[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: a few issues



Please keep posting on the mailing list, if you want to get more valuable
help.

> On Monday 11 April 2005 18:42, Pierangelo Masarati wrote:
> Many thanx to you coz Iam in troubles for a month.
>
>
>> > Hello ,
>> >
>> > I have  questions
>> >
>> > 1)when I use the gq as gui to admin my LDAP server, I get the
>> following
>> > message "could not bind to LDAP connection to 'example.com' .Invalid
>> DN
>> > syntax".
>> > Does any one have an idea what is wrong here.?
>>
>> The message is self explanatory: the DN you use to bind is incorrect.
>> To
>> get further help you should post that DN.
> the DN in gq is
> "cn=admin,dc=example,dc=com"

The DN looks fine; however, you must be sure that the attributeTypes you
use in the DN are known to the server.  "cn" is builtin, but "dc" is not;
are you including the appropriate schema files?  From your early posting
it appears that you're including core.schema; I wonder if there's any typo
or you typed any non-printing char in gq.  Can you check?


>
> I am using the same value for base DN and for bindDN (I hope this is
> allowed)
> in my  slapd.conf

The "rootdn" can be the same as the "suffix"; the "binddn" directive is
only meaningful for "ldaprc" (see ldap.conf(5) for details); the "bindpw"
directive is unknown to OpenLDAP software, so you should remove both from
your slapd.conf.


>
>>
>> > 2)when I add
>> > dn: ou=Group,dc=example,dc=com
>> > ou: Group
>> > objectClass: organizationalUnit
>> > objectClass: top
>> >
>> > dn: cn=root,ou=Group,dc=example,dc=com
>> > cn: root
>> > objectClass: posixGroup
>> > objectClass: top
>> > gidNumber: 0
>> > memberUid: 0
>> >
>> > dn: cn=users,ou=Group,dc=example,dc=com
>> > cn: users
>> > objectClass: posixGroup
>> > objectClass: top
>> > gidNumber: 5000
>> > memberUid: asuffield
>> > memberUid: test
>> > memberUid: test2
>> >
>> > dn: cn=admin,ou=Group,dc=example,dc=com
>> > cn: admin
>> > objectClass: posixGroup
>> > objectClass: top
>> > gidNumber: 5001
>> > memberUid: asuffield
>> > &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
>> > the slapd -t command would give the following
>>
>> It appears that "slapd -t" is actually testing the LDIF file.  "slapd
>> -t"
>> is intended to check the correctness of slapd.conf, i.e. of the
>> configuration, not of LDIF.  There's no LDIF checker, to my knowledge,
>> except ldapadd.
> actually I have included some entries inside the slapd.conf ,

Your solution to fixing problems with ldapadd is rather extravagant.  It's
like putting fuel in the trunk because you cannot find the tank.

Unless you remove LDIF data from your slapd.conf it's very unlikely that
you can start slapd without clobbering your logs...

> and " slapd -t " is testing the validaty of the slapd.conf
>
> I have done that bcoz I could not manage to get the ldapadd command
> working
>
> ldapadd -f /usr/share/doc/libnss-ldap/examples/groups.ldif -x -h rat -D
> "cn=admin,dc=example,dc=com" -w secret
>
> NOTE: rat is my machine name ,I am using Debian/Sarge

what does "Debian/Sarge" mean in terms of OpenLDAP version?

> the contents of file /usr/share/doc/libnss-ldap/examples/groups.ldif   is
> presented later.
> -----------------------------------------------------
> the result for the ldapadd is
>
> #adding new entry "ou=People,dc=example,dc=com"
> #ldapadd:updatefailed ou= People,dc=example,dc=com
> #ldap-add:no such object (32)

Apparently you cannot add "ou=People,dc=example,dc=com"; are you sure the
entry "dc=example,dc=com" (i.e. the "suffix" of your database) is already
in?

p.

>
>>
>> p.
>>
>> > /etc/ldap/slapd.conf: line 36: unknown directive "dn:" in bdb database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 37: unknown directive "ou:" in bdb database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 38: unknown directive "objectClass:" in bdb
>> > database definition (ignored)
>> > /etc/ldap/slapd.conf: line 39: unknown directive "objectClass:" in bdb
>> > database definition (ignored)
>> > /etc/ldap/slapd.conf: line 41: unknown directive "dn:" in bdb database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 42: unknown directive "cn:" in bdb database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 43: unknown directive "objectClass:" in bdb
>> > database definition (ignored)
>> > /etc/ldap/slapd.conf: line 44: unknown directive "objectClass:" in bdb
>> > database definition (ignored)
>> > /etc/ldap/slapd.conf: line 45: unknown directive "gidNumber:" in bdb
>> > database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 46: unknown directive "memberUid:" in bdb
>> > database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 48: unknown directive "dn:" in bdb database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 49: unknown directive "cn:" in bdb database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 50: unknown directive "objectClass:" in bdb
>> > database definition (ignored)
>> > /etc/ldap/slapd.conf: line 51: unknown directive "objectClass:" in bdb
>> > database definition (ignored)
>> > /etc/ldap/slapd.conf: line 52: unknown directive "gidNumber:" in bdb
>> > database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 53: unknown directive "memberUid:" in bdb
>> > database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 54: unknown directive "memberUid:" in bdb
>> > database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 55: unknown directive "memberUid:" in bdb
>> > database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 57: unknown directive "dn:" in bdb database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 58: unknown directive "cn:" in bdb database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 59: unknown directive "objectClass:" in bdb
>> > database definition (ignored)
>> > /etc/ldap/slapd.conf: line 60: unknown directive "objectClass:" in bdb
>> > database definition (ignored)
>> > /etc/ldap/slapd.conf: line 61: unknown directive "gidNumber:" in bdb
>> > database
>> > definition (ignored)
>> > /etc/ldap/slapd.conf: line 62: unknown directive "memberUid:" in bdb
>> > database
>> > definition (ignored)
>> >
>> > %%%%%%%%%%%%%%%%%%%%%%%%%%
>> > my slapd.conf
>> > %%%%%%%%%%%%%%%%%%%%%%%%%%
>> > # slapd 2.1.30
>> > include         /etc/ldap/schema/core.schema
>> > include         /etc/ldap/schema/cosine.schema
>> > include         /etc/ldap/schema/nis.schema
>> > include         /etc/ldap/schema/inetorgperson.schema
>> > include  /etc/ldap/schema/misc.schema
>> > include  /etc/ldap/schema/java.schema
>> > include  /etc/ldap/schema/corba.schema
>> > include  /etc/ldap/schema/openldap.schema
>> >
>> > pidfile         /var/run/slapd/slapd.pid
>> > argsfile        /var/run/slapd.args
>> > loglevel        0
>> > schemacheck on
>> > modulepath /usr/lib/ldap
>> > moduleload back_bdb
>> >
>> >
>> > binddn "cn=admin,dc=example,dc=com"
>> > bindpw secret
>> >
>> > ########## now we define the db directory directives ############
>> > backend  bdb
>> > database        bdb
>> > readonly off
>> >
>> > suffix  "dc=example,dc=com"
>> > directory       "/var/lib/ldap"
>> > index cn,sn,uid pres,eq,sub
>> > index objectclass eq
>> > lastmod         on
>> >
>> > rootdn "cn=admin,dc=example,dc=com"
>> > rootpw secret
>> >
>> >
>> >
>> > access to attribute=userPassword
>> >         by dn.base="cn=admin,dc=example,dc=com" write
>> >         by anonymous auth
>> >         by self write
>> >         by * none
>> >
>> > access to dn.base="cn=admin,dc=example,dc=com" by * read
>> > access to *
>> >  by self write
>> >         by dn.base="cn=admin,dc=example,dc=com" write
>> >         by * read
>> > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
>>
>> p.
> %%%%%%%%%%%%%%%%%%%%%%%%%%%
> /usr/share/doc/libnss-ldap/examples/groups.ldif
> dn: ou=People,dc=example,dc=com
> ou: People
> objectClass: organizationalUnit
> objectClass: top
>
> dn: cn=Local Root,ou=People,dc=example,dc=com
> cn: Local Root
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: organizationalRole
> uid: root
> uidNumber: 0
> gidNumber: 0
> homeDirectory: /root
>
> dn: cn=Andrew Suffield,ou=People,dc=example,dc=com
> cn: Andrew Suffield
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: inetOrgPerson
> givenName: Andrew
> sn: Suffield
> uid: asuffield
> uidNumber: 1000
> gidNumber: 5001
> homeDirectory: /home/asuffield
> loginShell: /bin/bash
>
> dn: cn=Test User,ou=People,dc=example,dc=com
> cn: Test User
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: inetOrgPerson
> sn: User
> uid: test
> uidNumber: 1001
> gidNumber: 1001
> homeDirectory: /home/test
>
> dn: cn=Test User 2,ou=People,dc=example,dc=com
> cn: Test User 2
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: inetOrgPerson
> sn: User
> uid: test2
> uidNumber: 1002
> gidNumber: 1002
> homeDirectory: /home/test2
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%
>


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497