LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-02-2010, 06:15 AM   #1
Mr. ameya sathe
Member
 
Registered: Jul 2007
Distribution: RedHat Enterprise 5 Server Edition; Ubuntu 8.04 ; RHCE Certificate number: 805008741034103
Posts: 78
Blog Entries: 8

Rep: Reputation: Disabled
Angry Unable to chown a directory to a user on LDAP Server


Hi,
I am using RHEL5.1 distribution. Openldap-server version is openldap-servers-2.3.27-8.
I have detailed only the steps which are confusing me/are not in accordance to the link-http://www.linuxhomenetworking.com/w...DAP_and_RADIUS

Now; as per the link

...I ran the command
1.
Code:
# cp -rv * /usr/share/openldap/migration/
My action:It asked me for overwriting the files. I said 'yes' for all.

2.
Quote:
# locate DB_CONFIG
On the link's output:/usr/share/doc/openldap-servers-2.4.16/DB_CONFIG.example
On my distro: /etc/openldap/DB_CONFIG.example
Hence; I issued
Code:
#cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/example.com/DB_CONFIG
3.
Code:
#/usr/share/openldap/migration/migrate_all_offline.sh > /root/migrop 2> /root/migrerr
The contents of /root/migrop {This file contains output of the script.} are:
---------------------------------------------------------------------
Creating naming context entries...
Migrating aliases...
Migrating groups...
Migrating hosts...
Migrating networks...
Migrating users...
Migrating protocols...
Migrating rpcs...
Migrating services...
Migrating netgroups...
Importing into LDAP...
Migrating netgroups (by user)...
Migrating netgroups (by host)...
Preparing LDAP database...
Migration failed: saving failed LDIF to /tmp/nis.3257.ldif

---------------------------------------------------------------------



The contents of /root/migrerr {This file contains errors of the script.}are:
-------------------------------------------------------------------------------------
slapadd: line 5: database (dc=example,dc=com) not configured to hold "dc=padl,dc=com"
slapadd: line 5: database (dc=example,dc=com) not configured to hold "dc=padl,dc=com"
-------------------------------------------------------------------------------------


On both server & client machine;
4. Output of the command->
Code:
ldapsearch -x -b 'dc=example,dc=com'    '(objectclass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1
On both server & client;
5.
Code:
Code:
telnet 192.168.0.7 389
Trying 192.168.0.7... Connected to station7.example.com (192.168.0.7). Escape character is '^]'.
On client side; as given in the link; I created the home directories. Configured ldap.conf. Also ran the authconfig-tui command.

But; still the issuance of the command
Code:
# chown -R ldapuser:users /home/ldapuser/
shows
Code:
chown: `ldapuser:users`:invalid user
 
Old 06-02-2010, 06:21 AM   #2
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 361

Rep: Reputation: Disabled
Do you actually have users in your ldap directory? To me, it looks like you don't have any... Furthermore have you set up /etc/ldap.conf, /etc/openldap/ldap.conf and /etc/nsswitch.conf?
What does 'getent passwd' return? Does it contain the users, if they exist, in the ldap directory?

Last edited by Blue_Ice; 06-02-2010 at 06:22 AM.
 
1 members found this post helpful.
Old 06-02-2010, 08:39 AM   #3
Mr. ameya sathe
Member
 
Registered: Jul 2007
Distribution: RedHat Enterprise 5 Server Edition; Ubuntu 8.04 ; RHCE Certificate number: 805008741034103
Posts: 78

Original Poster
Blog Entries: 8

Rep: Reputation: Disabled
Post Contents of ldap.conf and nsswitch.conf

My LDAP server's IP address is 192.168.0.7.
I have not yet implemented Secure LDAP.

Quote:
Do you actually have users in your ldap directory?
I ran the Offline migration script on LDAP server. Does this populate the ldap directory with users from my LDAP Server's passwd file? Is ldapsearch the command to search for users in my ldap directory? I have shown the output of it in my previous post. But, I dont understand the meaning.

Quote:
To me, it looks like you don't have any... Furthermore have you set up /etc/ldap.conf, /etc/openldap/ldap.conf and /etc/nsswitch.conf?
Yes. I have set them up on the client side.
Following are their contents->
/etc/ldap.conf
Code:
base dc=example,dc=com
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
uri ldap://192.168.0.7/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
/etc/openldap/ldap.conf
Code:
BASE dc=example,dc=com
URI ldap://192.168.0.7/
TLS_CACERTDIR /etc/openldap/cacerts
/etc/nsswitch.conf
Code:
passwd:     files ldap
shadow:     files ldap
group:      files ldap
hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files ldap
rpc:        files
services:   files ldap
netgroup:   files ldap
publickey:  nisplus
automount:  files ldap
aliases:    files nisplus
Quote:
What does 'getent passwd' return?
It returns the names of users present inside the LDAP client's /etc/passwd file.

Quote:
Does it contain the users, if they exist, in the ldap directory?
No.
 
Old 06-02-2010, 08:52 AM   #4
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 361

Rep: Reputation: Disabled
The migration tool probably creates an ldif file or maybe you have to add the ldif filename to CLI command (not really sure about that, been to long ago that I have done this). This ldif you have to add to your ldap directory with the slapadd command. Don't forget to stop the ldap service when you are going to do this.
 
Old 06-02-2010, 09:03 AM   #5
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 361

Rep: Reputation: Disabled
Forgot to mention this in my previous post, but ldapsearch is the correct client tool to list the contents of your ldap directory.
This is some example output when I run ldapsearch on my systems:
Code:
[user@localhost ~]$ ldapsearch -x -ZZ '(cn=admin)'
# extended LDIF
#
# LDAPv3
# base <dc=mydomain,dc=com> (default) with scope subtree
# filter: (cn=admin)
# requesting: ALL
#

# admin, mydomain.com
dn: cn=admin,dc=mydomain,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1
I need to use the -ZZ option as it is required for my setup. As far as I can tell, you don't need it.

Last edited by Blue_Ice; 06-02-2010 at 09:04 AM.
 
Old 06-03-2010, 12:23 PM   #6
Blue_Ice
Member
 
Registered: Jul 2006
Location: Belgium
Distribution: Debian, Fedora, CentOS, Windows
Posts: 361

Rep: Reputation: Disabled
I just saw that you already used slapadd... The 2 errors you got mean that you didn't set the correct domain in your migration tool configuration.
You are trying to add dc=padl,dc=com attributes to a directory that is configured to use dc=example,dc=com. This is not possible and will fail.
 
1 members found this post helpful.
Old 02-12-2011, 06:34 PM   #7
Mr. ameya sathe
Member
 
Registered: Jul 2007
Distribution: RedHat Enterprise 5 Server Edition; Ubuntu 8.04 ; RHCE Certificate number: 805008741034103
Posts: 78

Original Poster
Blog Entries: 8

Rep: Reputation: Disabled
Thumbs up Reason for Late Reply.

As BlueIce correctly pointed out; the settings file had to be changed. But; sometimes it worked & sometimes it did not. I am still perplexed about this Yes!!! It works/No!!! it is not working. Still trying to figure out. But; I will mark this thread as solved.
 
  


Reply

Tags
chown, ldap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
unable to get ldap to bind to Active Directory server, but am able to ldapsearch kcorupe Linux - Server 2 08-03-2012 03:57 AM
[SOLVED] chown on ldap server Allie Linux - Server 1 09-12-2009 08:27 PM
chown delegation to user in some directory Bogdan Linux - Security 3 02-22-2007 05:20 PM
LDAP server not starting as user LDAP klnasveschuk Fedora 1 02-15-2007 05:49 AM
Chown fails in client login for user defined in ldap server jpsingh Linux - Server 2 12-19-2006 11:26 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration