[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapcat vs. ldapsearch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tim Nelson wrote:
| On Thu, 13 Jan 2005, Buchan Milne wrote:
|
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> Hallvard B Furuseth wrote:
|>
|> | Of course, 'upgrade to the latest Stable version' also tends ot be a
|> | good answer, in particular if you are using the OpenLDAP which comes
|> | with RedHat:-)
|>
|> I really don't think this will fix the problem, and there are some
|> useful things you can do with the OpenLDAP that comes with RedHat, you
|> can read the man pages ;-).
|>
|> Tim, care to explain exactly what you are trying to do? Maybe you want
|> to post the relevant bits of your slapd.conf, and also tell us if you
|> have actually got a password for cn=sync,ou=Rpc in your database ...
|
|
|     Ok, finally managed to get back to this.
|
|     I'm essentially trying to follow the Quick Start guide, with the
| following assumptions and modifications of the process:
| -    I'm using the OpenLDAP which comes with Redhat Enterprise 3
|     (openldap-2.0.27-17)

I guess I should really get around to doing a bit more testing on my
parallel-installable openldap-2.2.20 packages for RHEL3 to iron out the
last minor issues, so I can make them available and people can run a
modern package without conflicting with the original packages ...

|, and I'm assuming that the RPM has already
|     done steps 1-7 in the first section of the quick start guide for
|     me, and that the only step I needed to complete in the first
|     section was step 8, configure config files (which I've done, with
|     the exception that I generated the password with slappasswd, and
|     pasted that in the config file)
| -    I'm assuming that Redhat's "service ldap start" (aka
|     /etc/rc.d/init.d/ldap start) does the same thing as starting the
|     LDAP server in step 1 of the second section.
| -    Evidence that the above assumptions are true: in step 1 of the
|     second section, I get the correct output for ldapsearch

No problem so far.

| -    Rather than adding entries with ldapadd, I'm using the migration
|     scripts which come with openLDAP (specifically, using
|     migrate_all_offline before I started openLDAP).

(I doubt the usefulness of having some of the information migrated ...
having services, protocols in LDAP is a bit pointless IMHO ...)

|  These show up
|     fine in slapcat, but when I run the ldapsearch command listed in
|     step 3 of section 2 of the Quick Start Guide, I get:

It would help if you gave the actual command ... I am not sure which
version of the Quick Start guide your are using ...

| -------------------------------
| version: 2
|
| #
| # filter: (objectclass=*)
| # requesting: ALL
| #
|
| # search result
| search: 2
| result: 32 No such object
|
| # numResponses: 1
| -------------------------------
|
|     AFAIK, the only passwords involved are:
| 1.    The one in slapd.conf
| 2.    Anything imported by the migrate scripts
|
|     Does this help at all?
|

Yep. But, I'm going to paste some parts of your previous mail:

| --------------------------------
| # slapcat
| ...
| dn: cn=sync,ou=Rpc,dc=webalive,dc=biz
| objectClass: oncRpc
| objectClass: top
| description: RPC sync
| description: ONC RPC number 100104 (sync)
| oncRpcNumber: 100104
| cn: sync
| cn: na.sync
| ...
| --------------------------------
|
|     If I do an ldapsearch, I don't seem to be able to get this
information out:
|
| --------------------------------
| # ldapsearch -x -LLL -b '' -s base  -D 'cn=sync,ou=Rpc,dc=webalive,dc=biz'
| dn:
| objectClass: top
| objectClass: OpenLDAProotDSE
| --------------------------------
|
|     Question; is there something obvious I'm missing?  eg. a command
line option to ldapsearch?

The search you list here is:
- -searching on the "root DIT" (via -b ''), with a scope of base,
requesting all non-operational attibutes. The output is more or less
what one would expect to see.
- -You are trying to bind as cn=sync,ou=Rpc,dc=webalive,dc=biz without a
password

If you were trying to retreive the cn=sync,ou=Rpc,dc=webalive,dc=biz
entry, you should probably instead have run something like this:

$ ldapsearch -x -LLL -b  cn=sync,ou=Rpc,dc=webalive,dc=biz -s base

Or:

$ ldapsearch -x -LLL -b  dc=webalive,dc=biz "(cn=sync)"

You should be able to retrieve most entries in your directory with:

$ ldapsearch -x -LLL -b  dc=webalive,dc=biz

If you have configured your ldap client correctly (ie have "BASE
dc=webalive,dc=biz" in /etc/openldap/ldap.conf), you should also get the
~ same with:

$ ldapsearch -x -LLL -b  dc=webalive,dc=biz

Regards,
Buchan

- --
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB8K+ArJK6UGDSBKcRAr/TAKCVJMemODX0FH51s2BUzVm5lh9jBACfXxNr
CtHTnjhIXI6Kn4Lp9JOqIV8=
=OHD9
-----END PGP SIGNATURE-----