[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: absolutely frustrated
Quoting tarjei <tarjei@nu.no>:
> My experience with openldap suggest that you should add the first
> entries using slapadd, thus just adding the entries without going
> through tha ldapdeamon. Then restart slapd and try searching it.
>
> Tarjei
> ----- Original Message -----
> From: Ron Chmara <ron@Opus1.COM>
> To: Craig White <craigwhite@azapple.com>
> Cc: openldap-software <openldap-software@OpenLDAP.org>
> Sent: Sunday, June 17, 2001 5:24 AM
> Subject: Re: absolutely frustrated
>
>
> >
> > On Saturday, June 16, 2001, at 04:39 PM, Craig White wrote:
> > > Quoting Ron Chmara <ron@Opus1.COM>:
> > >> http://www.openldap.org/doc/admin/quickstart.html
> > >>
> > >> Starting at step 8, your conf file would be as follows::
> > >> --------------------------------------
> > >> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4
> > >> 2000/08/26 17:06:18
> > >> kurt Exp $
> > >> #
> > >> include /etc/openldap/schema/core.schema
> > >> include /etc/openldap/schema/cosine.schema
> > >> include /etc/openldap/schema/inetorgperson.schema
> > >> include /etc/openldap/schema/nis.schema
> > >> include
> /etc/openldap/schema/redhat/rfc822-MailMember.schema
> > >> include /etc/openldap/schema/redhat/autofs.schema
> > >> include /etc/openldap/schema/redhat/kerberosobject.schema
> > >> #
> > >> access to * by * read
> > >> #
> > >> pidfile /var/run/slapd.pid
> > >> #
> > >> database ldbm
> > >> suffix "dc=azapple,dc=com"
> > >> directory /var/lib/ldap
> > >> rootdn "cn=Manager,dc=azapple,dc=com"
> > >> rootpw secret
> > >>
> > >> Step 9 (make sure slapd is running, then):
> > >> $ ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
> > >>
> > >> Should return:
> > >> dn:
> > >> namingContexts: dc=azapple,dc=com
> > >>
> > >> This verifies that your conf file is ready, even if you have
> > >> *no* records.
> >
> > Does this work? (I had to restart the service a few times after
> > installing it).
> >
> > >> Step 10, make a file named "azapple.ldif":
> > >> dn: dc=azapple,dc=com
> > >> objectclass: dcObject
> > >> objectclass: organization
> > >> o: AZ Apple Consulting
> > >> dc: azapple
> > >>
> > >> dn: cn=Manager,dc=azapple,dc=com
> > >> objectclass: organizationalRole
> > >> cn: Manager
> > >>
> > >> And add it:
> > >> ldapadd -x -D "cn=Manager,dc=azapple,dc=com" -W -f azapple.ldif
> > >>
> > >> Step 11:
> > >> ldapsearch -x -b 'dc=azapple,dc=com' '(objectclass=*)
> > >>
> > >> (Which is where you're stuck, right?)
> > > -------------
> > > absolutely stuck.
> >
> > Did you get back the naming contexts from step 9? I had to staop
> > and start
> > the server a few times with:
> > /etc/init.d/ldap restart
> > and I also tried (and then turned off):
> > modulepath /usr/sbin/openldap
> > moduleload back_ldap.la
> > moduleload back_ldbm.la
> > to the /etc/openldap/slapd.conf file.
> >
> > > created azapple.ldif per suggestion
> > > then
> > > ldapadd -x -D "cn=Manager,dc=azapple,dc=com" -x -f azapple.ldif
> > > (same result if I use -W instead of -x or if I leave off
> cn=Manager)
> > > ldapadd: no attributes to change or add
> > > (entry="dc=azapple,dc=com objectclass:
> > > dcObject objectclass: organization o: AZ Apple Consulting
> > > dc: azapple")
> >
> > Hm... the error message doesn't include the dn... could it be
> > (and now I'm taking shots in the dark) a problem with line
> > breaks (Mac? DOS? Unix?) in the ldif file? Is
> > /var/lib/ldap/id2entry there? If you shut down slapd, and delete
> > the /var/lib/ldap/* files,
> > restart slapd, and redo the add, do they get created and/or grow
> > in size? If they do, we might be able to assume that the above
> > is complaining about a repeat entry, and/or the data is being
> > added. But if we can assume that they dont get added, searching
> > for them is moot.
> >
> > > ldapsearch -x -b 'cn=Manager,dc=azapple,dc=com' '(objectclass=*)'
> >
> > This may or may not, work.... let's try assuming your
> > /etc/ldap.conf file isn't set up, or something in the client is
> > misbehaving and that absolutely everything needs to be entered
> > manually....
> >
> > ldapsearch -x -v -s sub -b "dc=azapple,dc=com" -h localhost -D
> > 'cn=Manager,dc=azapple,dc=com' -W '(objectclass=*)'
> >
> > Seems fairly bizarre to me at this point, as well. I set up the
> > same environment (had to download the openldap-servers rpm,
> > *wasn't* on my box for some reason), and I'll send you the exact
> > files I'm using, from a stock RH 7.1 install.
> >
> > -Ron
----------
Hey success - finally. Now I'm left to figure out what's going on.
based on the great info from you guys, this is what I did...
service ldap stop
rm /var/lib/ldap/*
slapadd -x -b "cn=Manager,dc=azapple,dc=com" -f azapple.ldif
chown ldap.ldap /var/lib/ldap/* (files had owner.group as root.root)
service ldap start
and then
ldapsearch -x -D "cn=Manager,dc=azapple,dc=com" "(objectclass=*)"
returns the two entries - success
but when I
ldapadd -x -D "cn=Manager,dc=azapple,dc=com" -W -f child2.ldif
Enter LDAP Password:
adding new entry "ou=Children,dc=azapple,dc=com"
ldap_add: Insufficient access
additional info: no write access to parent
ldif_record() = 50
why don't I have write access?
Craig
-------------------------------------------------
This mail sent through IMP: barney.azapple.com