I would like to manage Ldap with Luma (GUI), but having trouble connecting...

I have the following on LdapServer in etc/openldap/slapd.conf :

database bdb
suffix "dc=domain,dc=local"
rootdn "cn=Manager,dc=domain,dc=local"
rootpw GuessWhatHere

In Luma I have :

Server address : 192.168.1.150:389
Bind as : Manager
Encryption: none
Authentication: simple
BaseDN: dc=domain,dc=local

I'm getting the message :

"Could not access entry. Reason: invalid DN syntax"

So what am I missing ?

Not sure, but should the bind as field not be a valid user dn instead of just the account name? If in doubt, look at the ldap logs, that's what they're there for.

Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: activity on 1 descriptor
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: activity on:
Dec 6 19:49:56 asterisk16 slapd[12794]:
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: conn=0 fd=12 ACCEPT from IP=192.168.1.100:53217 (IP=0.0.0.0:389)
Dec 6 19:49:56 asterisk16 slapd[12794]: bind: invalid dn (Manager)
Dec 6 19:49:56 asterisk16 slapd[12794]: conn=0 op=0 RESULT tag=97 err=34 text=invalid DN
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: activity on 1 descriptor
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: activity on:
Dec 6 19:49:56 asterisk16 slapd[12794]: 12r
Dec 6 19:49:56 asterisk16 slapd[12794]:
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: read active on 12
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: connection_read(12): input error=-2 id=0, closing.
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: activity on 1 descriptor
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: activity on:
Dec 6 19:49:56 asterisk16 slapd[12794]:
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: conn=0 op=1 UNBIND
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: removing 12
Dec 6 19:49:56 asterisk16 slapd[12794]: conn=0 fd=12 closed


bind: invalid dn (Manager) ??

So what is the fault ? And the solution ?

Looks like I was right, you need a full dn, and seeing as you've already got that *EXACT* same data defined on the slapd side ready for you to copy...

I've changed :

Bind as = cn=Manager,dc=domain,dc=local

But now the message is :

Could not expand entry: No such object

Right, well does it exist??? you must have created it if it does, so only you will know. I do know that "cn=Manager,dc=domain,dc=local" is not EXACTLY the same as "cn=Manager,dc=voipcenter,dc=local" however... have you not actually configured openldap properly yet? It's not exactly fair to expect to use a tool to configure a server before that server has at least been configured a tiny bit, enough to be supported by said tool.

Well, I thought I could create new OU's and users like in Active Directory with this Luma-GUI...

Well you can clearly appreciate that luma is connecting to ldap using ldap, therefore basics (which you've already shown us, so I don't understand why you'd not have configured them to your needs already..??) still need to be there. You only need a working manager account, nothing more, and that's nothing you wouldn't have done for an equivalent in AD, e.g. a domain admin account.

rootdn "cn=Manager,dc=domain,dc=local"
rootpw GuessWhatHere

This is not the definition of a root account that is allowed to read/write to the ldap-database ?

isn't it?

That is the account that Luma is expecting to be given to access the ldap server. They need to be the same, and correct for your deployment.

I'm sorry, I don't understand.

You tell me that I need a "domain admin". According to me that is : cn=Manager,dc=domain,dc=local

When using this information as login (and with the correct password) I get the message : Could not expand entry: No such object
(so login was successful, but I cannot do anything)

You tell me "You only need a working manager account, nothing more".

But apparently, I am still missing something, right ?

I'm totally lost as to what you do and don't have. Can you show the configs you actually have? Forget Luma for now. You need to be able to bind to ldap with the manager account, whatever it is called (and it's not REALLY still called "cn=Manager,dc=domain,dc=local" letter for letter is it?? please say no...)

this should work... "ldapsearch -x -h ip.of.ser.ver -D cn=manager,dc=whatevertherestis" where "work" means at least seeing a valid bind message in the ldap logs. get that working first.

dc=domain is indeed the 'blinded' version of my real domain. Although it should work also in a test domain.

This is the configuration I have on my Ldap-server.

In etc/openldap/slapd.conf :

database bdb
suffix "dc=domain,dc=local"
rootdn "cn=Manager,dc=domain,dc=local"
rootpw GuessWhatHere


And that is it !

I have made no ldif-file and no ldapadd-command. That I was planning to do with Luma (as it involves creating user accounts, OU's, persons,...)

OK, so can you do a valid search bind?

[root@asterisk16 ~]# ldapsearch -x -W -D 'cn=Manager,dc=domain,dc=local' -b 'dc=domain,dc=local' '(objectClass=*)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=domain,dc=local> with scope subtree
# filter: (objectClass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1


[root@asterisk16 ~]# ldapsearch -x -W -D 'cn=Manager,dc=domain,dc=local'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1