[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP & Redhat 7 configuration issues



 

Hello,

 

I’m an OpenLDAP newbie & I have some questions for all you gurus. I installed openldap (version 2.0.7) on a Redhat 7 server. First of all, do I need to install any of the prerequisite software (SASL, SSL, Sleepycat, etc)? All I want to do is add a few entries into the LDAP directory & to be able to connect to it via an LDAP client, modify entries, remove them, etc. At this time, security is NOT an issue nor do I plan to do anything fancy (replication, etc).

I installed the openldap software (with no prerequisite software) without any problems & I altered the slapd.conf file & the ldap.conf. Here is what my 2 files look like:

 

1) slapd.conf

 

 

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
 
# Define global ACLs to disable default read access.
 
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral        ldap://root.openldap.org
 
pidfile         /usr/local/var/slapd.pid
argsfile        /usr/local/var/slapd.args
 
# Load dynamic backend modules:
# modulepath        /usr/local/libexec/openldap
# moduleload        back_ldap.la
# moduleload        back_ldbm.la
# moduleload        back_passwd.la
# moduleload        back_shell.la
 
#######################################################################
# ldbm database definitions
#######################################################################
 
database        ldbm
suffix          "dc=matrox, dc=com"
#suffix         "o=My Organization Name, c=US"
rootdn          "cn=Manager, dc=matrox, dc=com"
#rootdn         "cn=Manager, o=My Organization Name, c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret
# The database directory MUST exist prior to running slapd AND 
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory        /usr/local/var/openldap-ldbm
# Indices to maintain
index        objectClass eq

 

 

 

 

2) ldap.conf

 

# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $
#
# LDAP Defaults
#
 
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
 
#BASE        dc=example, dc=com
#URI        ldap://ldap.example.com ldap://ldap-master.example.com:666
BASE        dc=matrox, dc=com
 
#SIZELIMIT        12
#TIMELIMIT        15
#DEREF          never

 

 

* I also created an .ldif file:

 

3) test.ldif

 

dn: dc=matrox,dc=com
objectclass: dcObject
objectclass: organization
o: OpenLDAP Test
dc: matrox
 
dn: cn=Manager,dc=matrox,dc=com
objectclass: organizationalRole
cn: Manager
 
dn: cn=Veets,dc=matrox,dc=com
objectclass: organizationalRole
cn: Veets
 
dn: cn=Dan,dc=matrox,dc=com
objectclass: organizationalRole
cn: Dan
 
dn: cn=Joey,dc=matrox,dc=com
objectclass: organizationalRole
cn: Joey
 
dn: cn=Ghislain,dc=matrox,dc=com
objectclass: organizationalRole
cn: Ghislain
 
dn: cn=Chris,dc=matrox,dc=com
objectclass: organizationalRole
cn: Chris
 
dn: cn=Jarrod,dc=matrox,dc=com
objectclass: organizationalRole
cn: Jarrod
 
 

 

 My next question is what exactly does the Slapd.conf & the Ldap.conf files do, if I created the test.ldif file?

 

OK, so once all these steps are done, I use the: ./ldapadd –x –D “cn=Manager,dc=matrox,dc=com” –W –f /usr/local/etc/openldap/test.ldif command. All my entries are created without any problems, however this is when I start running into problems.

 

Once I create the initial entries in my LDAP directory, I don't know how to add any additional entries or modify my existing entries. When I use the ldapadd command to create another user such as test, it never works. I have tried different switches with the ldapadd command but I get: ldap_bind: Invalid Credential (yes, I double-checked the password spelling) & ldap_add: Already exists errors.

If I want to add a user “test” with the same fields as in my test.ldif file, how do I do that?

 

When I use the Softerra LDAP client (version 1.0 Beta), I can connect OK & I see ALL the entries in the directory but if I try to add another cn entry/attribute under the matrox dc, I get an "object class violation" error. If I open up one of the cn containers under the matrox dc however, I can add another cn attribute(a cn within a cn). I can delete all the cn's and the dc though, using the client LDAP program. Currently, if I want to add another user cn, the only way I can do it is if I connect to the LDAP server via my LDAP client on my Windows 2000 machine, delete the cn's & the dc, log back onto my Linux server, edit my test.ldif file by adding another cn entry such as Jarrod, & then issuing the: ./ldapadd –x –D “cn=Manager,dc=matrox,dc=com” –W –f /usr/local/etc/openldap/test.ldif command again. This isn't the way is supposed to work, is it? What am I doing wrong?

My final problem is regarding the ldap_bind: Invalid Credential error I discussed earlier. I thought this was SASL related so I installed crys-sasl-1-5.24 (without SSL). After I issued the: ./ldapadd –D “cn=Test,dc=matrox,dc=com” –W  < /usr/local/etc/openldap/test.ldif command (to try & add another user!), I entered the password, waited while the SASL/DIGEST-MD5 authentication started screen appeared, and then received the ldap_sasl_interactive_bind_s: unknown error error. How do I fix this last error?

 

I realize I’ve written a novel but I would appreciate any solutions/insight you can provide. I’ve read ALL the documentation I could find on the subject but I’m really stuck at this point. My most pressing concern is how to add new user entries (like in my test.ldif file) after the initial file has been created. One last question, where are the ldap log files located?

 

Thanks in advance,

 

Steve