[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapcat vs. ldapsearch

To: Buchan Milne <bgmilne@obsidian.co.za>
Subject: Re: slapcat vs. ldapsearch
From: Tim Nelson <architect@webalive.biz>
Date: Tue, 25 Jan 2005 13:50:34 +1100 (EST)
Cc: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>, openldap-software@OpenLDAP.org
In-reply-to: <41F0AF80.5030400@obsidian.co.za>
References: <Pine.LNX.4.60.0501131606110.6461@tnelson.webalive.biz> <hbf.2005011387v@bombur.uio.no> <Pine.LNX.4.60.0501131658350.6461@tnelson.webalive.biz> <hbf.20050113yfep@bombur.uio.no> <41E6247B.4070807@obsidian.co.za> <Pine.LNX.4.60.0501211110440.3435@tnelson.webalive.biz> <41F0AF80.5030400@obsidian.co.za>

On Fri, 21 Jan 2005, Buchan Milne wrote:

| -    I'm using the OpenLDAP which comes with Redhat Enterprise 3
|     (openldap-2.0.27-17)

I guess I should really get around to doing a bit more testing on my
parallel-installable openldap-2.2.20 packages for RHEL3 to iron out the
last minor issues, so I can make them available and people can run a
modern package without conflicting with the original packages ...

That'd be nice. I'm still in the testing stages of all this at the moment, so I'm happy to use something that still has issues for a while. And I've made RPMs before, so if the issues are with that, I might be able to fix them :).

| -    Rather than adding entries with ldapadd, I'm using the migration
|     scripts which come with openLDAP (specifically, using
|     migrate_all_offline before I started openLDAP).

(I doubt the usefulness of having some of the information migrated ...
having services, protocols in LDAP is a bit pointless IMHO ...)

At the moment, I'm just trying to learn OpenLDAP, so that in the future I can get automated rollouts of LDAP servers going using a combination of cfengine and Arpmats (links below in case anyone cares). So I don't particularly mind whether the data is useful at this point, but I'll keep it in mind. Thanks. http://www.iu.hio.no/cfengine/ http://arpmats.sourceforge.net/

|  These show up
|     fine in slapcat, but when I run the ldapsearch command listed in
|     step 3 of section 2 of the Quick Start Guide, I get:

It would help if you gave the actual command ... I am not sure which
version of the Quick Start guide your are using ...


	Sorry; I'm working directly from the website here.

ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

| -------------------------------
| version: 2
|
| #
| # filter: (objectclass=*)
| # requesting: ALL
| #
|
| # search result
| search: 2
| result: 32 No such object
|
| # numResponses: 1
| -------------------------------
|
|     AFAIK, the only passwords involved are:
| 1.    The one in slapd.conf
| 2.    Anything imported by the migrate scripts
|
|     Does this help at all?
|

Yep. But, I'm going to paste some parts of your previous mail:

| --------------------------------
| # slapcat
| ...
| dn: cn=sync,ou=Rpc,dc=webalive,dc=biz
| objectClass: oncRpc
| objectClass: top
| description: RPC sync
| description: ONC RPC number 100104 (sync)
| oncRpcNumber: 100104
| cn: sync
| cn: na.sync
| ...
| --------------------------------
|
|     If I do an ldapsearch, I don't seem to be able to get this
information out:
|
| --------------------------------
| # ldapsearch -x -LLL -b '' -s base  -D 'cn=sync,ou=Rpc,dc=webalive,dc=biz'
| dn:
| objectClass: top
| objectClass: OpenLDAProotDSE
| --------------------------------
|
|     Question; is there something obvious I'm missing?  eg. a command
line option to ldapsearch?

The search you list here is:
- -searching on the "root DIT" (via -b ''), with a scope of base,
requesting all non-operational attibutes. The output is more or less
what one would expect to see.
- -You are trying to bind as cn=sync,ou=Rpc,dc=webalive,dc=biz without a
password


	Just so that I understand:
1.	To use a password, I use the -W switch
2.	The password which I'd be using here; is it the one in the
	slapd.conf file, or one of the ones in the LDAP user database?

If you were trying to retreive the cn=sync,ou=Rpc,dc=webalive,dc=biz
entry, you should probably instead have run something like this:

$ ldapsearch -x -LLL -b  cn=sync,ou=Rpc,dc=webalive,dc=biz -s base

Or:

$ ldapsearch -x -LLL -b  dc=webalive,dc=biz "(cn=sync)"

You should be able to retrieve most entries in your directory with:

$ ldapsearch -x -LLL -b  dc=webalive,dc=biz

If you have configured your ldap client correctly (ie have "BASE
dc=webalive,dc=biz" in /etc/openldap/ldap.conf), you should also get the
~ same with:

$ ldapsearch -x -LLL -b dc=webalive,dc=biz


	All of these come up with the same error:
----------------------------
No such object (32)
----------------------------

Another question: is that the error I'd get if the user/pass are incorrect? I suspect the user/pass problem is the one I'm running into, but I'm not sure.

	Thanks again!

-- Tim Nelson Server Administrator WebAlive Technologies Global Level 1 Innovation Building, Digital Harbour 1010 LaTrobe Street Docklands, Melbourne, Vic, 3008 Phone: +61 3 9934 0812 Fax: +61 3 9934 0899 E-mail: tim.nelson@webalive.biz http://www.webalive.biz/

"Your Business, Your Web, Your Control"

References:
- slapcat vs. ldapsearch
  - From: Tim Nelson <architect@webalive.biz>
- Re: slapcat vs. ldapsearch
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: slapcat vs. ldapsearch
  - From: Tim Nelson <architect@webalive.biz>
- Re: slapcat vs. ldapsearch
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: slapcat vs. ldapsearch
  - From: Buchan Milne <bgmilne@obsidian.co.za>
- Re: slapcat vs. ldapsearch
  - From: Tim Nelson <architect@webalive.biz>
- Re: slapcat vs. ldapsearch
  - From: Buchan Milne <bgmilne@obsidian.co.za>

Prev by Date: speeding up searches and better security - access lists
Next by Date: help:make cyrus-sasl-2.1.20 failed
Index(es):
- Chronological
- Thread