Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-02-2010, 06:15 AM
|
#1
|
Member
Registered: Jul 2007
Distribution: RedHat Enterprise 5 Server Edition; Ubuntu 8.04 ; RHCE Certificate number: 805008741034103
Posts: 78
Rep:
|
Unable to chown a directory to a user on LDAP Server
Hi,
I am using RHEL5.1 distribution. Openldap-server version is openldap-servers-2.3.27-8.
I have detailed only the steps which are confusing me/are not in accordance to the link- http://www.linuxhomenetworking.com/w...DAP_and_RADIUS
Now; as per the link
...I ran the command
1.
Code:
# cp -rv * /usr/share/openldap/migration/
My action:It asked me for overwriting the files. I said 'yes' for all.
2.
Quote:
# locate DB_CONFIG
On the link's output:/usr/share/doc/openldap-servers-2.4.16/DB_CONFIG.example
|
On my distro: /etc/openldap/DB_CONFIG.example
Hence; I issued
Code:
#cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/example.com/DB_CONFIG
3.
Code:
#/usr/share/openldap/migration/migrate_all_offline.sh > /root/migrop 2> /root/migrerr
The contents of /root/migrop {This file contains output of the script.} are:
--------------------------------------------------------------------- Creating naming context entries...
Migrating aliases...
Migrating groups...
Migrating hosts...
Migrating networks...
Migrating users...
Migrating protocols...
Migrating rpcs...
Migrating services...
Migrating netgroups...
Importing into LDAP...
Migrating netgroups (by user)...
Migrating netgroups (by host)...
Preparing LDAP database...
Migration failed: saving failed LDIF to /tmp/nis.3257.ldif
---------------------------------------------------------------------
The contents of /root/migrerr {This file contains errors of the script.}are:
-------------------------------------------------------------------------------------
slapadd: line 5: database (dc=example,dc=com) not configured to hold "dc=padl,dc=com"
slapadd: line 5: database (dc=example,dc=com) not configured to hold "dc=padl,dc=com"
-------------------------------------------------------------------------------------
On both server & client machine;
4. Output of the command->
Code:
ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
On both server & client;
5.
Code:
Code:
telnet 192.168.0.7 389
Trying 192.168.0.7...
Connected to station7.example.com (192.168.0.7).
Escape character is '^]'.
On client side; as given in the link; I created the home directories. Configured ldap.conf. Also ran the authconfig-tui command.
But; still the issuance of the command
Code:
# chown -R ldapuser:users /home/ldapuser/
shows
Code:
chown: `ldapuser:users`:invalid user
|
|
|
06-02-2010, 06:21 AM
|
#2
|
Member
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 361
Rep:
|
Do you actually have users in your ldap directory? To me, it looks like you don't have any... Furthermore have you set up /etc/ldap.conf, /etc/openldap/ldap.conf and /etc/nsswitch.conf?
What does 'getent passwd' return? Does it contain the users, if they exist, in the ldap directory?
Last edited by Blue_Ice; 06-02-2010 at 06:22 AM.
|
|
1 members found this post helpful.
|
06-02-2010, 08:39 AM
|
#3
|
Member
Registered: Jul 2007
Distribution: RedHat Enterprise 5 Server Edition; Ubuntu 8.04 ; RHCE Certificate number: 805008741034103
Posts: 78
Original Poster
Rep:
|
Contents of ldap.conf and nsswitch.conf
My LDAP server's IP address is 192.168.0.7.
I have not yet implemented Secure LDAP.
Quote:
Do you actually have users in your ldap directory?
|
I ran the Offline migration script on LDAP server. Does this populate the ldap directory with users from my LDAP Server's passwd file? Is ldapsearch the command to search for users in my ldap directory? I have shown the output of it in my previous post. But, I dont understand the meaning.
Quote:
To me, it looks like you don't have any... Furthermore have you set up /etc/ldap.conf, /etc/openldap/ldap.conf and /etc/nsswitch.conf?
|
Yes. I have set them up on the client side.
Following are their contents->
/etc/ldap.conf
Code:
base dc=example,dc=com
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
uri ldap://192.168.0.7/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
/etc/openldap/ldap.conf
Code:
BASE dc=example,dc=com
URI ldap://192.168.0.7/
TLS_CACERTDIR /etc/openldap/cacerts
/etc/nsswitch.conf
Code:
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
Quote:
What does 'getent passwd' return?
|
It returns the names of users present inside the LDAP client's /etc/passwd file.
Quote:
Does it contain the users, if they exist, in the ldap directory?
|
No.
|
|
|
06-02-2010, 08:52 AM
|
#4
|
Member
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 361
Rep:
|
The migration tool probably creates an ldif file or maybe you have to add the ldif filename to CLI command (not really sure about that, been to long ago that I have done this). This ldif you have to add to your ldap directory with the slapadd command. Don't forget to stop the ldap service when you are going to do this.
|
|
|
06-02-2010, 09:03 AM
|
#5
|
Member
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 361
Rep:
|
Forgot to mention this in my previous post, but ldapsearch is the correct client tool to list the contents of your ldap directory.
This is some example output when I run ldapsearch on my systems:
Code:
[user@localhost ~]$ ldapsearch -x -ZZ '(cn=admin)'
# extended LDIF
#
# LDAPv3
# base <dc=mydomain,dc=com> (default) with scope subtree
# filter: (cn=admin)
# requesting: ALL
#
# admin, mydomain.com
dn: cn=admin,dc=mydomain,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
I need to use the -ZZ option as it is required for my setup. As far as I can tell, you don't need it.
Last edited by Blue_Ice; 06-02-2010 at 09:04 AM.
|
|
|
06-03-2010, 12:23 PM
|
#6
|
Member
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 361
Rep:
|
I just saw that you already used slapadd... The 2 errors you got mean that you didn't set the correct domain in your migration tool configuration.
You are trying to add dc=padl,dc=com attributes to a directory that is configured to use dc=example,dc=com. This is not possible and will fail.
|
|
1 members found this post helpful.
|
02-12-2011, 06:34 PM
|
#7
|
Member
Registered: Jul 2007
Distribution: RedHat Enterprise 5 Server Edition; Ubuntu 8.04 ; RHCE Certificate number: 805008741034103
Posts: 78
Original Poster
Rep:
|
Reason for Late Reply.
As BlueIce correctly pointed out; the settings file had to be changed. But; sometimes it worked & sometimes it did not. I am still perplexed about this Yes!!! It works/No!!! it is not working. Still trying to figure out. But; I will mark this thread as solved.
|
|
|
All times are GMT -5. The time now is 04:59 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|