LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   LDAP Problem Invalid DN Syntax (34) (http://www.linuxquestions.org/questions/linux-newbie-8/ldap-problem-invalid-dn-syntax-34-a-375005/)

steve007 10-20-2005 08:19 AM

LDAP Problem Invalid DN Syntax (34)
 
Hello,
I am having problems with LDAP, getting it to work. When i connect to the ldap server through outlook, close it and restart the outloop app, i get the error "Invalid DN Syntax (34)" when trying to access my LDAP address book.

I have the following information:

ldap.conf

Code:

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE        dc=example, dc=com
#URI        ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT        12
#TIMELIMIT        15
#DEREF                never
HOST 127.0.0.1
BASE dc=hitler-industries,dc=co,dc=uk


slapd.conf
Code:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include                /etc/openldap/schema/core.schema
include                /etc/openldap/schema/cosine.schema
include                /etc/openldap/schema/inetorgperson.schema
include                /etc/openldap/schema/nis.schema
include                /etc/openldap/schema/redhat/autofs.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral        ldap://root.openldap.org

pidfile                /var/run/slapd.pid
argsfile        /var/run/slapd.args

# Load dynamic backend modules:
# modulepath        /usr/sbin/openldap
# moduleload        back_bdb.la
# moduleload        back_ldap.la
# moduleload        back_ldbm.la
# moduleload        back_passwd.la
# moduleload        back_shell.la

# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.  Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

# Sample security restrictions
#        Require integrity protection (prevent hijacking)
#        Require 112-bit (3DES or better) encryption for updates
#        Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#        Root DSE: allow anyone to read it
#        Subschema (sub)entry DSE: allow anyone to read it
#        Other DSEs:
#                Allow self write access
#                Allow authenticated users read access
#                Allow anonymous users to authenticate
#        Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#        by self write
#        by users read
#        by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database        ldbm
suffix                "dc=hitler-industries,dc=co,dc=uk"
rootdn                "cn=root,dc=hitler-industries,dc=co,dc=uk"
access to * by users read
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.
# rootpw                secret
# rootpw                {crypt}ijFYNcSNctBYg
rootpw                        {MD5}OdjVUKnoZTQfuBlFS36VsS==

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory        /var/lib/ldap

# Indices to maintain for this database
index objectClass                      eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                    eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
#    bindmethod=sasl saslmech=GSSAPI
#    authcId=host/ldap-master.example.com@EXAMPLE.COM


hitleremail.ldif

Code:


dn:                dc=hitler-industries,dc=co,dc=uk
objectClass:        top
objectClass:        dcObject
objectClass:        organization
dc:                hitler-industries
o:                Hitler Industries

dn:                cn=root,dc=hitler-industries,dc=co,dc=uk
objectClass:        organizationalRole
cn:                root
description:        Hitler Address Book Administrator

dn:                ou=members,dc=hitler-industries,dc=co,dc=uk
objectClass:        top
objectClass:        organizationalUnit
ou:                members

dn:                cn=Adolf Hitler,ou=members,dc=hitler-industries,dc=co,dc=uk
objectClass:        organizationalPerson
objectClass:        inetOrgPerson
cn:                Adolf Hitler
mail:                adolf.hitler@hitler-industries.co.uk
givenname:        Adolf
sn:                Hitler
uid:                501
o:                Hitler Industries
telephoneNumber: 00000-000000
homePhone:        00000-000000
mobile:                00000-000000
title:                IT Administrator

I run the command to check the file for errors and it says it succeeded, and then i start the ldap service, run the command ldapadd, then ldapsearch and everything seems fine, but it just keeps throwing up the same error in outlook. I am using Outlook 2003 and i have the following information to complete to connect to the ldap server

server name: i type in the internal ip address, but i have also tried the hitler-industries, dc=hitler-industries,dc=co,dc=uk and many other combinations

i have to enter in username and password which i have also tried DOMAIN\root and root as the usernames

under more settings button
Display name as it appears in address book... i put Hitler Industries, but i have also tried hitler-industries and other permutations

port number 386 is already entered and secure sockects layer is unchecked

for the search base option i put in
cn=root,dc=hitler-industries,dc=co,dc=uk and i have also tried other combinations of stuff in here.

I completley stuck as to whether i am putting the correct information in these boxes, and even if i am, why the heck is it saying the DN Syntax is invalid... as far as i can see there is nothing wrong with it.

I am using Fedora Core 3 by the way.

If someone could please help me with this i would be so appreciative, LDAP looks so easy to set up yet there is something probably so small preventing it being set up correctly. if you need any more information on this just ask me.

Thanks very much

Steve

PS
I am not a hitler fan, i just used it as an example database.

iluvatar 10-21-2005 09:27 AM

Hi,

i'll try a suggestion here though I'm not completely sure, let me know what happens:

- server name should be the IP address
- for username try using "cn=root,dc=hitler-industries,dc=co,dc=uk" (from slapd.conf)
- use the password you provided for slapd.conf
- display name: don't know?
- port number: looks okay, you can check if the port is open by running "nmap 127.0.0.1" on the ldap server
- for search base use this: "dc=hitler-industries,dc=co,dc=uk".

this might help (or result into another error message...) but the invalid DN syntax is most probably caused by the username.

Greets,
.-=~ iluvatar ~=-.

Juzaa 03-17-2009 07:03 PM

Quote:

Originally Posted by steve007 (Post 1910596)
I am not a hitler fan, i just used it as an example database.

Not in any kind funny. As i'd like to request now, this thread should be deleted !!

basheerpt 08-24-2009 08:53 AM

Facing same error
 
Hi, Could you solve your issue? I am facing the exact situation. I am using Ldaemon LDAP server with Mdaemon Mail server. They dont provide any support on their LDAP. Please let me know if you could solve the 'Invalid DN Syntax 34' error.

Thank you


All times are GMT -5. The time now is 07:57 PM.