[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLdap Problems on Redhat ESv3

Please forgive the use of outlook, I am stuck on windows until I receive a
new box. I have enclosed my responses in 


to differentiate it from the previous senders. Outlook is not the best mail
GUI, and does not seem to quote messages. :/

On January 30th, Howard Chu Wrote:

As Quanah already posted, using the default OpenLDAP package bundled 
with RedHat is your first mistake. RedHat bundles 2.0.27, which was 
released in 2002 and has been unsupported for quite some time now. 
You're going to need to build a recent release if you want to get 
anywhere with this.

>Basically here's what I did: 
"Basically" isn't good enough. If you don't tell *exactly* what you did, 
then you will not get answers that *exactly* solve your problem. This is 
not interpretive poetry, precision and attention to detail counts.


	below was meant as an overview. Relevant configuration files were 
	linked to which provide more detail - I'm tried to include as much 
	detail as possible. So much so, that my original email was bounced
	being too long. 


>(8)     Slapadd -f /etc/openldap/slapd.conf -x -v -f /tmp/base.ldif
You have "-f" twice in the above line, which surely did not work.


	the second "-f" should have been an "-l". 


>(9)     Slapcatt | more (looks good)
How do you know what "good" looks like? How are we expected to know what 
you mean by it?


	My apologies by "good" I meant that it looked like valid ldif and I 
	was able to extract what I had earlier put in using slapadd.



>First ldapadd works oddly. An ldif that I can add with slapadd gives an
>error using ldap add.

You should read the slapadd(8) manpage more carefully, especially the 
part where it says that input to slapadd is not checked for errors. 
slapadd is intended to load properly formatted databases, e.g. as 
produced by slapcat. Otherwise the saying "garbage in, garbage out" 
applies. For LDIF that was generated by anything else, you should use 
ldapadd. When ldapadd returns an error, that means your LDIF is not 
properly structured.


	That's very helpful, thank you. 
	The thing that's confusing to me is that I was not making my own
	Entries, but instead, either copying them out of various howtos, 
	including the ldap admin's guide and quickstart, as well as the 
	O'Riley LDAP book. 

	Initially, however, I tried used the ldif's generated by migration
	Tool's migrate_base.pl script. This worked fine on my other SuSE 
	System that was trying to setup in parallel (which worked fine). I
	Also used the ldif generated by slapcatting the SuSE ldap's DB.

>So that's the first thing. Second, Nothing comes back when I use
>even when asking for anything: 
>            ldapsearch -x  -b '' -s base '(objectclass=*)'

You requested a base search on the rootDSE (DN='') and that is exactly 
what you got back. No error here. Perhaps the ldapsearch command you're 
using is not the one you intended, but there's not enough information in 
this email to discern exactly what you really intended.


	I just want to see if the entries are being put into my directory. 
	I thought that was the most general search that I could make. I also
		ldapsearch -x
		ldapsearch -x -b 'dc=shuba,dc=com'
		ldapsearch -x -b 'dc=shuba,dc=com' -s base '(objectclass=*)'
		ldapsearch -x -s base '(objectclass=*)'

	What would a better search to do be?

	Thank you for your response, 


  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

FrontBridge introduces Message Archive and Secure Email. Get leading Enterprise Message Security services from FrontBridge. www.frontbridge.com.