LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-14-2009, 11:03 AM   #1
anaslimp
LQ Newbie
 
Registered: Apr 2009
Posts: 11

Rep: Reputation: 0
ldap server


hi please i have this error and i want some help

[root@localhost anass]# ldapadd -D "cn=manager,o=company,c=net" -W -f /etc/openldap/base.ldif
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid DN syntax (34)


here is my ldap.conf:

# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
URI ldap://127.0.20.1/
BASE dc=company,dc=net
TLS_CACERTDIR /etc/openldap/cacerts
[/SIZE][/SIZE]


my base.ldif is :

#Organization for Samba Base

dn: dc=company,dc=net

objectclass: dcObject

objectclass: organization

dc: company

o: Samba 3

description: Samba 3

# Manager LDAP

dn: cn=manager,dc=company,dc=net

objectclass: organizationalRole

cn: manager

description: LDAP Manager

# Conteneur d'utilisateurs

dn: ou=Users,dc=company,dc=net

objectclass: top

objectclass: organizationalUnit

ou: Users

# Conteneur de machines

dn: ou=Computers,dc=company,dc=net

objectclass: top

objectclass: organizationalUnit

ou: Computers

# Administrateur

dn: cn=admin,ou=Users,dc=company,dc=net

cn: admin

objectclass: top

objectclass: organizationalRole

objectclass: simpleSecurityObject

userPassword: {SSHA}WW2PMcKsh0ZVrFFSuwAtAXIUISAq1VIU

and my slapd.conf is:


#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database bdb
suffix "dc=company,dc=net"
checkpoint 1024 15
rootdn "cn=manager,dc=company,dc=net"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
rootpw {SSHA}WW2PMcKsh0ZVrFFSuwAtAXIUISAq1VIU

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap

# Indices to maintain for this database
#index objectClass eq,pres
#index ou,cn,mail,

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM


# enable monitoring
database monitor

# allow onlu rootdn to read the monitor
access to *
by dn.exact="cn=manager,dc=company,dc=net" read
by * none
 
Old 04-14-2009, 04:25 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,519

Rep: Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501
Quote:
ldapadd -D "cn=manager,o=company,c=net" -W -f /etc/openldap/base.ldif
According to slapd.conf the root dn is: "cn=manager,dc=company,dc=net", so you have to change it in the above command. You can use also the -vx options (verbose and no sasl auth):
Code:
ldapadd -vx -D "cn=manager,dc=company,dc=net" -W -f /etc/openldap/base.ldif
 
Old 04-15-2009, 04:04 AM   #3
anaslimp
LQ Newbie
 
Registered: Apr 2009
Posts: 11

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
According to slapd.conf the root dn is: "cn=manager,dc=company,dc=net", so you have to change it in the above command. You can use also the -vx options (verbose and no sasl auth):
Code:
ldapadd -vx -D "cn=manager,dc=company,dc=net" -W -f /etc/openldap/base.ldif

thanx now i have
[root@localhost anass]# ldapadd -vx -D "cn=manager,dc=company,dc=net" -W -f /etc/openldap/base.ldif
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

i've tried slappasswd and it still doesn t work :s

et merci bcp
 
Old 04-15-2009, 04:20 AM   #4
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
You haven't defined a database in slapd.conf. See for example http://www.linuxhomenetworking.com/w...he_LDAP_Server
 
Old 04-15-2009, 04:31 AM   #5
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,519

Rep: Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501
Quote:
i've tried slappasswd and it still doesn t work :s
Run slappasswd to create a new encrypted password, stop slapd, copy the new password (the output of slappasswd) in slapd.conf and restart slapd to see what happens.
 
Old 04-15-2009, 09:42 AM   #6
anaslimp
LQ Newbie
 
Registered: Apr 2009
Posts: 11

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
Run slappasswd to create a new encrypted password, stop slapd, copy the new password (the output of slappasswd) in slapd.conf and restart slapd to see what happens.

[root@localhost anass]# slappasswd
New password:
Re-enter new password:
{SSHA}tfRauHS2E6OIxftJsuqLYqsjWjW1vXsO
[root@localhost anass]# service ldap stop
Stopping slapd: [ OK ]
[root@localhost anass]# vi /etc/openldap/slapd.conf
[root@localhost anass]# service ldap start
Starting slapd: [ OK ]
[root@localhost anass]# ldapadd -vx -D "cn=manager,dc=company,dc=net" -W -f /etc/openldap/base.ldif
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
[root@localhost anass]#
 
Old 04-15-2009, 10:19 AM   #7
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,519

Rep: Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501
Just to clarify something: Are there blank lines between each line in the ldif you're trying to import, or it seems so because you didn't used [code] tags? Blank lines are used to designate every entry. Use this ldif and see if it works:
Code:
#Organization for Samba Base
dn: dc=company,dc=net
objectclass: dcObject
objectclass: organization
dc: company
o: Samba 3
description: Samba 3

# Manager LDAP
dn: cn=manager,dc=company,dc=net
objectclass: organizationalRole
cn: manager
description: LDAP Manager

# Conteneur d'utilisateurs
dn: ou=Users,dc=company,dc=net
objectclass: top
objectclass: organizationalUnit
ou: Users

# Conteneur de machines
dn: ou=Computers,dc=company,dc=net
objectclass: top
objectclass: organizationalUnit
ou: Computers

# Administrateur
dn: cn=admin,ou=Users,dc=company,dc=net
cn: admin
objectclass: top
objectclass: organizationalRole
objectclass: simpleSecurityObject
userPassword: {SSHA}WW2PMcKsh0ZVrFFSuwAtAXIUISAq1VIU
And you can use slapadd to import the ldif is ldapadd fails. Mind that you must stop the server if you are going to use slapadd.
 
Old 04-15-2009, 11:41 AM   #8
anaslimp
LQ Newbie
 
Registered: Apr 2009
Posts: 11

Original Poster
Rep: Reputation: 0
[QUOTE=bathory;3509699]Just to clarify something: Are there blank lines between each line in the ldif you're trying to import, or it seems so because you didn't used [code] tags? Blank lines are used to designate every entry. Use this ldif and see if it works:
[CODE]

i ve tried with the code that u gave me and i got the same thing

[root@localhost anass]# ldapadd -vx -D "cn=manager,dc=company,dc=net" -W -f /home/anass/Bureau/base.ldif
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
[root@localhost anass]# service ldap start
Starting slapd: [ OK ]
[root@localhost anass]# ldapadd -vx -D "cn=manager,dc=company,dc=net" -W -f /home/anass/Bureau/base.ldif
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

i think i will format my computer
 
Old 04-15-2009, 01:22 PM   #9
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,519

Rep: Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501
There is no need to format for this.
Comment out the last 3 lines of slapd.conf (the ACLs):
Quote:
...
# allow onlu rootdn to read the monitor
#access to *
#by dn.exact="cn=manager,dc=company,dc=net" read
#by * none
restart slapd and see if it works.

And you should also try to use slapadd if the above fails.
 
Old 04-16-2009, 03:28 AM   #10
anaslimp
LQ Newbie
 
Registered: Apr 2009
Posts: 11

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
There is no need to format for this.
Comment out the last 3 lines of slapd.conf (the ACLs):

restart slapd and see if it works.

And you should also try to use slapadd if the above fails.
still doesn t want to work
what is the command with slapadd please
[root@localhost anass]# slapadd -v "cn=manager,dc=company,dc=net" /home/anass/Bureau/base.ldif
usage: slapadd [-v] [-d debuglevel] [-f configfile] [-F configdir] [-o <name>[=<value>]] [-c]
[-g] [-n databasenumber | -b suffix]
[-l ldiffile] [-j linenumber] [-q] [-u] [-s] [-w]
 
Old 04-16-2009, 03:40 AM   #11
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
I'd suggest you read that link I posted some time ago.
 
Old 04-16-2009, 03:50 AM   #12
anaslimp
LQ Newbie
 
Registered: Apr 2009
Posts: 11

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by billymayday View Post
I'd suggest you read that link I posted some time ago.
i did billy
i thank u it is very interesting

will someone please send me his slapd.conf and file ldif

cause i m really lost
 
Old 04-16-2009, 04:03 AM   #13
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Interesting stuff changed
Code:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/mozillaAbPersonAlpha.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

# Load dynamic backend modules:
# modulepath    /usr/lib/openldap
# moduleload    back_bdb.la
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la

# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.  Your client software
# may balk at self-signed certificates, however.

# Sample security restrictions
#       Require integrity protection (prevent hijacking)
#       Require 112-bit (3DES or better) encryption for updates
#       Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#       Root DSE: allow anyone to read it
#       Subschema (sub)entry DSE: allow anyone to read it
#       Other DSEs:
#               Allow self write access
#               Allow authenticated users read access
#               Allow anonymous users to authenticate
#       Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#       by self write
#       by users read
#       by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

#database       bdb
#suffix         "dc=my-domain,dc=com"
#rootdn         "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw                secret
# rootpw                {crypt}ijFYNcSNctBYg

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
#     bindmethod=sasl saslmech=GSSAPI
#     authcId=host/ldap-master.example.com@EXAMPLE.COMa

database        bdb
suffix          "dc=example1,dc=com"
rootdn          "cn=Manager,dc=example1,dc=com"
rootpw          {SSHA}noidea
directory       /var/lib/ldap/example1.com

database        bdb
suffix          "dc=example2,dc=com"
rootdn          "cn=Manager,dc=example2,dc=com"
rootpw          {SSHA}cantremember
directory       /var/lib/ldap/example2.com
This is a basic CentOS version updated
 
Old 04-16-2009, 11:19 AM   #14
anaslimp
LQ Newbie
 
Registered: Apr 2009
Posts: 11

Original Poster
Rep: Reputation: 0
:s

i m really lost

[root@localhost anass]# ldapadd -W -D 'cn=manager,dc=company,dc=net' -xh localhost -f /etc/openldap/base.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
[root@localhost anass]# ldapadd -W -D 'cn=manager,dc=company,dc=net' -xh localhost -f /etc/openldap/base.ldif
Enter LDAP Password:
ldap_bind: Server is unwilling to perform (53)
additional info: unauthenticated bind (DN with no password) disallowed
 
Old 04-16-2009, 12:59 PM   #15
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,519

Rep: Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501
Quote:
what is the command with slapadd please
The slapadd is run like this:
Code:
slapadd -l /etc/openldap/base.ldif
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP: Can't contact master ldap server rulirahm Linux - Networking 2 07-14-2014 03:02 AM
Ubuntu Hardy (php-ldap):Can't contact LDAP server eantoranz Programming 7 12-02-2008 07:40 PM
authenticating through one ldap server that uses other ldap servers & active director dreamm Linux - Server 1 02-21-2007 09:22 AM
LDAP server not starting as user LDAP klnasveschuk Fedora 1 02-15-2007 05:49 AM


All times are GMT -5. The time now is 08:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration