LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-08-2010, 12:56 PM   #31
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975

Well you're getting the same response as before, error 32, meaning the object does not exist, so you've not added the object yet. What ldif's do you have to add? Wha command did you run to add them, what was the output of the add command, what did the server los say about it?
 
Old 12-08-2010, 12:56 PM   #32
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by acid_kewpie View Post
Well you're getting the same response as before, error 32, meaning the object does not exist, so you've not added the object yet.
What object ???


This works :

Code:
[root@asterisk16 ~]# ldapsearch -x -W -D 'cn=Manager,dc=domain,dc=local' -b 'dc=domain,dc=local'
Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base <dc=domain,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# domain.local
dn: dc=domain,dc=local
objectClass: dcObject
objectClass: organization
o: MY Ldap
dc: domain

# Manager, domain.local
dn: cn=Manager,dc=domain,dc=local
objectClass: organizationalRole
cn: Manager

# 123456, domain.local
dn: ou=123456,dc=domain,dc=local
ou: 123456
objectClass: organizationalUnit
objectClass: top

<snip>...<snip>

# U123456, 123456, domain.local
dn: cn=U123456,ou=123456,dc=domain,dc=local
cn: U123456
sn: U123456
userPassword:: dGVzdDEyMzQ1Ng==
objectClass: inetOrgPerson
objectClass: top

# 101001, domain.local
dn: ou=101001,dc=domain,dc=local
ou: 101001
objectClass: organizationalUnit
objectClass: top

# U101001, 101001, domain.local
dn: cn=U101001,ou=101001,dc=domain,dc=local
cn: U101001
sn: U101001
userPassword:: dGVzdDEwMTAwMQ==
objectClass: inetOrgPerson
objectClass: top

<snip>...<snip>

# search result
search: 2
result: 0 Success

# numResponses: 11
# numEntries: 10

Why do I need the parameter -b ??

Why is inetOrgPerson U101001 also able to make this same search (ldapsearch -x -W -D 'cn=U123456,ou=123456,dc=domain,dc=local' -b 'dc=domain,dc=local') ??
 
Old 12-09-2010, 07:17 AM   #33
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
What is wrong here :

Code:
database        bdb
suffix          "dc=mydomain,dc=local"
rootdn          "cn=Manager,dc=mydomain,dc=local"
rootpw          GuessThis

defaultaccess   none
access to *
by dn="cn=Manager,dc=mydomain,dc=local"  write
by dn="cn=U123456,ou=123456,dc=mydomain,dc=local" read
Checking configuration files for slapd: /etc/openldap/slapd.conf: line 99: warning: no by clause(s) specified in access line (ignored).

??
 
Old 12-09-2010, 09:16 AM   #34
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
I think you need to indent all the options for the default access entry our it will interpret them as different directives.
 
Old 12-09-2010, 09:26 AM   #35
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
This works (notice the tab) :

Code:
database        bdb
suffix          "dc=mydomain,dc=local"
rootdn          "cn=Manager,dc=mydomain,dc=local"
rootpw          GuessThis

defaultaccess   none
access to *
[tab]  by dn="cn=Manager,dc=mydomain,dc=local"  write
[tab]  by dn="cn=U123456,ou=123456,dc=mydomain,dc=local" read
But now I have :

[root@asterisk16 ~]# ldapsearch -x -W -D 'cn=U123456,ou=123456,dc=mydomain,dc=local' -b 'ou=123456,dc=mydomain,dc=local'
Enter LDAP Password: test123456
ldap_bind: Invalid credentials (49)


How come it complaints about credentials ??
 
Old 12-09-2010, 09:48 AM   #36
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
Your password must be wrong. Or the account could be locked, but that the sort of functionality you'd explicitly have to add, which you haven't. Also could possible be that the password has expired.
 
Old 12-09-2010, 10:35 AM   #37
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
My password is correct :

Code:
[root@asterisk16 ~]# ldapsearch -x -W -D 'cn=U123456,ou=123456,dc=mydomain,dc=local' -b 'ou=123456,dc=mydomain,dc=local'
Enter LDAP Password: test123456
# extended LDIF
#
# LDAPv3
# base <ou=123456,dc=mydomain,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# 123456, mydomain.local
dn: ou=123456,dc=mydomain,dc=local
ou: 123456
objectClass: organizationalUnit
objectClass: top

<snip>

# numResponses: 5
# numEntries: 4
I've removed this from slapd.conf :

defaultaccess none
access to *
by dn="cn=Manager,dc=mydomain,dc=local" write
by dn="cn=U123456,ou=123456,dc=mydomain,dc=local" read



How come when I add some access rules, my 'normal' users are no longer able to do any search ???
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Ubuntu Hardy (php-ldap):Can't contact LDAP server eantoranz Programming 7 12-02-2008 06:40 PM
SMBLDAP-TOOLS SAMBA LDAP . Problem when filling ldap. jcdole Linux - Server 0 06-07-2008 11:41 AM
LXer: LDAP browsing with Luma LXer Syndicated Linux News 0 11-06-2007 11:42 PM
authenticating through one ldap server that uses other ldap servers & active director dreamm Linux - Server 1 02-21-2007 08:22 AM
LXer: LDAP Series Part IV - Installing OpenLDAP on Debian Plus Some LDAP Commentary LXer Syndicated Linux News 0 10-31-2006 06:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration