LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-05-2005, 01:31 PM   #1
BStambaugh
LQ Newbie
 
Registered: Oct 2005
Location: York, PA
Posts: 2

Rep: Reputation: 0
openLDAP issues


I am a newbie to not only Linux, but also LDAP. In fact my entire company is and we are all learning as we go along.

We want to start to using LDAP and have been trying to work through some LDAP turtorials and we have still managed to get stuck.

We are just doing some very basic things just to get started.

Now for the problem

When I issue the command:
*****************
ldapadd -f fraternity.ldif -xv -D "cn=DeanWormer,o=delta" -h 127.0.0.1
*****************
Just a side note: The reason that we are not using rootpw at this time is because every time that we try we just get error that we have invalid credentials. So we decided to forget them at this point and just so without.


I get this output:
*****************
ldap_init( 127.0.0.1, 0 )
add objectClass:
top
dcObject
organization
add dc:
delta
add o:
delta
add description:
The Delta House Fraternity Domain
adding new entry "o=delta"
ldap_add: Insufficient access

ldif_record() = 50
*****************




Here is my slapd.conf file:
*****************
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 2.8.8.7 2001/09/27 20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
#include /etc/openldap/schema/nis.schema
#include /etc/openldap/schema/redhat/rfc822-MailMember.schema
#include /etc/openldap/schema/redhat/autofs.schema
#include /etc/openldap/schema/redhat/kerberosobject.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

#pidfile //var/run/slapd.pid
#argsfile //var/run/slapd.args

# Create a replication log in /var/lib/ldap for use by slurpd.
#replogfile /var/lib/ldap/master-slapd.replog

# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la

#
# The next three lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt

#######################################################################
# ldbm database definitions
#######################################################################

database ldbm
suffix "o=delta"
# Only one suffix allowed per database
#suffix "dc=delta,dc=org"
rootdn "cn=DeanWormer,o=delta"
#rootpw secret2
directory /var/lib/ldap/fraternity
defaultaccess read
schemacheck on
lastmod on
index cn,sn,st eq,pres,sub
*****************




Here is a shortened version of my fraternity.ldif:
*****************
dn: o=delta
objectClass: top
objectclass: dcObject
objectclass: organization
dc: delta
o: delta
description: The Delta House Fraternity Domain

dn: o=delta
objectClass: top
objectClass: organization
o: delta
description: Delta House

dn: cn=DeanWormer,o=delta
objectClass: organizationalRole
cn: DeanWormer
description: LDAP Directory Administrator

dn: ou=1961,o=delta
ou: 1961
objectClass: top
objectClass: organizationalUnit
description: Year of Graduation 1961

dn: cn=Bluto Butarsky,ou=1961,o=delta
cn: Bluto Butarsky
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
mail: BButarsky@isp.com
givenname: John
sn: Butarsky
ou: 1961
uid: 1961
employeeType: S
postalAddress: 14 Cherry St.
l: Austin
st: TX
postalcode: 76888
telephoneNumber: (800)555-1212
homePhone: 800-555-1313
facsimileTelephoneNumber: 800-555-1414
*****************

Sorry the files were so long. Any bit of help would be great. Thanks.
 
Old 10-05-2005, 02:59 PM   #2
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8065Reputation: 8065Reputation: 8065Reputation: 8065Reputation: 8065Reputation: 8065Reputation: 8065Reputation: 8065Reputation: 8065Reputation: 8065Reputation: 8065
I think you are using an OpenLDAP v2.0 on an old Redhat machine?
In any case it is wise to look for a more recent OpenLDAP version.

Now, the empty rootpw. It is strange that your LDAP setup does not accept the cleartext password "secret2" that you first configured, but you can create a hashed password like this:
Code:
slappasswd -h {MD5}
and use the result ing string (something like {MD5}Kn1UTMt0K9FV5Vx5bejlEQ==) in your rootpw line.

I think the reason for the ldap_add: Insufficient access ldif_record() = 50 is the fact that you use an empty password. OpenLDAP used to treat password-less binds as anonymous binds for which you have defined read-only access. I just never tried this with an empty rootdn password...

Did you check that your database directory "/var/lib/ldap/fraternity" is mode 700 and writable by the ldap account?

Also, I would suggest you change the "o=delta" to "dc=delta,dc=org" as you seem to already have tried. If you want to work with DomainComponents, this is a nicer way to setup the tree.

Finally, in your LDIF file, you are going to add the DN "dn: o=delta" twice... even if you get thefirst entry to import, the second one will fail.

Good luck!

Eric
 
Old 10-05-2005, 09:42 PM   #3
BStambaugh
LQ Newbie
 
Registered: Oct 2005
Location: York, PA
Posts: 2

Original Poster
Rep: Reputation: 0
Ok, I will try it and let you know. I am working on a RedHat Linux ES machine and I am using the openLDAP that was packaged on the cd if that is any help to you. I wont be in the office on Thursday, but will be on Friday so I will try you suggestions then and will let you know the outcomes. Thanks for you help and hopefully everything goes well.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenLDAP schemas? paul_mat Linux - Networking 1 07-20-2005 12:50 PM
AD, OpenLDAP bentman78 Linux - Networking 1 03-15-2005 12:34 PM
openldap quarry_06 Linux - Networking 7 11-21-2004 01:11 PM
PAM+OpenLDAP serji Linux - Software 0 05-21-2004 07:02 AM
OpenLDAP server Touchstone Linux - General 0 04-10-2002 10:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration