LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   LDAP problems: can't connect (https://www.linuxquestions.org/questions/linux-newbie-8/ldap-problems-can%27t-connect-605839/)

_MD_ 12-10-2007 11:13 AM
LDAP problems: can't connect
 
I've been trying to setup and configure openLDAP on my Fedora Core 6 (64bit) for couple of days now... all lead to no luck. I followed closely to this guide and here are samples of my config files:



/etc/ldap.conf
Code:
host 192.168.1.7
base dc=gofigure,dc=com
/etc/openldap/slapd.conf
Code:
include        /etc/openldap/schema/core.schema
include        /etc/openldap/schema/cosine.schema
include        /etc/openldap/schema/inetorgperson.schema
include        /etc/openldap/schema/nis.schema

allow bind_v2

pidfile        /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

database        bdb
suffix          "dc=gofigure,dc=com"
rootdn          "cn=Manager,dc=gofigure,dc=com"
rootpw          12345
access to * by * read

directory      /var/lib/ldap

index objectClass                      eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber                        eq,pres
When I do service ldap start, it starts without problems.
Here's an ldif I've created:

/etc/openldap/gofigure.ldif
Code:
dn: dc=gofigure,dc=com
dc: gofigure
description: Root LDAP entry for gofigure.com
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject

dn: ou=employees,dc=gofigure,dc=com
ou: employees
description: All employees in organization
objectClass: organizationalUnit

dn: cn=Manager,dc=gofigure,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
When I do ldapadd -x -D "cn=Manager,dc=gofigure,dc=com" -W -f /etc/openldap/gofigure.ldif it adds successfully.
But when I do ldapsearch -x -b -h ' ' -s base '(objectclass=*)' namingContexts it outputs the following:
Code:
# extended LDIF
#
# LDAPv3
# base <-h> with scope baseObject
# filter: (objectclass=*)
# requesting:  (objectclass=*) namingContexts
#

# search result
search: 2
result: 34 Invalid DN syntax
text: invalid DN

# numResponses: 1
I have no idea why it doesn't want to take my dn...
And of course I can not connect to ldap://192.168.1.7/dc=gofigure,dc=com using LDAP browser\Editor (all on the same subnet).

Please help... :scratch:

Tinkster 12-10-2007 01:17 PM
You're using an empty search base (illegal), an empty host name and no credentials
while requesting simple authentication....

Try
Code:
ldapsearch -W -x -D "cn=Manager,dc=gofigure,dc=com" '(objectclass=*)' namingContexts

Cheers,
Tink

_MD_ 12-10-2007 01:54 PM
Tinkster, thanks so much for a quick reply.
After issuing ldapsearch with recommended parameters, I got the following output:


Code:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: namingContexts
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

I see that my db contains 2 entries. But I still can not connect to my ldap server using LDAP browser\Editor. I tried binding anonymously, appending base DN and even with SSL... still unable to.
Now, SSL is another issue... when I do ps aux | grep ldap I see that it is on SSL, but I have only port 389 open and I did not configure SSL nor SASL anywhere... Maybe I'm not seeing something? Why doesn't it want to connect?

Thanks again.

_MD_ 12-12-2007 06:44 AM
***bump***

bathory 12-12-2007 07:16 AM
Does the anonymous search works?
Code:
ldapsearch -x -z 100 -b 'dc=gofigure,dc=com' '(objectclass=*)'

_MD_ 12-12-2007 08:02 AM
Yes, anonymous works, it shows exactly what I've entered in gofigure.ldif
But I can not connect to this server from my windows machine running java LDAP browser...

***I'm accessing it by IP on the local network, so it's not a routing/dns issue. Thanks

bathory 12-12-2007 09:18 AM
Are you sure that there is no firewall either at WinXP side preventing ldapbrowser to go out, or at Linux side preventing connections on port 389?
What happens if you
Code:
telnet ldap-server 389

_MD_ 12-17-2007 10:04 AM
Hey thanx a lot guys... you know how it is... you tear your hair off trying to solve a complicated piece but it all comes down to a very simple stuff... Which of course was in my case too... i didn't have a firewall rule set on my server to allow ldap port (although router does allow it)... So yeah, now it all works flawlessly. Thanks again. :)


All times are GMT -5. The time now is 07:38 AM.