[Date Prev][Date Next]
Re: Unable to do a ldapsearch/ldapadd
- To: openldap-software@OpenLDAP.org
- Subject: Re: Unable to do a ldapsearch/ldapadd
- From: Turbo Fredriksson <email@example.com>
- Date: 03 May 2002 13:42:25 +0200
- In-reply-to: <firstname.lastname@example.org>
- Organization: LDAP/Kerberos expert wannabe
- References: <email@example.com>
- User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
Quoting Jim Worke <firstname.lastname@example.org>:
> I'm experimenting with the OpenLDAP+SASL+Kerberos 5,
> as shown from http://www.bayour.com/LDAPv3-HOWTO.html.
> I'm a bit confused on how to add data for the first
> time into the LDAP database, i.e. data for the
> ldapadm,krbadm, domain, etc.
The HOWTO _requires_ that you know the basics in OpenLDAP
and MIT Kerberos V...
> Do I use slapadd or ldapadd? If I use slapadd, the
> data can be inserted. But if I use ldapadd, I have an
> error of insufficient access.
Then fix your ACL's. See the OpenLDAP Admin guide.
> After adding the data with slapadd, I can't do a
> ldapsearch. The error is No such object.
Probably because you did not create a propper LDIF.
Slapadd modifies the db files 'raw', without going
through the LDAP daemon (which makes sure that the
data is correct).
> I've already set my ACL to access to * by * write and
> default access to write (for the time being only, just
> for testing). So I guess it's not the ACL?
Did you restart the daemon? Are you adding BELOW your
configured base DN? Does the base DN _EXISTS_ in the
> Note that, testing for "ldapsearch -H ldaps:/// -I -b
> "" -s base -LLL supportedSASLMechanisms" works well.
> So my guess is that I've inserted the data wrongly
> (though slapcat can give me the data).
Send us the LDIF, maybe it's something obvious :)
> Also, I use ldapsearch as ldapsearch -H ldaps:/// -I
> -b "" -s sub "uid=administrator". Is this correct?
No. If you're using KerberosV, then you first have to
get a ticket, THEN you 'just search' (without -x).
You _MIGHT_ have to use the '-I' option...
If you're using SASL (without Kerberos), then I don't
know. The HOWTO don't cover this (yet).
> Or do I have to add -U/-X?
Either that, or -I (interactive).
PS. Keep this on the list...