Hello, I’m an OpenLDAP newbie & I have
some questions for all you gurus. I installed openldap (version 2.0.7) on a
Redhat 7 server. First of all, do I need to install any of the
prerequisite software (SASL, SSL, Sleepycat, etc)? All I want to do is
add a few entries into the LDAP directory & to be able to connect to it via
an LDAP client, modify entries, remove them, etc. At this time, security is NOT
an issue nor do I plan to do anything fancy (replication,
etc). I installed the openldap software
(with no prerequisite software) without any problems & I altered the
slapd.conf file & the ldap.conf. Here is what my 2 files look
like: 1) slapd.conf # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /usr/local/var/slapd.pid argsfile /usr/local/var/slapd.args # Load dynamic backend modules: # modulepath /usr/local/libexec/openldap # moduleload back_ldap.la # moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la ####################################################################### # ldbm database definitions ####################################################################### database ldbm suffix "dc=matrox, dc=com" #suffix "o=My Organization Name, c=US" rootdn "cn=Manager, dc=matrox, dc=com" #rootdn "cn=Manager, o=My Organization Name, c=US" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessable by the slapd/tools. Mode 700 recommended. directory /usr/local/var/openldap-ldbm # Indices to maintain index objectClass eq 2) ldap.conf # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $ # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 BASE dc=matrox, dc=com #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never * I also created an .ldif
file: 3) test.ldif dn: dc=matrox,dc=com objectclass: dcObject objectclass: organization o: OpenLDAP Test dc: matrox dn: cn=Manager,dc=matrox,dc=com objectclass: organizationalRole cn: Manager dn: cn=Veets,dc=matrox,dc=com objectclass: organizationalRole cn: Veets dn: cn=Dan,dc=matrox,dc=com objectclass: organizationalRole cn: Dan dn: cn=Joey,dc=matrox,dc=com objectclass: organizationalRole cn: Joey dn: cn=Ghislain,dc=matrox,dc=com objectclass: organizationalRole cn: Ghislain dn: cn=Chris,dc=matrox,dc=com objectclass: organizationalRole cn: Chris dn: cn=Jarrod,dc=matrox,dc=com objectclass: organizationalRole cn: Jarrod
My next question is what exactly
does the Slapd.conf & the Ldap.conf files do, if I created the test.ldif
file? OK, so once all these steps are done, I use the: ./ldapadd –x –D “cn=Manager,dc=matrox,dc=com” –W –f /usr/local/etc/openldap/test.ldif command. All my entries are created without any problems, however this is when I start running into problems. Once I create the initial entries in my LDAP directory, I don't know how to add any additional entries or modify my existing entries. When I use the ldapadd command to create another user such as test, it never works. I have tried different switches with the ldapadd command but I get: ldap_bind: Invalid Credential (yes, I double-checked the password spelling) & ldap_add: Already exists errors. If I want to add a user “test” with the same fields
as in my test.ldif file, how do I do that? When I use the Softerra LDAP client (version 1.0 Beta), I can connect OK & I see ALL the entries in the directory but if I try to add another cn entry/attribute under the matrox dc, I get an "object class violation" error. If I open up one of the cn containers under the matrox dc however, I can add another cn attribute(a cn within a cn). I can delete all the cn's and the dc though, using the client LDAP program. Currently, if I want to add another user cn, the only way I can do it is if I connect to the LDAP server via my LDAP client on my Windows 2000 machine, delete the cn's & the dc, log back onto my Linux server, edit my test.ldif file by adding another cn entry such as Jarrod, & then issuing the: ./ldapadd –x –D “cn=Manager,dc=matrox,dc=com” –W –f /usr/local/etc/openldap/test.ldif command again. This isn't the way is supposed to work, is it? What am I doing wrong? My final problem is regarding the ldap_bind: Invalid Credential error I discussed earlier. I thought this was SASL related so I installed crys-sasl-1-5.24 (without SSL). After I issued the: ./ldapadd –D “cn=Test,dc=matrox,dc=com” –W < /usr/local/etc/openldap/test.ldif command (to try & add another user!), I entered the password, waited while the SASL/DIGEST-MD5 authentication started screen appeared, and then received the ldap_sasl_interactive_bind_s: unknown error error. How do I fix this last error? I realize I’ve written a novel but I would appreciate any
solutions/insight you can provide. I’ve read ALL the documentation I could find
on the subject but I’m really stuck at this point. My most pressing concern is
how to add new user entries (like in my test.ldif file) after the initial file
has been created. One last question, where are the ldap log files
located? Thanks in advance, Steve |