[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?

To: Peng Yu <pengyu.ut@gmail.com>
Subject: Re: Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?
From: Dan White <dwhite@olp.net>
Date: Sat, 29 Mar 2014 11:18:51 -0500
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <CABrM6wnn-JAKarE896cLkb-bnp9p8d+T3RrmHSkV0TAZqHmLiA@mail.gmail.com>
References: <CABrM6wnax2Z+6URcHhE-dpetaZTqyvGZ9T0_Tm=anbJHfELZsQ@mail.gmail.com> <20140329133250.GA6039@dan.olp.net> <CABrM6wnn-JAKarE896cLkb-bnp9p8d+T3RrmHSkV0TAZqHmLiA@mail.gmail.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On 03/29/14 09:41 -0500, Peng Yu wrote:

On Sat, Mar 29, 2014 at 8:32 AM, Dan White <dwhite@olp.net> wrote:

On 03/28/14 22:21 -0500, Peng Yu wrote:

I get the following error.

pengy@openldapserver:~$ ldapadd -x -D cn=admin,cn=config -W -f
~/sudoWork/cn\=sudo.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)


This means that either 'cn=admin,cn=config' does not match your oldRootDN,
or (/and) the password you are providing does not match your oldRootPW. You
may get an idea of which is the case by viewing your config with:

slapcat -n0


I assume that this should be run on the server not the client. Here is
what I get. But I have no idea what to look at. Would you please help
me understand how it can be used for debugging my case.


Read the fine manual:

See the slapd-config(5) manpage, and
http://www.openldap.org/doc/admin24/slapdconf2.html

pengy@openldapserver:~$ sudo  slapcat -n0

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: a3343a42-465f-1033-9540-f5ee9a20f09d
creatorsName: cn=config
createTimestamp: 20140322224706Z
entryCSN: 20140322224706.118986Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20140322224706Z


You have no olcRootDN listed for your configuration database, which, as I
understand it, means you have no capability to modify your config using
ldapadd. For a solution, see:

http://www.openldap.org/lists/openldap-technical/201211/msg00195.html

You'll need to add olcRootDN and olcRootPW to the above entry, such as the
ones you have listed below for your dc=yulab,dc=tamu suffix, assuming that
you know what your original password is:

dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=yulab,dc=tamu
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
s auth by dn="cn=admin,dc=yulab,dc=tamu" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=yulab,dc=tamu" write by *
read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=yulab,dc=tamu
olcRootPW:: e1NTSEF9QWk1Z280ZEo1Zy9UYTJEVEpBdWNLRkxoekh1c1kyN1A=


--
Dan White

Follow-Ups:
- Re: Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?
  - From: Peng Yu <pengyu.ut@gmail.com>
- Re: Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?
  - From: Howard Chu <hyc@symas.com>

References:
- Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?
  - From: Peng Yu <pengyu.ut@gmail.com>
- Re: Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?
  - From: Dan White <dwhite@olp.net>
- Re: Why "ldapadd -x -D cn=admin, cn=config -W -f ~/sudoWork/cn\=sudo.ldif" does not work?
  - From: Peng Yu <pengyu.ut@gmail.com>

Prev by Date: What is the replacement for /etc/ldap.conf?
Next by Date: Re: What is the replacement for /etc/ldap.conf?
Index(es):
- Chronological
- Thread