[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Secret not in database

Hi Michael,

Surprisingly, I had to remove the cn=synamatixdev.com in the authz-regexp statement below then only it can match and look for the admin id i created with saslpasswd -c

authz-regexp uid=(.*),cn=digest-md5,cn=auth cn=Manager,dc=synamatixdev,dc=com

However, when i tried to add my users using ldfi format, i encounter some problems.

First, it's the schema issue. When i included inetorgperson schema, it keeps on throwing messages about certain audio, homePhone objectClass structural object not existing. So, i removed all those objects ldap complains and i managed to start my slapd.

After that, when i tried to add my user with the ldif format as below:

dn: ou=people,dc=synamatixdev,dc=com
ou: people
objectClass: organizationalunit
objectClass: inetorgperson

dn: uid=user1,ou=people,dc=synamatixdev,dc=com
uid: user1
cn: Mary
cn: Mary Terry
objectClass: inetorgperson
objectClass: account
objectClass: top
objectClass: shadowAccount
sn: Terry
userPassword: user123

I receive the error message below when i tried to add with slapadd:
str2entry: invalid value for attributeType objectClass #1 (syntax
I am not very sure about the objectClass allowed for OpenLdap 2.3.27. Why does it say there's invalid value for attributeType? PLease help, thanks!

2009/8/6 Michael Ströder <michael@stroeder.com>
Seau Yeen Su wrote:
> I have successfully installed cyrus-sasl-2.1.23 and openldap-2.3.27 plus
> BerkeleyDB.4.3 in my RHEL5.2 server. After the installation, i used
> saslpasswd2 -c to create an admin user:
> saslpasswd2 -c admin

Do you actually have an entry with (uid=admin) in your LDAP server?

> After that, I thought of doing a search on the database with the command :
> ldapsearch -H ldap:///localhost -Y DIGEST-MD5 -d 2 -U admin
> but it returned an error of :
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>         additional info: SASL(-13): user not found: no secret in database
> When i did a check on /etc/, the sasldb2 file is there.
> I do not know
> and understand why it cannot find this user. Did i miss out anything.
> Below is excerpt from my slapd.conf file
> password-hash {CLEARTEXT}
> authz-regexp uid=(.*),cn=synabase-dev5.synamatixdev.com
> <http://synabase-dev5.synamatixdev.com>,cn=DIGEST-MD5,cn=auth
> ldap:///dc=synamatixdev,dc=com??sub?uid=$1
> authz-regexp uid=(.*),cn=synabase-dev5.synamatixdev.com
> <http://synabase-dev5.synamatixdev.com>,cn=DIGEST-MD5,cn=auth uid=$1

You don't need /etc/sasldb2 if you want to use authz-regexp. Simply create an
LDAP entry with below your search root dc=synamatixdev,dc=com with attribute
uid set to admin and userPassword set in clear-text.

Ciao, Michael.

Michael Ströder
E-Mail: michael@stroeder.com

Warmest Regards,
Seau Yeen