LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-10-2007, 11:13 AM   #1
_MD_
Member
 
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43

Rep: Reputation: 16
Red face LDAP problems: can't connect


I've been trying to setup and configure openLDAP on my Fedora Core 6 (64bit) for couple of days now... all lead to no luck. I followed closely to this guide and here are samples of my config files:



/etc/ldap.conf
Code:
host 192.168.1.7
base dc=gofigure,dc=com
/etc/openldap/slapd.conf
Code:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

allow bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

database        bdb
suffix          "dc=gofigure,dc=com"
rootdn          "cn=Manager,dc=gofigure,dc=com"
rootpw          12345
access to * by * read

directory       /var/lib/ldap

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber                         eq,pres
When I do service ldap start, it starts without problems.
Here's an ldif I've created:

/etc/openldap/gofigure.ldif
Code:
dn: dc=gofigure,dc=com
dc: gofigure
description: Root LDAP entry for gofigure.com
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject

dn: ou=employees,dc=gofigure,dc=com
ou: employees
description: All employees in organization
objectClass: organizationalUnit

dn: cn=Manager,dc=gofigure,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
When I do ldapadd -x -D "cn=Manager,dc=gofigure,dc=com" -W -f /etc/openldap/gofigure.ldif it adds successfully.
But when I do ldapsearch -x -b -h ' ' -s base '(objectclass=*)' namingContexts it outputs the following:
Code:
# extended LDIF
#
# LDAPv3
# base <-h> with scope baseObject
# filter: (objectclass=*)
# requesting:   (objectclass=*) namingContexts
#

# search result
search: 2
result: 34 Invalid DN syntax
text: invalid DN

# numResponses: 1
I have no idea why it doesn't want to take my dn...
And of course I can not connect to ldap://192.168.1.7/dc=gofigure,dc=com using LDAP browser\Editor (all on the same subnet).

Please help...
 
Old 12-10-2007, 01:17 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928
You're using an empty search base (illegal), an empty host name and no credentials
while requesting simple authentication....

Try
Code:
ldapsearch -W -x -D "cn=Manager,dc=gofigure,dc=com" '(objectclass=*)' namingContexts

Cheers,
Tink
 
Old 12-10-2007, 01:54 PM   #3
_MD_
Member
 
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
Tinkster, thanks so much for a quick reply.
After issuing ldapsearch with recommended parameters, I got the following output:


Code:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: namingContexts
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

I see that my db contains 2 entries. But I still can not connect to my ldap server using LDAP browser\Editor. I tried binding anonymously, appending base DN and even with SSL... still unable to.
Now, SSL is another issue... when I do ps aux | grep ldap I see that it is on SSL, but I have only port 389 open and I did not configure SSL nor SASL anywhere... Maybe I'm not seeing something? Why doesn't it want to connect?

Thanks again.
 
Old 12-12-2007, 06:44 AM   #4
_MD_
Member
 
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
***bump***
 
Old 12-12-2007, 07:16 AM   #5
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,159
Blog Entries: 1

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Does the anonymous search works?
Code:
ldapsearch -x -z 100 -b 'dc=gofigure,dc=com' '(objectclass=*)'
 
Old 12-12-2007, 08:02 AM   #6
_MD_
Member
 
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
Yes, anonymous works, it shows exactly what I've entered in gofigure.ldif
But I can not connect to this server from my windows machine running java LDAP browser...

***I'm accessing it by IP on the local network, so it's not a routing/dns issue. Thanks
 
Old 12-12-2007, 09:18 AM   #7
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,159
Blog Entries: 1

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Are you sure that there is no firewall either at WinXP side preventing ldapbrowser to go out, or at Linux side preventing connections on port 389?
What happens if you
Code:
telnet ldap-server 389
 
Old 12-17-2007, 10:04 AM   #8
_MD_
Member
 
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
Hey thanx a lot guys... you know how it is... you tear your hair off trying to solve a complicated piece but it all comes down to a very simple stuff... Which of course was in my case too... i didn't have a firewall rule set on my server to allow ldap port (although router does allow it)... So yeah, now it all works flawlessly. Thanks again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
TLS in phpLDAPadmin can not connect to LDAP server. nui Linux - Software 0 12-28-2006 08:22 PM
cannot connect to ldap server marcbachman SUSE / openSUSE 0 01-04-2006 10:58 PM
cant connect to PDC Samba-W2k LDAP - connect_to_domain_password_server kep1997 Linux - Networking 2 03-24-2005 02:47 AM
LDAP problems wizard1226 Linux - Software 0 05-26-2003 01:36 PM
LDAP problems...need help tarballed Linux - Networking 3 02-18-2003 08:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration