[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapadd not working for me

To: Steve Greenfield <feats@colorado.icam.vt.edu>
Subject: Re: ldapadd not working for me
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 18 Mar 2005 09:56:26 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <1111159257.11841.140.camel@colorado.icam.vt.edu>
References: <1111159257.11841.140.camel@colorado.icam.vt.edu>

2.0 is quite historic.  I suggest you start with at least the most
recent "stable" release.  I also suggest you start with the
Quick Start Guide example (instead of some combined thing).

Kurt

At 07:20 AM 3/18/2005, Steve Greenfield wrote:
>I am building a new server and want to use OpenLDAP as the core
>directory service for a heterogeneous environment which includes
>Linux, IRIX, Solaris, and Windows.  The server is running Linux
>Enterprise version 3 from Redhat.  I have the following applications
>installed:
>
>        openldap-clients-2.0.27-17
>        openldap-2.0.27-17
>        openldap-devel-2.0.27-17
>        openldap-servers-2.0.27-17
>
>        cyrus-sasl-plain-2.1.15-10
>        cyrus-sasl-md5-2.1.15-10
>        cyrus-sasl-gssapi-2.1.15-10
>        cyrus-sasl-devel-2.1.15-10
>        cyrus-sasl-2.1.15-10
>
>To start I dug through my Linux Journals and found these articles:
>
>        "LDAP for Security" by Mick Bauer
>
>        "Large-Scale Mail with Postfix, OpenLDAP and Courier"
>                by Dave Dribin & Keith Garner
>
>        "OpenLDAP Everywhere" by Craig Swanson & Matt Lung
>
>        "Highly Available LDAP" by Cliff White & Jay D. Allen
>
>        "Secure Mail with LDAP and IMAP" by Mick Bauer
>
>I started with the Mick Bauer article "LDAP for Security, Part I",
>thinking I would be able to easily set-up a directory and add initial
>entries to it.  I tried to combine what was in Mick's article with the
>"A Quick-Start Guide" in section 2 of the "OpenLDAP 2.0 Administrator's
>Guide".  I will outline what I did.
>
>I edited the /etc/openldap/slapd.conf file following what was in Mick's
>article "Listing 1".  My slapd.conf file looks like this.
>
>
>
>
>
># cat slapd.conf
># $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27
>20:00:31 kurt Exp $
>#
># See slapd.conf(5) for details on configuration options.
># This file should NOT be world readable.
>#
>include         /etc/openldap/schema/core.schema
>include         /etc/openldap/schema/cosine.schema
>include         /etc/openldap/schema/inetorgperson.schema
>include         /etc/openldap/schema/nis.schema
>include         /etc/openldap/schema/redhat/autofs.schema
>include         /etc/openldap/schema/redhat/kerberosobject.schema
>  
># Define global ACLs to disable default read access.
>  
># Do not enable referrals until AFTER you have a working directory
># service AND an understanding of referrals.
>#referral       ldap://root.openldap.org
>  
>#pidfile        //var/run/slapd.pid
>#argsfile       //var/run/slapd.args
>  
># Create a replication log in /var/lib/ldap for use by slurpd.
>#replogfile     /var/lib/ldap/master-slapd.replog
> 
>loglevel        4
>  
># Load dynamic backend modules:
># modulepath    /usr/sbin/openldap
># moduleload    back_ldap.la
># moduleload    back_ldbm.la
># moduleload    back_passwd.la
># moduleload    back_shell.la
>  
>#
># The next three lines allow use of TLS for connections using a dummy
>test
># certificate, but you should generate a proper certificate by changing
>to
># /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions
>on
># slapd.pem so that the ldap user or group can read it.
># TLSCertificateFile /usr/share/ssl/certs/slapd.pem
># TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
># TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
>#
># Sample Access Control
>#       Allow read access of root DSE
>#       Allow self write access
>#       Allow authenticated users read access
>#       Allow anonymous users to authenticate
>#
>#access to dn="" by * read
>#access to *
>#       by self write
>#       by users read
>#       by anonymous auth
>#
># if no access controls are present, the default is:
>#       Allow read by all
>#
># rootdn can always write!
>  
>#######################################################################
># ldbm database definitions
>#######################################################################
>  
>database        ldbm
>suffix          "dc=math,dc=vpisu,dc=edu"
>rootdn          "cn=ldapguy,dc=math,dc=vpisu,dc=edu"
>rootpw          secret
>directory       /var/lib/ldap
>#
># Indices to maintain
>index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
>index   cn,mail,surname,givenname                       eq,subinitial
># Replicas to which we should propagate changes
>#replica host=ldap-1.example.com:389 tls=yes
>#       bindmethod=sasl saslmech=GSSAPI
>#       authcId=host/ldap-master.example.com@EXAMPLE.COM
>
>
>
>
>
>I inserted the "loglevel 4" to get information into the SYSLOG.
>I also had to update the /etc/syslog.conf file to include a
>local4.* entry.  I updated the database, suffix, rootdn and rootpw
>entries.
>
>I tried a rootdn entry with ldapguy and Manager.  The Quick-Start
>guide used Manager and Mick's article used ldapguy.  I tried it
>with a /etc/passwd entry for ldapguy and without.
>
>I tried rootpw with a SSHA password created using slappasswd, with
>a CRYPT password created using slappasswd and with "rootpw secret"
>as per the Quick-Start guide.
>
>I start slapd by issuing /etc/init.d/lapd/start.
>
>When I issue the initial ldapsearch I get this:
>
>
>
>
># ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
>version: 2
> 
>#
># filter: (objectclass=*)
># requesting: namingContexts
>#
> 
>#
>dn:
>namingContexts: dc=math,dc=vpisu,dc=edu
> 
># search result
>search: 2
>result: 0 Success
> 
># numResponses: 2
># numEntries: 1
>
>
>
>
>
>I thought I was on the right track, but...that is as far as I get!
>
>I keep getting stuck with the adding of initial entries to my
>directory and would appreciate any help the list may provide.
>
>I created a example.ldif file which looks like this:
>
>
>
>
>dn: dc=math,dc=vpisu,dc=edu
>objectclass: dcObject
>objectclass: organization
>o: ICAM
>dc: icam
> 
>dn: cn=Manager,dc=math,dc=vpisu,dc=edu
>objectclass: organizationalRole
>cn: Manager
>
>
>
>
>
>When I try and do the ldapadd I get errors:
>
>
>
>
># ldapadd -x -D "cn=Manager,dc=math,dc=vpisu,dc=edu" -W -f example.ldif
>Enter LDAP Password:
>ldap_bind: Invalid credentials
>
>
># ldapadd -D "cn=Manager,dc=math,dc=vpisu,dc=edu" -W -f example.ldif
>Enter LDAP Password:
>SASL/GSSAPI authentication started
>ldap_sasl_interactive_bind_s: Local error
>
>
>
>
>
>I am stumped!  I have been searching the web and cannot find anything
>to get me past this.  If you know of a web location that can help,
>could you point me in the right direction.
>
>Thanks!

References:
- ldapadd not working for me
  - From: Steve Greenfield <feats@colorado.icam.vt.edu>

Prev by Date: RE: Compiling BerkeleyDB 4.3.27 against OpenLDAP 2.2.23 statically
Next by Date: Re: newbie question - acl for write/read not delete or change
Index(es):
- Chronological
- Thread