Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-10-2007, 11:13 AM
|
#1
|
Member
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43
Rep:
|
LDAP problems: can't connect
I've been trying to setup and configure openLDAP on my Fedora Core 6 (64bit) for couple of days now... all lead to no luck. I followed closely to this guide and here are samples of my config files:
/etc/ldap.conf
Code:
host 192.168.1.7
base dc=gofigure,dc=com
/etc/openldap/slapd.conf
Code:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=gofigure,dc=com"
rootdn "cn=Manager,dc=gofigure,dc=com"
rootpw 12345
access to * by * read
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber eq,pres
When I do service ldap start, it starts without problems.
Here's an ldif I've created:
/etc/openldap/gofigure.ldif
Code:
dn: dc=gofigure,dc=com
dc: gofigure
description: Root LDAP entry for gofigure.com
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
dn: ou=employees,dc=gofigure,dc=com
ou: employees
description: All employees in organization
objectClass: organizationalUnit
dn: cn=Manager,dc=gofigure,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
When I do ldapadd -x -D "cn=Manager,dc=gofigure,dc=com" -W -f /etc/openldap/gofigure.ldif it adds successfully.
But when I do ldapsearch -x -b -h ' ' -s base '(objectclass=*)' namingContexts it outputs the following:
Code:
# extended LDIF
#
# LDAPv3
# base <-h> with scope baseObject
# filter: (objectclass=*)
# requesting: (objectclass=*) namingContexts
#
# search result
search: 2
result: 34 Invalid DN syntax
text: invalid DN
# numResponses: 1
I have no idea why it doesn't want to take my dn...
And of course I can not connect to ldap://192.168.1.7/dc=gofigure,dc=com using LDAP browser\Editor (all on the same subnet).
Please help...
|
|
|
12-10-2007, 01:17 PM
|
#2
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
You're using an empty search base (illegal), an empty host name and no credentials
while requesting simple authentication....
Try
Code:
ldapsearch -W -x -D "cn=Manager,dc=gofigure,dc=com" '(objectclass=*)' namingContexts
Cheers,
Tink
|
|
|
12-10-2007, 01:54 PM
|
#3
|
Member
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43
Original Poster
Rep:
|
Tinkster, thanks so much for a quick reply.
After issuing ldapsearch with recommended parameters, I got the following output:
Code:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: namingContexts
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
I see that my db contains 2 entries. But I still can not connect to my ldap server using LDAP browser\Editor. I tried binding anonymously, appending base DN and even with SSL... still unable to.
Now, SSL is another issue... when I do ps aux | grep ldap I see that it is on SSL, but I have only port 389 open and I did not configure SSL nor SASL anywhere... Maybe I'm not seeing something? Why doesn't it want to connect?
Thanks again.
|
|
|
12-12-2007, 06:44 AM
|
#4
|
Member
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43
Original Poster
Rep:
|
***bump***
|
|
|
12-12-2007, 07:16 AM
|
#5
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,204
|
Does the anonymous search works?
Code:
ldapsearch -x -z 100 -b 'dc=gofigure,dc=com' '(objectclass=*)'
|
|
|
12-12-2007, 08:02 AM
|
#6
|
Member
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43
Original Poster
Rep:
|
Yes, anonymous works, it shows exactly what I've entered in gofigure.ldif
But I can not connect to this server from my windows machine running java LDAP browser...
***I'm accessing it by IP on the local network, so it's not a routing/dns issue. Thanks
|
|
|
12-12-2007, 09:18 AM
|
#7
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,204
|
Are you sure that there is no firewall either at WinXP side preventing ldapbrowser to go out, or at Linux side preventing connections on port 389?
What happens if you
Code:
telnet ldap-server 389
|
|
|
12-17-2007, 10:04 AM
|
#8
|
Member
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43
Original Poster
Rep:
|
Hey thanx a lot guys... you know how it is... you tear your hair off trying to solve a complicated piece but it all comes down to a very simple stuff... Which of course was in my case too... i didn't have a firewall rule set on my server to allow ldap port (although router does allow it)... So yeah, now it all works flawlessly. Thanks again.
|
|
|
All times are GMT -5. The time now is 08:48 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|