LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-06-2010, 11:55 AM   #1
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Rep: Reputation: 33
New to ldap, new to Luma


I would like to manage Ldap with Luma (GUI), but having trouble connecting...

I have the following on LdapServer in etc/openldap/slapd.conf :

database bdb
suffix "dc=domain,dc=local"
rootdn "cn=Manager,dc=domain,dc=local"
rootpw GuessWhatHere

In Luma I have :

Server address : 192.168.1.150:389
Bind as : Manager
Encryption: none
Authentication: simple
BaseDN: dc=domain,dc=local

I'm getting the message :

"Could not access entry. Reason: invalid DN syntax"

So what am I missing ?
 
Old 12-06-2010, 01:00 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Not sure, but should the bind as field not be a valid user dn instead of just the account name? If in doubt, look at the ldap logs, that's what they're there for.
 
Old 12-06-2010, 01:51 PM   #3
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: activity on 1 descriptor
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: activity on:
Dec 6 19:49:56 asterisk16 slapd[12794]:
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: conn=0 fd=12 ACCEPT from IP=192.168.1.100:53217 (IP=0.0.0.0:389)
Dec 6 19:49:56 asterisk16 slapd[12794]: bind: invalid dn (Manager)
Dec 6 19:49:56 asterisk16 slapd[12794]: conn=0 op=0 RESULT tag=97 err=34 text=invalid DN
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: activity on 1 descriptor
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: activity on:
Dec 6 19:49:56 asterisk16 slapd[12794]: 12r
Dec 6 19:49:56 asterisk16 slapd[12794]:
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: read active on 12
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: connection_read(12): input error=-2 id=0, closing.
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: activity on 1 descriptor
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: activity on:
Dec 6 19:49:56 asterisk16 slapd[12794]:
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Dec 6 19:49:56 asterisk16 slapd[12794]: conn=0 op=1 UNBIND
Dec 6 19:49:56 asterisk16 slapd[12794]: daemon: removing 12
Dec 6 19:49:56 asterisk16 slapd[12794]: conn=0 fd=12 closed


bind: invalid dn (Manager) ??

So what is the fault ? And the solution ?
 
Old 12-06-2010, 01:56 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Looks like I was right, you need a full dn, and seeing as you've already got that *EXACT* same data defined on the slapd side ready for you to copy...
 
Old 12-06-2010, 02:03 PM   #5
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by acid_kewpie View Post
Looks like I was right, you need a full dn, and seeing as you've already got that *EXACT* same data defined on the slapd side ready for you to copy...
I've changed :

Bind as = cn=Manager,dc=domain,dc=local

But now the message is :

Could not expand entry: No such object

Last edited by jonaskellens; 12-06-2010 at 02:21 PM.
 
Old 12-06-2010, 02:18 PM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Right, well does it exist??? you must have created it if it does, so only you will know. I do know that "cn=Manager,dc=domain,dc=local" is not EXACTLY the same as "cn=Manager,dc=voipcenter,dc=local" however... have you not actually configured openldap properly yet? It's not exactly fair to expect to use a tool to configure a server before that server has at least been configured a tiny bit, enough to be supported by said tool.
 
Old 12-06-2010, 02:21 PM   #7
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by acid_kewpie View Post
It's not exactly fair to expect to use a tool to configure a server before that server has at least been configured a tiny bit, enough to be supported by said tool.
Well, I thought I could create new OU's and users like in Active Directory with this Luma-GUI...
 
Old 12-06-2010, 02:23 PM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Well you can clearly appreciate that luma is connecting to ldap using ldap, therefore basics (which you've already shown us, so I don't understand why you'd not have configured them to your needs already..??) still need to be there. You only need a working manager account, nothing more, and that's nothing you wouldn't have done for an equivalent in AD, e.g. a domain admin account.
 
Old 12-06-2010, 02:27 PM   #9
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by acid_kewpie View Post
You only need a working manager account, nothing more, and that's nothing you wouldn't have done for an equivalent in AD, e.g. a domain admin account.
rootdn "cn=Manager,dc=domain,dc=local"
rootpw GuessWhatHere

This is not the definition of a root account that is allowed to read/write to the ldap-database ?
 
Old 12-06-2010, 02:59 PM   #10
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
isn't it?

That is the account that Luma is expecting to be given to access the ldap server. They need to be the same, and correct for your deployment.
 
Old 12-06-2010, 03:09 PM   #11
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by acid_kewpie View Post
isn't it?

That is the account that Luma is expecting to be given to access the ldap server. They need to be the same, and correct for your deployment.
I'm sorry, I don't understand.

You tell me that I need a "domain admin". According to me that is : cn=Manager,dc=domain,dc=local

When using this information as login (and with the correct password) I get the message : Could not expand entry: No such object
(so login was successful, but I cannot do anything)

You tell me "You only need a working manager account, nothing more".

But apparently, I am still missing something, right ?
 
Old 12-06-2010, 03:15 PM   #12
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
I'm totally lost as to what you do and don't have. Can you show the configs you actually have? Forget Luma for now. You need to be able to bind to ldap with the manager account, whatever it is called (and it's not REALLY still called "cn=Manager,dc=domain,dc=local" letter for letter is it?? please say no...)

this should work... "ldapsearch -x -h ip.of.ser.ver -D cn=manager,dc=whatevertherestis" where "work" means at least seeing a valid bind message in the ldap logs. get that working first.
 
Old 12-07-2010, 03:34 AM   #13
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
dc=domain is indeed the 'blinded' version of my real domain. Although it should work also in a test domain.

This is the configuration I have on my Ldap-server.

In etc/openldap/slapd.conf :

database bdb
suffix "dc=domain,dc=local"
rootdn "cn=Manager,dc=domain,dc=local"
rootpw GuessWhatHere


And that is it !

I have made no ldif-file and no ldapadd-command. That I was planning to do with Luma (as it involves creating user accounts, OU's, persons,...)
 
Old 12-07-2010, 03:37 AM   #14
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
OK, so can you do a valid search bind?
 
Old 12-07-2010, 05:44 AM   #15
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
[root@asterisk16 ~]# ldapsearch -x -W -D 'cn=Manager,dc=domain,dc=local' -b 'dc=domain,dc=local' '(objectClass=*)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=domain,dc=local> with scope subtree
# filter: (objectClass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1


[root@asterisk16 ~]# ldapsearch -x -W -D 'cn=Manager,dc=domain,dc=local'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

Last edited by jonaskellens; 12-07-2010 at 05:46 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Ubuntu Hardy (php-ldap):Can't contact LDAP server eantoranz Programming 7 12-02-2008 07:40 PM
SMBLDAP-TOOLS SAMBA LDAP . Problem when filling ldap. jcdole Linux - Server 0 06-07-2008 12:41 PM
LXer: LDAP browsing with Luma LXer Syndicated Linux News 0 11-07-2007 12:42 AM
authenticating through one ldap server that uses other ldap servers & active director dreamm Linux - Server 1 02-21-2007 09:22 AM
LXer: LDAP Series Part IV - Installing OpenLDAP on Debian Plus Some LDAP Commentary LXer Syndicated Linux News 0 10-31-2006 07:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration