[Date Prev][Date Next] [Chronological] [Thread] [Top]
RE: Help with errors!

To: Kamesh Patel <kamesh.patel@emsgroup.co.uk>
Subject: RE: Help with errors!
From: Raf Meeusen <meeusen@acunia.com>
Date: Tue, 5 Feb 2002 12:34:24 +0100 (CET)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <000e01c1ae35$7fad2d40$9702a8c0@factory.emsgroup.co.uk>
Where is your rootdn?  You can't simply add new entries, without 
specifying a root user (and root password).  just add following lines to 
your slapd.conf, and restart that LDAP server:

rootdn "cn=admin,ou=People,dc=devision,dc=company,dc=co,dc=uk"
rootpw secret

assuming that this rootdn vlaue is your LDAP-tree-manager, and secret is a 
pasword you like...   than your config starts looking acceptable ;-)

When you're done with that, you should start adding the main nodes in your 
tree, first the dc=uk, thereafter the dc=co, etc...  When you're finished 
building them, you can start adding entries to the nodes you just created.  
The nice part of this is, that this makes to complete tree much easier 
understandable than it otherwise would be (IMHO).

An option you have is, when you've built a node:

e.g.
uk
|---co
    |
    \---companyx
    |
    \---companyy
          |
          \---devision1
          |       \-cn=manager,ou=devision1,o=companyx,dc=co,dc=uk
          |
          \---devision2
           ....

and specify a manager for that subtree, that this user can be given the 
privilidges to add/modify/... all the entries in that subtree.  In that 
case, you have one Master of the Tree ;-) and several Slaves, that do 
you're work managing their parts of the subtree...  OK, you have to 
specify some extra ACL's, but hey, that's worth the effort most of the 
time.

Anyhow, my point, think over your structures, and make sure you don't go 
too fast, because that will mess up your tree structure defenitely.

You should now have some feeling with how it is supposed to 
work...

Good luck,

Raf


On Tue, 5 Feb 2002, Kamesh Patel wrote:

> Just as a brief warning i am a newbie and i dont really understand openldap
> too well.
> 
> slapd.conf as attached:
> 
> Thanks again
> 
> regards
> 
> Kamesh
> 

> 
> # This is the main ldapd configuration file.
> 
> # Schema and objectClass definitions
> include         /etc/openldap/slapd.at.conf
> include         /etc/openldap/slapd.oc.conf
> 
> # Schema for supporting Netscape Roaming
> #include         /etc/openldap/netscape_roaming.at.conf
> #include         /etc/openldap/netscape_roaming.oc.conf
> 
> # Schema for supporting Debian Package Directory entries
> #include                /etc/openldap/debian.at.conf
> #include                /etc/openldap/debian.oc.conf
> 
> # Schema check allows for forcing entries to
> # match schemas for their objectClasses's
> schemacheck     off
> 
> # Where clients are refered to if no
> # match is found locally
> #referral       ldap://ldap.four11.com
> 
> # Where the pid file is put. The init.d script
> # will not stop the server if you change this.
> pidfile         /var/run/slapd.pid
> 
> # Read slapd.conf(5) for possible values
> loglevel        0
> 
> #######################################################################
> # ldbm database definitions
> #######################################################################
> 
> # The backend type, ldbm, is the default standard
> database        ldbm
> 
> # The base of your directory
> suffix          "dc=devision,dc=company,dc=co,dc=uk"
> 
> # Where the database file are physically stored
> directory       "/var/lib/openldap"
> 
> # Save the time that the entry gets modified
> lastmod on
> 
> # By default, only read access is allowed
> defaultaccess   read
> 
> # For Netscape Roaming support, each user gets a roaming
> # profile for which they have write access to
> #access to dn=".*,ou=Roaming,dc=devision,dc=company,dc=co,dc=uk"
> #       by dnattr=owner write
> 
> # The userPassword by default can be changed
> # by the entry owning it if they are authenticated.
> # Others should not be able to see it, except the
> # admin entry below
> access to attribute=userPassword
>         by dn="cn=admin,ou=People,dc=devision,dc=company,dc=co,dc=uk" write
>         by self write
>         by * none
> 
> # The admin dn has full write access
> access to * by dn="cn=admin,ou=People,dc=devision,dc=company,dc=co,dc=uk"
> write
> 
> # End of ldapd configuration file
> 
> -----Original Message-----
> From: Raf Meeusen [mailto:meeusen@acunia.com]
> Sent: 05 February 2002 10:42
> To: Kamesh Patel
> Cc: openldap-software@OpenLDAP.org
> Subject: Re: Help with errors!
> 
> 
> 
> Please provide your slapd.conf file, and explain a litte bit how your tree
> looks like, it makes it easier for us to check things out.
> 
> Raf
> 
> 
> On Tue, 5 Feb 2002, Kamesh Patel wrote:
> 
> > Hello all,
> >
> > I am entering the below with the command
> >
> > ldapadd -x -P 2 -f /tmp/ldapentry
> >
> > dn: cn=admin, dc=devision, dc=company, dc=co, dc=uk
> > cn: FName LName
> > cn: Nick Name
> > objectClass: person
> > sn: LName
> > mail: foo@moo.co.uk
> >
> > the return from the command is:
> >
> > adding new entry "cn=admin, dc=devision, dc=company, dc=co, dc=uk"
> > ldap_add: Insufficient access
> >
> > ldif_record() = 50
> >
> > and the debug output is:
> >
> > do_bind
> > do_bind: version 2 dn () method 128
> > send_ldap_result 0::
> > do_add
> > add_created_attrs
> > => dn2id( "CN=ADMIN,DC=FACTORY,DC=EMSGROUP,DC=CO,DC=UK" )
> > => ldbm_cache_open( "/var/lib/openldap/dn2id.dbb", 66, 600 )> <=
> ldbm_cache_open (cache 0)
> > <= dn2id NOID
> > dn2entry_w: dn: "DC=FACTORY,DC=EMSGROUP,DC=CO,DC=UK"
> > => dn2id( "DC=FACTORY,DC=EMSGROUP,DC=CO,DC=UK" )
> > ====> cache_find_entry_dn2id: found dn: DC=FACTORY,DC=EMSGROUP,DC=CO,DC=UK
> > <= dn2id 4 (in cache)
> > => id2entry_w( 4 )
> > ====> cache_find_entry_dn2id: found id: 4 rw: 1
> > <= id2entry_w 0x808c858 (cache)
> > => dnpat: [1] .*,OU=ROAMING,DC=FACTORY,DC=EMSGROUP,DC=CO,DC=UK nsub: 0
> > => dnpat: [3] .* nsub: 0
> > => acl_get:[3]  backend ACL match
> > <= check a_dnpat: CN=ADMIN,OU=PEOPLE,DC=FACTORY,DC=EMSGROUP,DC=CO,DC=UK
> > => string_expand: pattern:
> > CN=ADMIN,OU=PEOPLE,DC=FACTORY,DC=EMSGROUP,DC=CO,DC=UK
> > => string_expand: expanded:
> > CN=ADMIN,OU=PEOPLE,DC=FACTORY,DC=EMSGROUP,DC=CO,DC=UK
> > => regex_matches: string:
> > => regex_matches: rc: 1 no matches
> > no access to parent
> > send_ldap_result 50::
> > ====> cache_return_entry_w
> > ber_get_next on fd 7 failed errno 0 (Success)
> > *** got 0 of 0 so far
> > do_unbind
> >
> >
> >
> > Can somebody help me please?
> >
> > Thanks in advance
> >
> > Regards
> >
> > Kamesh
> >
> 
> 

-- 
As a computer, I find your faith in technology amusing
-------------------------------------------------------------------------
ACUNIA nv                                          raf.meeusen@acunia.com
Philipssite 5 - Floor 3 - Bus 3                  tel: +32 (0) 16 31 00 20
3001 Leuven, Belgium                             fax: +32 (0) 16 31 00 29
http://www.acunia.com                            
--------------------------------------------------------------------------
Follow-Ups:
- RE: Help with errors!
  - From: Daniel Tiefnig <openldap@qmail.infonova.at>
References:
- RE: Help with errors!
  - From: "Kamesh Patel" <kamesh.patel@emsgroup.co.uk>
Prev by Date: Re: back-sql, ODBC driver managers and drivers
Next by Date: Re: Error: segmentation fault
Index(es):
- Chronological
- Thread