[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: openLDAP as a proxy for AD

Thanks Alex for replying,


I was rather optimistic about this until I realized I have bigger problems now, I had been putting the subordinate directive in the definition for the back_ldap db, not the normal hdb on openldap


OK so I have a whole lot of problems at this point.


I believe I have seriously broken something in trying to slaptest or ldapadd a bunch of slapd.conf/ldif files, following various tutorials. Tried to follow your steps this morning but found I was getting -


ldap_add: Server is unwilling to perform (53)

        additional info: no global superior knowledge


and more often than not was unable to authenticate, either in CLI or by Apache directory studio.

So once again I apt-get purge --auto-remove slapd ldap-utils and installed again, however I found that all the broken configuration I had tried so far was immediately back in /etc/ldap/slapd.d again as soon as I installed. (not the default config which would be in there immediately after install, the big list of faulty databases I had added erroneously before). I had checked and the whole /etc/ldap directory WAS removed during the purge.


So I ran the purge again, then ran a find and deleted /var/lib/ldap and /usr/lib/ldap, then installed again.


Now, when I tried to start again, following http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html to start with, I can't even get off the starting line!

My first step, running sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif returns -


ldap_add: Other (e.g., implementation specific) error (80)

additional info: olcAttributeTypes: Duplicate attributeType: "0.9.2342.19200300.100.1.2"


and I get the same response ldapadding pretty much anything, with a different value for attributeType. Again it appears that purging and reinstalling does not get me back to a default installation but I am not sure what else I need to delete.


On another note, following your advice, this is essentially what I have boiled my slapd.conf down to (for once I can actually use openLDAP again). Do you see any glaring omissions or obvious errors here?


include /etc/openldap/schema/core.schema

include /etc/openldap/schema/cosine.schema

include /etc/openldap/schema/inetorgperson.schema

moduleload back_ldap.la

moduleload back_hdb.la


# Specify first database


database hdb

suffix "dc=external users,dc=companyname,dc=local"

rootdn "cn=admin,dc=companyname,dc=local"

rootpw secret

directory /var/lib/ldap/

subordinate advertise


# Specify other databases


database ldap

suffix "dc=companyname,dc=local"

rootdn "cn=admin,dc=companyname,dc=local"

uri ldap://companyname.local/

rebind-as-user TRUE

chase-referrals TRUE