[Date Prev][Date Next]
RE: OpenLdap Problems on Redhat ESv3
Please forgive the use of outlook, I am stuck on windows until I receive a
new box. I have enclosed my responses in
to differentiate it from the previous senders. Outlook is not the best mail
GUI, and does not seem to quote messages. :/
On January 30th, Howard Chu Wrote:
As Quanah already posted, using the default OpenLDAP package bundled
with RedHat is your first mistake. RedHat bundles 2.0.27, which was
released in 2002 and has been unsupported for quite some time now.
You're going to need to build a recent release if you want to get
anywhere with this.
>Basically here's what I did:
"Basically" isn't good enough. If you don't tell *exactly* what you did,
then you will not get answers that *exactly* solve your problem. This is
not interpretive poetry, precision and attention to detail counts.
below was meant as an overview. Relevant configuration files were
linked to which provide more detail - I'm tried to include as much
detail as possible. So much so, that my original email was bounced
being too long.
>(8) Slapadd -f /etc/openldap/slapd.conf -x -v -f /tmp/base.ldif
You have "-f" twice in the above line, which surely did not work.
the second "-f" should have been an "-l".
>(9) Slapcatt | more (looks good)
How do you know what "good" looks like? How are we expected to know what
you mean by it?
My apologies by "good" I meant that it looked like valid ldif and I
was able to extract what I had earlier put in using slapadd.
>First ldapadd works oddly. An ldif that I can add with slapadd gives an
>error using ldap add.
You should read the slapadd(8) manpage more carefully, especially the
part where it says that input to slapadd is not checked for errors.
slapadd is intended to load properly formatted databases, e.g. as
produced by slapcat. Otherwise the saying "garbage in, garbage out"
applies. For LDIF that was generated by anything else, you should use
ldapadd. When ldapadd returns an error, that means your LDIF is not
That's very helpful, thank you.
The thing that's confusing to me is that I was not making my own
Entries, but instead, either copying them out of various howtos,
including the ldap admin's guide and quickstart, as well as the
O'Riley LDAP book.
Initially, however, I tried used the ldif's generated by migration
Tool's migrate_base.pl script. This worked fine on my other SuSE
System that was trying to setup in parallel (which worked fine). I
Also used the ldif generated by slapcatting the SuSE ldap's DB.
>So that's the first thing. Second, Nothing comes back when I use
>even when asking for anything:
> ldapsearch -x -b '' -s base '(objectclass=*)'
You requested a base search on the rootDSE (DN='') and that is exactly
what you got back. No error here. Perhaps the ldapsearch command you're
using is not the one you intended, but there's not enough information in
this email to discern exactly what you really intended.
I just want to see if the entries are being put into my directory.
I thought that was the most general search that I could make. I also
ldapsearch -x -b 'dc=shuba,dc=com'
ldapsearch -x -b 'dc=shuba,dc=com' -s base '(objectclass=*)'
ldapsearch -x -s base '(objectclass=*)'
What would a better search to do be?
Thank you for your response,
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support
FrontBridge introduces Message Archive and Secure Email. Get leading Enterprise Message Security services from FrontBridge. www.frontbridge.com.