OpenLDap Problems

Nick Bernstein nbernstein at frontbridge.com
Sat Jan 29 00:47:31 UTC 2005 

Aside from some stuff a year or so ago during research into authenticating
linux hosts against active directory (another job, don't ask), this is my
first time setting up openldap. After reading the ldap quickstart, and
skimming over the admin guide, and picking up the Oriley book, all of which
pointed to a very simple setup, I figured it would be a cakewalk and after
getting annoyed with progress on ES3, I was able to do the exact same
sequence on Suse 9.2 in about 15 minutes and be able to browse tree, and
query successfully.. Since I'm doing it on redhat es v. 3, however, it, of
course, has to work oddly. :-)

 

The final goal for this is to be able to use ldap for authentication.

 

I'll go over the problem(s) first, and put the configuration stuff below.
Love to hear what you guys (and gals) think. 

 

Basically here's what I did: 

 

(1)     Setup /etc/openldap/slapd.conf

(2)     Authconfig info & auth both get ldap (localhost dc=shuba,dc=com)

(3)     Migrate_base > /tmp/base.ldif

(4)     Slapadd -f /etc/openldap/slapd.conf -x -v -l /tmp/base.ldif

(5)     Authconfig (turn shadow passwords off) 

(6)     Cp /etc/passwd /tmp/shadowpass.txt

(7)     Migrate_passwd.pl /tmp/shadowpass.txt > /tmp/users.ldif

(8)     Slapadd -f /etc/openldap/slapd.conf -x -v -f /tmp/base.ldif

(9)     Slapcatt | more (looks good)

(10) Service ldap start (/etc/init.d/ldap start)

(11) Ldapsearch -x (see below for results)

(12) Open a java ldap browser (connects, ONLY shows "dc=shuba, dc=com" - no
children)

(13) Try to connect using the Manager user, no dice.

 

 

(PS) I looked through the archives, and didn't see anything, as well as
going through google, and google news groups. If by some miracle, I've
missed readily available answers there or in the FAQ, please accept my
apologies in advance. 

 

TIA,

Nick

 

First ldapadd works oddly. An ldif that I can add with slapadd gives an
error using ldap add. 

 

slapadd -f /etc/openldap/slapd.conf -v -l /tmp/user.ldif

added: "uid=foo,ou=People,dc=shuba,dc=com" (00000050)

 

<< changes foo->bar, and increase the uid/gid by one, same file >> 

 

[root at test1-int migration]# /etc/init.d/ldap start

Starting slapd:                                       [OK]

 

[root at test1-int migration]# ldapadd -x -v -f /tmp/user.ldif

ldap_initialize( <DEFAULT> )

add uid:

        bar

add cn:

        adding with ldapadd

add objectClass:

        account

        posixAccount

        top

add userPassword:

        {SSHA}qaf5D6w/DGSY521JJu5gambxmBvadJyr

add loginShell:

        /bin/bash

add uidNumber:

        1029

add gidNumber:

        1029

add homeDirectory:

        /home/bar

adding new entry "uid=bar,ou=People,dc=shuba,dc=com"

ldap_add: Operations error

            

ldif_record() = 1

 

for the record, btw, the last entry in the db, according to slapcat is: 

 

dn: uid=foo,ou=People,dc=shuba,dc=com

uid: foo

cn: adding with ldapadd

objectClass: account

objectClass: posixAccount

objectClass: top

userPassword:: --snip --

loginShell: /bin/bash

uidNumber: 1028

gidNumber: 1028

homeDirectory: /home/foo

 

So that's the first thing. Second, Nothing comes back when I use ldapsearch,
even when asking for anything: 

            ldapsearch -x  -b '' -s base '(objectclass=*)'

version: 2

 

#

# filter: (objectclass=*)

# requesting: ALL

#

 

#

dn:

objectClass: top

objectClass: OpenLDAProotDSE

 

# search result

search: 2

result: 0 Success

 

# numResponses: 2

# numEntries: 1

 

 

--- config files
----------------------------------------------------------------------------
---

 

# grep -v ^# /etc/openldap/slapd.conf  | grep -v ^$

 

include         /etc/openldap/schema/core.schema

include         /etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/inetorgperson.schema

include         /etc/openldap/schema/nis.schema

include         /etc/openldap/schema/redhat/autofs.schema

include         /etc/openldap/schema/redhat/kerberosobject.schema

database      ldbm

suffix            "dc=shuba,dc=com"

rootdn          "cn=Manager,dc=shuba,dc=com"

rootpw          secret

directory       /var/lib/ldap

index   objectClass,uid,uidNumber,gidNumber,memberUid   eq

index   cn,mail,surname,givenname                       eq,subinitial

 

grep -v ^# /etc/openldap/ldap.conf  | grep -v ^$

 

HOST 127.0.0.1

BASE dc=shuba,dc=com

 

grep -v ^# /etc/ldap.conf | grep -v ^$

host 127.0.0.1

base dc=frontbridge,dc=com

ssl no

pam_password md5

 

slapcat | perl -ple 's/userPassword:: .+/userPassword:: --snip --/g;
s/uidNumber:.+/uidNumber: #/g; s/gidNumber:.+/gidNumber: #/g'

 

dn: dc=shuba,dc=com

dc: shuba

objectClass: top

objectClass: domain

 

dn: ou=Hosts,dc=shuba,dc=com

ou: Hosts

objectClass: top

objectClass: organizationalUnit

 

dn: ou=Rpc,dc=shuba,dc=com

ou: Rpc

objectClass: top

objectClass: organizationalUnit

 

dn: ou=Services,dc=shuba,dc=com

ou: Services

objectClass: top

objectClass: organizationalUnit

 

dn: nisMapName=netgroup.byuser,dc=shuba,dc=com

nisMapName: netgroup.byuser

objectClass: top

objectClass: nisMap

 

dn: ou=Mounts,dc=shuba,dc=com

ou: Mounts

objectClass: top

objectClass: organizationalUnit

 

dn: ou=Networks,dc=shuba,dc=com

ou: Networks

objectClass: top

objectClass: organizationalUnit

 

dn: ou=People,dc=shuba,dc=com

ou: People

objectClass: top

objectClass: organizationalUnit

 

dn: ou=Group,dc=shuba,dc=com

ou: Group

objectClass: top

objectClass: organizationalUnit

 

dn: ou=Netgroup,dc=shuba,dc=com

ou: Netgroup

objectClass: top

objectClass: organizationalUnit

 

dn: ou=Protocols,dc=shuba,dc=com

ou: Protocols

objectClass: top

objectClass: organizationalUnit

 

dn: ou=Aliases,dc=shuba,dc=com

ou: Aliases

objectClass: top

objectClass: organizationalUnit

 

dn: nisMapName=netgroup.byhost,dc=shuba,dc=com

nisMapName: netgroup.byhost

objectClass: top

objectClass: nisMap

 

dn: cn=Manager,dc=shuba,dc=com

objectClass: organizationalRole

cn: Manager

description: Directory Manager

structuralObjectClass: organizationalRole

 

dn: uid=nick,ou=People,dc=shuba,dc=com

uid: nick

cn: nick

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: --snip --

shadowLastChange: 12811

shadowMax: 99999

shadowWarning: 7

loginShell: /bin/bash

uidNumber: #

gidNumber: #

homeDirectory: /home/nick

 

dn: uid=nicktest,ou=People,dc=shuba,dc=com

uid: nicktest

cn: Nick Bernstein

objectClass: account

objectClass: posixAccount

objectClass: top

userPassword:: --snip --

loginShell: /bin/bash

uidNumber: #

gidNumber: #

homeDirectory: /home/nicktest

 

dn: uid=test2,ou=People,dc=shuba,dc=com

uid: test2

cn: Nick Bernstein

objectClass: account

objectClass: posixAccount

objectClass: top

userPassword:: --snip --

loginShell: /bin/bash

uidNumber: #

gidNumber: #

homeDirectory: /home/test2

 

dn: uid=foo,ou=People,dc=shuba,dc=com

uid: foo

cn: adding with ldapadd

objectClass: account

objectClass: posixAccount

objectClass: top

userPassword:: --snip --

loginShell: /bin/bash

uidNumber: #

gidNumber: #

homeDirectory: /home/foo

 

 

----   Versions:   -----------------

 

# rpm -qa | grep ldap

openldap-clients-2.0.27-11

mod_authz_ldap-0.22-3

openldap-servers-2.0.27-11

openldap-2.0.27-11

nss_ldap-207-2

php-ldap-4.3.2-8.ent

 



FrontBridge introduces Message Archive and Secure Email. Get leading Enterprise Message Security services from FrontBridge. www.frontbridge.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-sysadmin-list/attachments/20050128/aba6cbdc/attachment.htm>

More information about the redhat-sysadmin-list mailing list