[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapcat vs. ldapsearch

On Fri, 21 Jan 2005, Buchan Milne wrote:

| -    I'm using the OpenLDAP which comes with Redhat Enterprise 3
|     (openldap-2.0.27-17)

I guess I should really get around to doing a bit more testing on my
parallel-installable openldap-2.2.20 packages for RHEL3 to iron out the
last minor issues, so I can make them available and people can run a
modern package without conflicting with the original packages ...

That'd be nice. I'm still in the testing stages of all this at the moment, so I'm happy to use something that still has issues for a while. And I've made RPMs before, so if the issues are with that, I might be able to fix them :).

| -    Rather than adding entries with ldapadd, I'm using the migration
|     scripts which come with openLDAP (specifically, using
|     migrate_all_offline before I started openLDAP).

(I doubt the usefulness of having some of the information migrated ...
having services, protocols in LDAP is a bit pointless IMHO ...)

At the moment, I'm just trying to learn OpenLDAP, so that in the future I can get automated rollouts of LDAP servers going using a combination of cfengine and Arpmats (links below in case anyone cares). So I don't particularly mind whether the data is useful at this point, but I'll keep it in mind. Thanks. http://www.iu.hio.no/cfengine/

|  These show up
|     fine in slapcat, but when I run the ldapsearch command listed in
|     step 3 of section 2 of the Quick Start Guide, I get:

It would help if you gave the actual command ... I am not sure which
version of the Quick Start guide your are using ...

Sorry; I'm working directly from the website here.

ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

| -------------------------------
| version: 2
| #
| # filter: (objectclass=*)
| # requesting: ALL
| #
| # search result
| search: 2
| result: 32 No such object
| # numResponses: 1
| -------------------------------
|     AFAIK, the only passwords involved are:
| 1.    The one in slapd.conf
| 2.    Anything imported by the migrate scripts
|     Does this help at all?

Yep. But, I'm going to paste some parts of your previous mail:

| --------------------------------
| # slapcat
| ...
| dn: cn=sync,ou=Rpc,dc=webalive,dc=biz
| objectClass: oncRpc
| objectClass: top
| description: RPC sync
| description: ONC RPC number 100104 (sync)
| oncRpcNumber: 100104
| cn: sync
| cn: na.sync
| ...
| --------------------------------
|     If I do an ldapsearch, I don't seem to be able to get this
information out:
| --------------------------------
| # ldapsearch -x -LLL -b '' -s base  -D 'cn=sync,ou=Rpc,dc=webalive,dc=biz'
| dn:
| objectClass: top
| objectClass: OpenLDAProotDSE
| --------------------------------
|     Question; is there something obvious I'm missing?  eg. a command
line option to ldapsearch?

The search you list here is:
- -searching on the "root DIT" (via -b ''), with a scope of base,
requesting all non-operational attibutes. The output is more or less
what one would expect to see.
- -You are trying to bind as cn=sync,ou=Rpc,dc=webalive,dc=biz without a

Just so that I understand: 1. To use a password, I use the -W switch 2. The password which I'd be using here; is it the one in the slapd.conf file, or one of the ones in the LDAP user database?

If you were trying to retreive the cn=sync,ou=Rpc,dc=webalive,dc=biz
entry, you should probably instead have run something like this:

$ ldapsearch -x -LLL -b  cn=sync,ou=Rpc,dc=webalive,dc=biz -s base


$ ldapsearch -x -LLL -b  dc=webalive,dc=biz "(cn=sync)"

You should be able to retrieve most entries in your directory with:

$ ldapsearch -x -LLL -b  dc=webalive,dc=biz

If you have configured your ldap client correctly (ie have "BASE
dc=webalive,dc=biz" in /etc/openldap/ldap.conf), you should also get the
~ same with:

$ ldapsearch -x -LLL -b dc=webalive,dc=biz

All of these come up with the same error: ---------------------------- No such object (32) ----------------------------

Another question: is that the error I'd get if the user/pass are incorrect? I suspect the user/pass problem is the one I'm running into, but I'm not sure.

	Thanks again!

Tim Nelson
Server Administrator
WebAlive Technologies Global
Level 1 Innovation Building, Digital Harbour
1010 LaTrobe Street
Docklands, Melbourne, Vic, 3008
Phone: +61 3 9934 0812
Fax: +61 3 9934 0899
E-mail: tim.nelson@webalive.biz

"Your Business, Your Web, Your Control"