Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
09-04-2008, 11:42 AM
|
#1
|
|
Senior Member
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,888
Rep: 
|
padl: Problem migrating users from passwd to ldap
Hi!
I want to copy (every once in a while.... like every 5 minutes :-)) the users in passwd to an openLDAP. I will delete the old users and recreate the passwd completely.... so... i'm almost done, but when I run the ldapadd I get this message:
Code:
adding new entry "uid=at,ou=People,dc=fake,dc=domain,dc=com"
ldap_add: Insufficient access (50)
additional info: no write access to parent
The ou=People is already created, taken from slapcat:
Code:
dn: ou=People,dc=fake,dc=domain,dc=com
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
ou: People
entryUUID: 7c56661a-0ee9-102d-90f4-0953d312da1a
creatorsName: dc=root,dc=fake,dc=domain,dc=com
createTimestamp: 20080904162300Z
entryCSN: 20080904162300.318105Z#000000#000#000000
modifiersName: dc=root,dc=fake,dc=domain,dc=com
modifyTimestamp: 20080904162300Z
This is the command that's running when the failure happens:
./migrate_passwd.pl /etc/passwd | ldapadd -h 10.0.1.251 -y /home/ecarmona/ldap/clave.txt -x -D cn=root,dc=fake,dc=domain,dc=com
As you can see, I'm connected as dc=root,dc=fake,dc=domain,dc=com (which is the admin of the ldap and the modifier of the ou=People node) to the ldap service. What am I missing?
Last edited by eantoranz; 09-04-2008 at 11:43 AM.
Reason: mispelling
|
|
|
|
|
09-04-2008, 11:51 AM
|
#2
|
|
Senior Member
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,888
Original Poster
Rep:
|
Got it! The problem was the access in slapd.conf. I added this lines (just for starters... I'll "close it down" later):
Code:
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=root,dc=fake,dc=domain,dc=com" write
by * read
|
|
|
|
|
09-04-2008, 12:28 PM
|
#3
|
|
Senior Member
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,888
Original Poster
Rep:
|
I have already copied the users to the ldap. This is the script I'm using (in case you want to use it):
Code:
#!/bin/bash
ldapServer="host servidor"
adminDN="cn=root,dc=fake,dc=domain,dc=com"
adminPasswdFile=/myhome/ldap/clave.txt
userGroupDN="ou=People,dc=fake,dc=domain,dc=com"
padlPath=/usr/local/padl
# Hacemos unas busqueda de los usuarios definidos en el ldap
ldapsearch -h $ldapServer -y $adminPasswdFile -x -D $adminDN -b $userGroupDN -s sub "(!(objectClass=organizationalUnit))" dn | grep "^dn" | sed "s/^dn: //"| while read dn; do
# hay que borrar ese dn
ldapdelete -h $ldapServer -y $adminPasswdFile -x -D $adminDN $dn
done
# Copiamos los usuarios al LDAP
cd $padlPath
./migrate_passwd.pl /etc/passwd | ldapadd -h $ldapServer -y $adminPasswdFile -x -D $adminDN > /dev/null
#Listo!
But the ldap won't allow me to authenticate using them (at least, not mine :-)). Any idea what I have to tweak (I'm willing to bet it's something on slapd's side).
Code:
ldapsearch -h 10.0.1.251 -W -x -D uid=ecarmona,ou=People,dc=fake,dc=fomain,dc=com -b ou=People,dc=fake,dc=domain,dc=com -s sub objectClass="*" dn
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
Last edited by eantoranz; 09-04-2008 at 12:29 PM.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 11:16 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
