual password, usually encrypted with the slappasswd command. So, I'm guessing that that might be your problem.
Here is the man page for slappasswd. An example usage would be:
Code:
slappasswd -h {CRYPT} -c '$2a$05$%.24s'
This will output a blowfish encrypted password, which you can then copy and paste into your slapd.conf file, replacing the word secret in the rootpw line.
Also, a nice graphical interface to LDAP that I personally use and like is LDAP Browser. You can import ldifs, export a whole directory or portions of it to an ldif, modify entries, etc. It's written in Java, so it's portable, but sadly it appears to be unmaintained.
Anyway, I hope that helps! I know LDAP can be pretty frustrating at times since it's certainly not the most user-friendly piece of software out there, but...it gets better eventually, so keep up the good effort and it'll pay off!
Try sticking "-d 255" on whilst doing an ldap search as this will display a load of debug stuff and report back on the problem in more detail. Authentication issues could be a number of things. Also, within /etc/hosts, make sure an entry exists for the server detailing it's FQDN. For example, you might have fatcontroller.homelinux.net, not just fatcontroller.homelinux.
Try sticking "-d 255" on whilst doing an ldap search as this will display a load of debug stuff and report back on the problem in more detail. Authentication issues could be a number of things. Also, within /etc/hosts, make sure an entry exists for the server detailing it's FQDN. For example, you might have fatcontroller.homelinux.net, not just fatcontroller.homelinux.
- linux debian sarge
- openldap 2.2.26
No worry, the FQDN is there (the server is also a DNS-server)
all ldap things are issued localy, but the outcome is the same with the -h <FQDN>
debug level 255 gives alot of info,
ldap search is not giving anny errors back
ldapsearch -d 255 -h <FQDN> -x -b '' -s base '(objectclass=*)' namingContexts
ldapadd is however giving that: ber_get_next on fd 11 failed errno=11 (Resource temporarlily unavailable)
<= dbd_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
dunno there are files in the DB dir (/var/lib/ldap) and slap is runned by root so??
collen - please open a new thread with your problem. My suggestions (although still the same with your issue as a starting point to see what is wrong) were for the initial poster.
It's going to get confusing with two different people + two different problems in the same thread
collen - It's not a bug, it's an incorrect configuration somewhere along the lines.
The problem is one person comes having tried something, needs another suggestion, an idea is offered, then the first comes back and posts afterwards, and you go round + round not knowing who's posting responses to what.
Try giving more info such as your ldap.conf + slapd.conf, whether you have enabled SSL connections, whether you're trying connecting on the same physical machine or a client, etc. I'd still urge to start a new thread with all this info being passed back + forth, but certainly keep an eye on this to see what solutions are suggested.
pdrobe - have you tried with extra debug statements to see if you have anything being reported as to where the failure is and check your hosts file? Although you're trying to add users first, you should at least have an empty schema setup which should report something with:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.