LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Unable to chown a directory to a user on LDAP Server (http://www.linuxquestions.org/questions/linux-server-73/unable-to-chown-a-directory-to-a-user-on-ldap-server-811667/)

Mr. ameya sathe 06-02-2010 05:15 AM
Unable to chown a directory to a user on LDAP Server
 
Hi,
I am using RHEL5.1 distribution. Openldap-server version is openldap-servers-2.3.27-8.
I have detailed only the steps which are confusing me/are not in accordance to the link-http://www.linuxhomenetworking.com/w...DAP_and_RADIUS

Now; as per the link

...I ran the command
1.
Code:
# cp -rv * /usr/share/openldap/migration/
My action:It asked me for overwriting the files. I said 'yes' for all.

2.
Quote:
# locate DB_CONFIG
On the link's output:/usr/share/doc/openldap-servers-2.4.16/DB_CONFIG.example
On my distro: /etc/openldap/DB_CONFIG.example
Hence; I issued
Code:
#cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/example.com/DB_CONFIG
3.
Code:
#/usr/share/openldap/migration/migrate_all_offline.sh > /root/migrop 2> /root/migrerr
The contents of /root/migrop {This file contains output of the script.} are:
---------------------------------------------------------------------
Creating naming context entries...
Migrating aliases...
Migrating groups...
Migrating hosts...
Migrating networks...
Migrating users...
Migrating protocols...
Migrating rpcs...
Migrating services...
Migrating netgroups...
Importing into LDAP...
Migrating netgroups (by user)...
Migrating netgroups (by host)...
Preparing LDAP database...
Migration failed: saving failed LDIF to /tmp/nis.3257.ldif
---------------------------------------------------------------------



The contents of /root/migrerr {This file contains errors of the script.}are:
-------------------------------------------------------------------------------------
slapadd: line 5: database (dc=example,dc=com) not configured to hold "dc=padl,dc=com"
slapadd: line 5: database (dc=example,dc=com) not configured to hold "dc=padl,dc=com"
-------------------------------------------------------------------------------------


On both server & client machine;
4. Output of the command->
Code:
ldapsearch -x -b 'dc=example,dc=com'    '(objectclass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1
On both server & client;
5.
Code:

       
Code:

       
telnet 192.168.0.7 389

Trying 192.168.0.7...
Connected to station7.example.com (192.168.0.7).
Escape character is '^]'.
On client side; as given in the link; I created the home directories. Configured ldap.conf. Also ran the authconfig-tui command.

But; still the issuance of the command
Code:
# chown -R ldapuser:users /home/ldapuser/
shows
Code:
chown: `ldapuser:users`:invalid user

Blue_Ice 06-02-2010 05:21 AM
Do you actually have users in your ldap directory? To me, it looks like you don't have any... Furthermore have you set up /etc/ldap.conf, /etc/openldap/ldap.conf and /etc/nsswitch.conf?
What does 'getent passwd' return? Does it contain the users, if they exist, in the ldap directory?

Mr. ameya sathe 06-02-2010 07:39 AM
Contents of ldap.conf and nsswitch.conf
 
My LDAP server's IP address is 192.168.0.7.
I have not yet implemented Secure LDAP.

Quote:
Do you actually have users in your ldap directory?
I ran the Offline migration script on LDAP server. Does this populate the ldap directory with users from my LDAP Server's passwd file? Is ldapsearch the command to search for users in my ldap directory? I have shown the output of it in my previous post. But, I dont understand the meaning.

Quote:
To me, it looks like you don't have any... Furthermore have you set up /etc/ldap.conf, /etc/openldap/ldap.conf and /etc/nsswitch.conf?
Yes. I have set them up on the client side.
Following are their contents->
/etc/ldap.conf
Code:
base dc=example,dc=com
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
uri ldap://192.168.0.7/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
/etc/openldap/ldap.conf
Code:
BASE dc=example,dc=com
URI ldap://192.168.0.7/
TLS_CACERTDIR /etc/openldap/cacerts
/etc/nsswitch.conf
Code:
passwd:    files ldap
shadow:    files ldap
group:      files ldap
hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files
ethers:    files
netmasks:  files
networks:  files
protocols:  files ldap
rpc:        files
services:  files ldap
netgroup:  files ldap
publickey:  nisplus
automount:  files ldap
aliases:    files nisplus
Quote:
What does 'getent passwd' return?
It returns the names of users present inside the LDAP client's /etc/passwd file.

Quote:
Does it contain the users, if they exist, in the ldap directory?
No.

Blue_Ice 06-02-2010 07:52 AM
The migration tool probably creates an ldif file or maybe you have to add the ldif filename to CLI command (not really sure about that, been to long ago that I have done this). This ldif you have to add to your ldap directory with the slapadd command. Don't forget to stop the ldap service when you are going to do this.

Blue_Ice 06-02-2010 08:03 AM
Forgot to mention this in my previous post, but ldapsearch is the correct client tool to list the contents of your ldap directory.
This is some example output when I run ldapsearch on my systems:
Code:
[user@localhost ~]$ ldapsearch -x -ZZ '(cn=admin)'
# extended LDIF
#
# LDAPv3
# base <dc=mydomain,dc=com> (default) with scope subtree
# filter: (cn=admin)
# requesting: ALL
#

# admin, mydomain.com
dn: cn=admin,dc=mydomain,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1
I need to use the -ZZ option as it is required for my setup. As far as I can tell, you don't need it.

Blue_Ice 06-03-2010 11:23 AM
I just saw that you already used slapadd... The 2 errors you got mean that you didn't set the correct domain in your migration tool configuration.
You are trying to add dc=padl,dc=com attributes to a directory that is configured to use dc=example,dc=com. This is not possible and will fail.

Mr. ameya sathe 02-12-2011 05:34 PM
Reason for Late Reply.
 
As BlueIce correctly pointed out; the settings file had to be changed. But; sometimes it worked & sometimes it did not. I am still perplexed about this Yes!!! It works/No!!! it is not working. Still trying to figure out. But; I will mark this thread as solved.


All times are GMT -5. The time now is 05:33 PM.