Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 10-25-2005, 03:23 AM   #1
LQ Newbie
Registered: Jul 2004
Posts: 4

Rep: Reputation: 0
ldapsearch with incomplete base returns no results


I'm trying to get my server using openldap for passwd-replacement. I followed the guide located at www . gentoo . org/doc/en/ldap-howto.xml (sorry, but I have less than 5 posts, so no URL here) and the login just works well using ldap.
I tried installing phpldapadmin for administrating the directory, but went into a problem when trying to create a new posixAccount using it. The GID and loginShell parameters stay empty. The slapd log says, that the search command came with the base "dc=com" (my domain is always substituted with

The problem is, that the following command returns the expected result:
ldapsearch -WD "uid=root,dc=domain,dc=com" -H "ldaps://"
But as soon as I specify a base-DN that is not the complete "dc=domain,dc=com", I get the following:
ldapsearch -WD "uid=root,dc=domain,dc=com" -H "ldaps://" -b "dc=com"
Enter LDAP Password:
# extended LDIF
# LDAPv3
# base <dc=com> with scope sub
# filter: (objectclass=*)
# requesting: ALL

# search result
search: 2
result: 32 No such object

# numResponses: 1
The second thing is just a small question. Now, that ldap auth works for me, I could remove some users/groups from the passwd/shadow/group file. The question is, if that is generally a good or a bad idea and if, what users I should leave as they are. I won't delete the root anyway, because I'd like to be able to login without ldap running. Also, removing the ldap user won't make much sense. But all those groups / users that are never used during boot up (games, audio, video, ...) could imo be removed. What do you think? How did you do that?

For the first question:
My /etc/openldap/ldap.conf:
# Also tried with the base directive...
#BASE		dc=domain, dc=com
URI		ldaps://
TLS_CACERT	/var/ssl/
My /etc/openldap/slapd.conf:
include		/etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

password-hash	{md5}

#TLSCipherSuite        HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
#TLSCACertificateFile  /var/ssl/
#TLSCertificateFile    /var/ssl/
#TLSCertificateKeyFile /var/ssl/
TLSCACertificateFile  /var/ssl/
TLSCertificateFile    /var/ssl/
TLSCertificateKeyFile /var/ssl/

pidfile		/var/run/openldap/
argsfile	/var/run/openldap/slapd.args

database	bdb
checkpoint	32	30 # <kbyte> <min>

suffix		"dc=domain,dc=com"
rootdn		"uid=root,dc=domain,dc=com"
rootpw		{MD5}*********************

directory	/var/lib/openldap-data
index	objectClass	eq

access to *
  by users read
  by anonymous auth
  by * none

access to attrs=userPassword,gecos,description,loginShell
  by self write

access to attrs="userPassword"
  by dn="uid=root,dc=domain,dc=com" write
  by anonymous auth
  by self write
  by * none
Thanks for all replies in advance.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sync incomplete on E Baracuda Linux - Laptop and Netbook 0 11-07-2005 01:24 AM
OpenLDAP, ldapsearch: how to list all attributes Hko Linux - Networking 0 08-15-2004 10:43 AM
Knoppix is incomplete? Craigwd Debian 2 05-30-2004 01:01 PM
incomplete installation pirozzi Linux - Laptop and Netbook 1 10-25-2003 09:08 AM
incomplete programs ampex189 Linux - Software 3 10-11-2003 11:37 PM

All times are GMT -5. The time now is 04:19 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration