LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 09-04-2008, 11:42 AM   #1
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
padl: Problem migrating users from passwd to ldap


Hi!

I want to copy (every once in a while.... like every 5 minutes :-)) the users in passwd to an openLDAP. I will delete the old users and recreate the passwd completely.... so... i'm almost done, but when I run the ldapadd I get this message:

Code:
adding new entry "uid=at,ou=People,dc=fake,dc=domain,dc=com"
ldap_add: Insufficient access (50)
        additional info: no write access to parent
The ou=People is already created, taken from slapcat:
Code:
dn: ou=People,dc=fake,dc=domain,dc=com
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
ou: People
entryUUID: 7c56661a-0ee9-102d-90f4-0953d312da1a
creatorsName: dc=root,dc=fake,dc=domain,dc=com
createTimestamp: 20080904162300Z
entryCSN: 20080904162300.318105Z#000000#000#000000
modifiersName: dc=root,dc=fake,dc=domain,dc=com
modifyTimestamp: 20080904162300Z
This is the command that's running when the failure happens:
./migrate_passwd.pl /etc/passwd | ldapadd -h 10.0.1.251 -y /home/ecarmona/ldap/clave.txt -x -D cn=root,dc=fake,dc=domain,dc=com

As you can see, I'm connected as dc=root,dc=fake,dc=domain,dc=com (which is the admin of the ldap and the modifier of the ou=People node) to the ldap service. What am I missing?

Last edited by eantoranz; 09-04-2008 at 11:43 AM. Reason: mispelling
 
Old 09-04-2008, 11:51 AM   #2
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Original Poster
Rep: Reputation: 83
Got it! The problem was the access in slapd.conf. I added this lines (just for starters... I'll "close it down" later):

Code:
# The admin dn has full write access, everyone else
# can read everything.
access to *
        by dn="cn=root,dc=fake,dc=domain,dc=com" write
        by * read
 
Old 09-04-2008, 12:28 PM   #3
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Original Poster
Rep: Reputation: 83
I have already copied the users to the ldap. This is the script I'm using (in case you want to use it):

Code:
#!/bin/bash
ldapServer="host servidor"
adminDN="cn=root,dc=fake,dc=domain,dc=com"
adminPasswdFile=/myhome/ldap/clave.txt
userGroupDN="ou=People,dc=fake,dc=domain,dc=com"
padlPath=/usr/local/padl

# Hacemos unas busqueda de los usuarios definidos en el ldap
ldapsearch -h $ldapServer -y $adminPasswdFile -x -D $adminDN -b $userGroupDN -s sub "(!(objectClass=organizationalUnit))" dn | grep "^dn" | sed "s/^dn: //"| while read dn; do
       # hay que borrar ese dn
       ldapdelete -h $ldapServer -y $adminPasswdFile -x -D $adminDN $dn
done

# Copiamos los usuarios al LDAP
cd $padlPath
./migrate_passwd.pl /etc/passwd | ldapadd -h $ldapServer -y $adminPasswdFile -x -D $adminDN > /dev/null

#Listo!
But the ldap won't allow me to authenticate using them (at least, not mine :-)). Any idea what I have to tweak (I'm willing to bet it's something on slapd's side).

Code:
ldapsearch -h 10.0.1.251 -W -x -D uid=ecarmona,ou=People,dc=fake,dc=fomain,dc=com -b ou=People,dc=fake,dc=domain,dc=com -s sub objectClass="*" dn
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

Last edited by eantoranz; 09-04-2008 at 12:29 PM.
 
Old 06-11-2013, 10:48 AM   #4
tintunaungkyaw
LQ Newbie
 
Registered: Jun 2013
Posts: 1

Rep: Reputation: Disabled
HI All,

cat /etc/openldap/slapd.conf
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args


### Database Config###
database config
rootdn "cn=admin,cn=config"
rootpw config
access to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break


### Enable Monitoring
database monitor

# allow only rootdn to read the monitor
access to *
by dn.exact="cn=admin,cn=config" read
by * none




But, when I try to slapadd

# ldapadd -v -x -D "cn=replicator,ou=admins,dc=example,dc=org" -w Secret123 -f newuser.ldif -h ldap1.example.org
ldap_initialize( ldap://ldap1.example.org )
add uid:
student3
add cn:
student3
add sn:
3
add objectClass:
top
posixAccount
inetOrgPerson
add loginShell:
/bin/bash
add homeDirectory:
/home/student3
add uidNumber:
14583102
add gidNumber:
14564100
add userPassword:
{SSHA}j3lBh1Seqe4rqF1+NuWmjhvtAni1JC5A
add mail:
student3@example.org
add gecos:
Student3 User
adding new entry "uid=student3,ou=People,dc=example,dc=org"
ldap_add: Insufficient access (50)
additional info: no write access to parent




It shows "no write access to parent"


In this case, what will be correct ACL.

Regards,
Tin Tun
 
  


Reply

Tags
ldap, passwd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Migrating the passwd and group files from an old to a new server kaplan71 Linux - General 1 11-19-2007 02:23 PM
LDAP and /etc/passwd metallica1973 Linux - Software 0 03-10-2007 09:36 AM
ldap problem about delete rendom users armagdon Linux - Networking 3 12-28-2004 08:34 AM
Migrating machine users to virtual users p_penduko Linux - General 2 11-04-2004 07:37 AM
migrating BSD to Slackware passwd file bgovoni Linux - General 0 04-22-2004 05:31 PM


All times are GMT -5. The time now is 08:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration