[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: issue with slapadd

To: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: issue with slapadd
From: Judith Flo Gaya <jflo@imppc.org>
Date: Fri, 1 Apr 2011 17:02:48 +0200
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <5C7A592E8556E778E89AC70F@[192.168.1.2]>
References: <4D94438E.3070509@imppc.org> <5C7A592E8556E778E89AC70F@[192.168.1.2]>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20110125 Lightning/1.0b2 Lanikai/3.1.7

Hello,

First of all, thanks a lot for your answer.

in the end I skip trying to make the directory works and I went for theusual slapd.conf file with success.

Now I'm stuck because the clients are unable to change it's password.
This is a RHEL 6 server with
compat-openldap-2.4.19_2.3.43-15.el6.x86_64
openldap-devel-2.4.19-15.el6.x86_64
openldap-2.4.19-15.el6.x86_64
openldap-servers-2.4.19-15.el6.x86_64
openldap-clients-2.4.19-15.el6.x86_64

the slapd.conf interesting part:
access to attrs=userPassword,shadowLastChange
       by self write
       by anonymous auth
       by dn="cn=admin,dc=linux,dc=imppc,dc=org" write
       by * none

access to *
       by dn="cn=admin,dc=linux,dc=imppc,dc=org" write
       by * read

access to *
       by dn="cn=admin,dc=linux,dc=imppc,dc=org" write
       by * read



This is the client rpms (fedora 14)
openldap-2.4.22-7.fc14.x86_64
openldap-devel-2.4.22-7.fc14.x86_64
openldap-2.4.22-7.fc14.i686
openldap-clients-2.4.22-7.fc14.x86_64

And the problem is this:
-bash-4.1$ passwd
Changing password for user user1.
Enter login(LDAP) password:
New password:
Retype new password:
LDAP password information update failed: Insufficient access
passwd: Authentication token manipulation error

I have to mention that I had to made some changes in order to simply beable to query for a user. Ldapsearch worked but in order to do somethinglike :

id user1
or
su - user1
I had to change /etc/sysconfig/authconfig with
FORCELEGACY=yes
#FORCELEGACY=no

In this way I have been able to modify /etc/nsswitch with ldap valueswhen running authconfig-tui.The point is that in fedora seems that auth is managed by sss andwithout this entry I'm not able to id or su, but if I don't put the ldapkeyword, I'm not even asked for the Enter login(LDAP) password:but I'm asked for the password in the machine which ends up in a "systemerror -4" because the system doesn't recognize the user.


Prior to change the version I would like to make this one work...

I don't know if I made myself clear enough, hope you can help me and Ireally thank you in advance for any help you can provide.

Sincerely,
j
On 03/31/2011 09:09 PM, Quanah Gibson-Mount wrote:

--On Thursday, March 31, 2011 11:04 AM +0200 Judith Flo Gaya
<jflo@imppc.org>  wrote:

ldif_back_add: err: 68 text:
send_ldap_result: conn=-1 op=0 p=0
slaptest: bad configuration directory!


error code 68 means entry already exists.  It may simply be that slaptest
isn't working correctly with the config db.  You could of course try -d -1
to get better logging results rather than -d 1.

I would also note that you are using a rather old version of OpenLDAP with
numerous known bugs.  I would strongly advise you to build a more recent
version.

--Quanah


--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration


--
Judith Flo Gaya
Systems Administrator IMPPC
e-mail: jflo@imppc.org
Tel (+34) 93 554-3079
Fax (+34) 93 465-1472

Institut de Medicina Predictiva i Personalitzada del Càncer
Crta Can Ruti, Camí de les Escoles s/n
08916 Badalona, Barcelona,
Spain
http://www.imppc.org

Prev by Date: Re: importing ldap database for a BDC
Next by Date: Re: Dealing with BDB Crash
Index(es):
- Chronological
- Thread