[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: setting up admin password on openldap

I am sorry if I am not able to provide the exact information. What I meant was that I am using VI editor to modify the slapd.conf file. Here is exactly what I have done:

I compiled and installed openldap version 2.2.20 on red hat Linux 8.0. I did everything according to the manual and was able to install the software successfully. The only catch being that I was never asked to supply any password during the installation, which some of the posts in the mailing list suggested.

I have a running version of 2.2.20 on Solaris 8.0.

I first copied all of the slapd.conf from solaris server file to my red hat server, but the slapd gave errors and was not able to start initially.

I then started copying the slapd.conf from my production to new server bit by bit, adding few lines and then checking if I can start the slapd or not, and eventually I had exact replica of the slapd.conf file on my red hat server and slapd was starting without any errors.

I then used slapcat on my production system to generate an ldif which I imported on red hat server using slapadd. I had few errors about the syntax of "clientOrg" attribute being not correct, but those entries contained the extended character set in their values and I deleted them from the ldif file till I was able to import all the ldif from the production system to red hat server.

Now the slapd was running perfectly and I could bind anonymously to my ldap server on the red hat and it was fetching all the entries correctly.

The problem started when i try to bind to ldap using the credentials which were used on the production system. The slapd.conf file on the production system had the "rootpw secret" line hashed. When I unhashed it, slap did not start stating that rootdn should be under the suffix. While it was not on the production server, I added to my rootdn my suffix as well, and slapd started perfectly. Now as Piotr suggested that after creating a password I can hash the rootpw line again, so that the authentication can be done using only the passwords in the database. So using slappasswd i generated a hash value of the password and copied it into the slapd.conf. While slapd starts fine it still cannot connect to ldap using the supplied credentials saying invalid credentials. Same happens if I try to modify any uid using slapmodify it asks for an ldap password and when I give the password which i pasted in my slapd.conf it says invalid credentials.

Hope this is a more clearer explanation. Please let me know if you want to have a look at my slapd.conf file or anything else.

This is the only point where I am stuck, rest is fine. Thank you so much for your help.

P.S the command I use to modfy the entries in the database is:

ldapmodify -v -x -f /path-to-ldif -w -D "cn=nsadmin,o=trac"

Thanks and Regards

On 10/30/07, Gavin Henry <ghenry@suretecsystems.com> wrote:
<quote who="Naufal Sheikh">
> Vi ...

Come on, what sort of answer is that? How can we possibly help if you
don't provide concrete information.

What command do you type to make the modification?


What were the exact arguments?

> On 10/30/07, Gavin Henry <ghenry@suretecsystems.com> wrote:
>> <quote who="Naufal Sheikh">
>> > Hello Piotr,
>> >
>> > I tried to do what you said. Initially my root dn just contained
>> > cn=nsadmin,
>> > and thus I caould not start slapd. Then I added to rootdn my suffix as
>> > well,
>> > and unhashed the rootpw line in slapd.conf. I tried using a clear text
>> > "secret" as well as hashed value created through slappasswd and
>> putting
>> it
>> > in the slapd.conf. In both cases, when I modify the entry and it asks
>> me
>> > to
>> > give ldap password, it says invalid credentials.
>> How are you trying to modify? What tool?