LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-03-2009, 01:52 AM   #1
Niceman2005
Member
 
Registered: Nov 2004
Distribution: Fedora Core 2
Posts: 330

Rep: Reputation: 30
ldap_bind: Naming violation (64)


Dear friends,

I am struggling to figure out what is wrong with my openldap implementation.

On a server RHEL4
openldap-clients-2.2.13-2
openldap-servers-2.2.13-2
openldap-2.2.13-2

WITH slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema

database bdb
suffix "dc=sanyang,dc=com,dc=my"
rootdn "cn=root,dc=sanyang,dc=com,dc=my"
rootpw mis123

WITH initial.ldif
dn: dc=sanyang,dc=com,dc=my
objectClass: dcObject
objectClass: organization
o: sanyang
dc: sanyang

dn: cn=root,dc=sanyang,dc=com,dc=my
objectClass: organizationalRole
cn: root


It works well.
On another system with exactly the same OS and openldap version [the only difference is the hardware], ldapadd fails with:

# ldapadd -x -D "cn=root,dc=sanyang,dc=com,dc=my" -W -f initial.ldif
Enter LDAP Password:
ldap_bind: Naming violation (64)

I have googled through, no one seems to be having any solution that solves the problem. What drives me crazy is that, i have used exactly the same OS , openldap version and config files, the configuration is simple two steps:
1) edit slapd.conf
2) ldapadd

but, it just don't work on the other server, i have checked over and over again, my slapd.conf is exactly the same, initial.ldif also copied from the working server. I am really wondering if anyone has encountered the same problem like this, now i have setup another server with RHEL5 , the same problem is encountered, i really have no idea what else can i check, hope anyone who knows give me some hint on what is the problem, or any log file to check for error cause?

thanks for taking time reading my query
 
Old 04-03-2009, 02:57 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,163
Blog Entries: 1

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
You can add the "-v" option in the ldapadd command to have a more verbose output, so you maybe find the reason of the problem:
Code:
ldapadd -vx -D "cn=root,dc=sanyang,dc=com,dc=my" -W -f initial.ldif
 
Old 04-03-2009, 03:08 AM   #3
Niceman2005
Member
 
Registered: Nov 2004
Distribution: Fedora Core 2
Posts: 330

Original Poster
Rep: Reputation: 30
Hi ,
thanks for your reply.
The only info:

ldapadd -vx -D "cn=root,dc=sanyang,dc=com,dc=my" -W -f initial.ldif
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
ldap_bind: Naming violation (64)

Once again, it doesn't give me any hint on whats wrong.
thanks
 
Old 04-03-2009, 03:28 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,163
Blog Entries: 1

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
Doh, it should say what naming attribute had the problem.
Anyway check carefully for typos, move the dc at the top (after the first line), add the top objectClass and see if it works. You can ditch the cn=root,... since this is used just for administration.
Quote:
dn: dc=sanyang,dc=com,dc=my
dc: sanyang
objectClass: top
objectClass: dcObject
objectClass: organization
o: sanyang
 
Old 04-03-2009, 03:50 AM   #5
Niceman2005
Member
 
Registered: Nov 2004
Distribution: Fedora Core 2
Posts: 330

Original Poster
Rep: Reputation: 30
Hi,
It is still the same with the updated ldif.
I just tried to delete /var/lib/ldap/ ,reinstall openldap, openldap-servers, openldap-clients.

tried again with your suggestion, still no luck.

its really weird, now the only difference is the hardware, i am not sure if that makes a difference in the ldap configuration it doesnt make sense if it does.

thanks for your help
 
Old 04-03-2009, 04:11 AM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,163
Blog Entries: 1

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
It's not a hardware problem. Could be a SELinux or something like that, but not hardware.
You can use slapadd to do the same. You have to stop slapd from running before executing slapadd.
Code:
slapadd -l initial.ldif
 
Old 04-03-2009, 04:11 AM   #7
Niceman2005
Member
 
Registered: Nov 2004
Distribution: Fedora Core 2
Posts: 330

Original Poster
Rep: Reputation: 30
Oh, i found one difference between the working and non working servers.

when i type ldapadd, the outcome for both respectively:

working server:
]# ldapadd
SASL/DIGEST-MD5 authentication started
Please enter your password:

Not working server:
# ldapadd
ldap_sasl_interactive_bind_s: No such attribute (16)

SO somehow it is something to do with sasl, i am googling for what am i missing, i have checked i have all
cyrus-sasl-2.1.19-5.EL4
cyrus-sasl-md5-2.1.19-5.EL4
cyrus-sasl-devel-2.1.19-5.EL4
cyrus-sasl-plain-2.1.19-5.EL4

installed.

Anyhow, if anyone knows an answer or jhint, pls help to drop one here, thanks
thanks bathory for your kind assistance
 
Old 04-03-2009, 04:16 AM   #8
Niceman2005
Member
 
Registered: Nov 2004
Distribution: Fedora Core 2
Posts: 330

Original Poster
Rep: Reputation: 30
Hi Bathory,

Thanks a lot for your kind assistance.
I think i know why already,
i have another ldap installed on that server, the ldap comes by default from the mail service SCALIX, thanks for your suggestion to try this command:

slapadd -l initial.ldif which says:
# slapadd -l initial.ldif
bdb_db_open: database already in use
backend_startup_one: bi_db_open failed! (-1)
slap_startup failed

Both of the servers that are failing to do ldapadd has scalix server installed in it, no wonder it has conflict...
the one working does not have scalix, it is specically for openldap.

thanks a lot for your help!
No wonder so far i have not encountered such problem eventhough i have implemented dozens of openldap servers before, really a big mistake to overlook scalix-ldap.

have a good day
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ldap_bind: Invalid credentials (49) pdrobe Linux - General 12 09-13-2012 02:41 AM
Is there a way to have grub translate its own naming to naming scheme under Linux zhjim Linux - Software 6 05-28-2006 08:09 AM
openldap: ldap_add: Naming violation (64) libregeek Linux - Networking 2 11-24-2005 12:51 AM
Re ldap_bind Insufficient access(50) vanaidu2004 Linux - Networking 0 07-03-2005 12:39 AM
mail server the naming naming convention problem kashan Linux - Newbie 0 07-16-2004 02:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration