OpenLDap Problems
Nick Bernstein
nbernstein at frontbridge.com
Sat Jan 29 00:47:31 UTC 2005
Aside from some stuff a year or so ago during research into authenticating
linux hosts against active directory (another job, don't ask), this is my
first time setting up openldap. After reading the ldap quickstart, and
skimming over the admin guide, and picking up the Oriley book, all of which
pointed to a very simple setup, I figured it would be a cakewalk and after
getting annoyed with progress on ES3, I was able to do the exact same
sequence on Suse 9.2 in about 15 minutes and be able to browse tree, and
query successfully.. Since I'm doing it on redhat es v. 3, however, it, of
course, has to work oddly. :-)
The final goal for this is to be able to use ldap for authentication.
I'll go over the problem(s) first, and put the configuration stuff below.
Love to hear what you guys (and gals) think.
Basically here's what I did:
(1) Setup /etc/openldap/slapd.conf
(2) Authconfig info & auth both get ldap (localhost dc=shuba,dc=com)
(3) Migrate_base > /tmp/base.ldif
(4) Slapadd -f /etc/openldap/slapd.conf -x -v -l /tmp/base.ldif
(5) Authconfig (turn shadow passwords off)
(6) Cp /etc/passwd /tmp/shadowpass.txt
(7) Migrate_passwd.pl /tmp/shadowpass.txt > /tmp/users.ldif
(8) Slapadd -f /etc/openldap/slapd.conf -x -v -f /tmp/base.ldif
(9) Slapcatt | more (looks good)
(10) Service ldap start (/etc/init.d/ldap start)
(11) Ldapsearch -x (see below for results)
(12) Open a java ldap browser (connects, ONLY shows "dc=shuba, dc=com" - no
children)
(13) Try to connect using the Manager user, no dice.
(PS) I looked through the archives, and didn't see anything, as well as
going through google, and google news groups. If by some miracle, I've
missed readily available answers there or in the FAQ, please accept my
apologies in advance.
TIA,
Nick
First ldapadd works oddly. An ldif that I can add with slapadd gives an
error using ldap add.
slapadd -f /etc/openldap/slapd.conf -v -l /tmp/user.ldif
added: "uid=foo,ou=People,dc=shuba,dc=com" (00000050)
<< changes foo->bar, and increase the uid/gid by one, same file >>
[root at test1-int migration]# /etc/init.d/ldap start
Starting slapd: [OK]
[root at test1-int migration]# ldapadd -x -v -f /tmp/user.ldif
ldap_initialize( <DEFAULT> )
add uid:
bar
add cn:
adding with ldapadd
add objectClass:
account
posixAccount
top
add userPassword:
{SSHA}qaf5D6w/DGSY521JJu5gambxmBvadJyr
add loginShell:
/bin/bash
add uidNumber:
1029
add gidNumber:
1029
add homeDirectory:
/home/bar
adding new entry "uid=bar,ou=People,dc=shuba,dc=com"
ldap_add: Operations error
ldif_record() = 1
for the record, btw, the last entry in the db, according to slapcat is:
dn: uid=foo,ou=People,dc=shuba,dc=com
uid: foo
cn: adding with ldapadd
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword:: --snip --
loginShell: /bin/bash
uidNumber: 1028
gidNumber: 1028
homeDirectory: /home/foo
So that's the first thing. Second, Nothing comes back when I use ldapsearch,
even when asking for anything:
ldapsearch -x -b '' -s base '(objectclass=*)'
version: 2
#
# filter: (objectclass=*)
# requesting: ALL
#
#
dn:
objectClass: top
objectClass: OpenLDAProotDSE
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
--- config files
----------------------------------------------------------------------------
---
# grep -v ^# /etc/openldap/slapd.conf | grep -v ^$
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
database ldbm
suffix "dc=shuba,dc=com"
rootdn "cn=Manager,dc=shuba,dc=com"
rootpw secret
directory /var/lib/ldap
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
grep -v ^# /etc/openldap/ldap.conf | grep -v ^$
HOST 127.0.0.1
BASE dc=shuba,dc=com
grep -v ^# /etc/ldap.conf | grep -v ^$
host 127.0.0.1
base dc=frontbridge,dc=com
ssl no
pam_password md5
slapcat | perl -ple 's/userPassword:: .+/userPassword:: --snip --/g;
s/uidNumber:.+/uidNumber: #/g; s/gidNumber:.+/gidNumber: #/g'
dn: dc=shuba,dc=com
dc: shuba
objectClass: top
objectClass: domain
dn: ou=Hosts,dc=shuba,dc=com
ou: Hosts
objectClass: top
objectClass: organizationalUnit
dn: ou=Rpc,dc=shuba,dc=com
ou: Rpc
objectClass: top
objectClass: organizationalUnit
dn: ou=Services,dc=shuba,dc=com
ou: Services
objectClass: top
objectClass: organizationalUnit
dn: nisMapName=netgroup.byuser,dc=shuba,dc=com
nisMapName: netgroup.byuser
objectClass: top
objectClass: nisMap
dn: ou=Mounts,dc=shuba,dc=com
ou: Mounts
objectClass: top
objectClass: organizationalUnit
dn: ou=Networks,dc=shuba,dc=com
ou: Networks
objectClass: top
objectClass: organizationalUnit
dn: ou=People,dc=shuba,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=shuba,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou=Netgroup,dc=shuba,dc=com
ou: Netgroup
objectClass: top
objectClass: organizationalUnit
dn: ou=Protocols,dc=shuba,dc=com
ou: Protocols
objectClass: top
objectClass: organizationalUnit
dn: ou=Aliases,dc=shuba,dc=com
ou: Aliases
objectClass: top
objectClass: organizationalUnit
dn: nisMapName=netgroup.byhost,dc=shuba,dc=com
nisMapName: netgroup.byhost
objectClass: top
objectClass: nisMap
dn: cn=Manager,dc=shuba,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
structuralObjectClass: organizationalRole
dn: uid=nick,ou=People,dc=shuba,dc=com
uid: nick
cn: nick
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: --snip --
shadowLastChange: 12811
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: #
gidNumber: #
homeDirectory: /home/nick
dn: uid=nicktest,ou=People,dc=shuba,dc=com
uid: nicktest
cn: Nick Bernstein
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword:: --snip --
loginShell: /bin/bash
uidNumber: #
gidNumber: #
homeDirectory: /home/nicktest
dn: uid=test2,ou=People,dc=shuba,dc=com
uid: test2
cn: Nick Bernstein
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword:: --snip --
loginShell: /bin/bash
uidNumber: #
gidNumber: #
homeDirectory: /home/test2
dn: uid=foo,ou=People,dc=shuba,dc=com
uid: foo
cn: adding with ldapadd
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword:: --snip --
loginShell: /bin/bash
uidNumber: #
gidNumber: #
homeDirectory: /home/foo
---- Versions: -----------------
# rpm -qa | grep ldap
openldap-clients-2.0.27-11
mod_authz_ldap-0.22-3
openldap-servers-2.0.27-11
openldap-2.0.27-11
nss_ldap-207-2
php-ldap-4.3.2-8.ent
FrontBridge introduces Message Archive and Secure Email. Get leading Enterprise Message Security services from FrontBridge. www.frontbridge.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-sysadmin-list/attachments/20050128/aba6cbdc/attachment.htm>
More information about the redhat-sysadmin-list
mailing list