[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: basic usage of ldap
On Sun, 24 Feb 2002, Young, Brandon Khan wrote:
Hi Brandon,
I have the same problem on my RedHat 7.2 box when I installed things from
rpms. When I installed openldap from the tar file downloaded from
www.openldap.org and carefully followed quick start guide things worked
for me. Since I did not have an account "Manager" on my system I put
existing account into conf files and did tests as described in quick
start guide. I had noticed that you have
rootdn "cn=Manager,dc=infinity-computing,dc=com"
in pkg/ldap/servers/slapd/slapd.conf
Do you have an account Manager on you system. If you do not have, I guess
you have to make one.
Sorry if it does not help, I know nothing about openldap, I started
yesturday myself. If you find the answer, let me know as well.
Regards,
Ivan.
> In advance, thank you for your time and patience on this matter.
>
> I, as a proof of concept, installed all the packages necessary in RedHat 7.2
> to get openldap2 up and running. In following the quickstart guide, I came
> up with the following slapd.conf, where I simply addressed the things
> mentioned in the quickstart guide step #8 and beyond.
>
>
>
>
>
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31
> kurt Exp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/redhat/rfc822-MailMember.schema
> include /etc/openldap/schema/redhat/autofs.schema
> include /etc/openldap/schema/redhat/kerberosobject.schema
>
> # Define global ACLs to disable default read access.
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> #pidfile //var/run/slapd.pid
> #argsfile //var/run/slapd.args
>
> # Create a replication log in /var/lib/ldap for use by slurpd.
> #replogfile /var/lib/ldap/master-slapd.replog
>
> # Load dynamic backend modules:
> # modulepath /usr/sbin/openldap
> # moduleload back_ldap.la
> # moduleload back_ldbm.la
> # moduleload back_passwd.la
> # moduleload back_shell.la
>
> #
> # The next two lines allow use of TLS for connections using a dummy test
> # certificate, but you should generate a proper certificate by changing to
> # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
> # slapd.pem so that the ldap user or group can read it.
> # TLSCertificateFile /usr/share/ssl/certs/slapd.pem
> # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
> #
> # Sample Access Control
> # Allow read access of root DSE
> # Allow self write access
> # Allow authenticated users read access
> # Allow anonymous users to authenticate
> #
> #access to dn="" by * read
> #access to *
> # by self write
> # by users read
> # by anonymous auth
> #
> # if no access controls are present, the default is:
> # Allow read by all
> #
> # rootdn can always write!
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> database ldbm
> suffix "dc=infinity-computing,dc=com"
> #suffix "o=My Organization Name,c=US"
> rootdn "cn=Manager,dc=infinity-computing,dc=com"
> #rootdn "cn=Manager,o=My Organization Name,c=US"
> # Cleartext passwords, especially for the rootdn, should
> # be avoided. See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw secret
> # rootpw {crypt}a_OOAbS2vPWRY
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd/tools. Mode 700 recommended.
> directory /var/lib/ldap
> # Indices to maintain
> index objectClass,uid,uidNumber,gidNumber,memberUid eq
> index cn,mail,surname,givenname eq,subinitial
> # Replicas to which we should propagate changes
> #replica host=ldap-1.example.com:389 tls=yes
> # bindmethod=sasl saslmech=GSSAPI
> # authcId=host/ldap-master.example.com@EXAMPLE.COM
>
>
>
>
>
>
>
> step #9 returned results such as follows:
>
> [root@redhat bkyoung]# ldapsearch -x -b '' -s base '(objectclass=*)'
> namingContexts
> version: 2
>
> #
> # filter: (objectclass=*)
> # requesting: namingContexts
> #
>
> #
> dn:
> namingContexts: dc=infinity-computing,dc=com
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
>
>
>
>
> in step #10 I created the following example.ldif, taking care to only edit
> the applicable parts from those provided in the example LDIF file in that
> step of the quickstart:
>
> dn: dc=infinity-computing,dc=com
> objectclass: dcObject
> objectclass: organization
> o: Infinity Computing
> dc: infinity-computing
>
> dn: cn=Manager,dc=infinity-computing,dc=com
> objectclass: organizationalRole
> cn: Manager
>
>
>
> AND HERE'S WHERE MY TROUBLE IS ...
>
> [root@redhat bkyoung]# ldapadd -x -D
> "cn=Manager,dc=infinity-computing,dc=com" -W -f example.ldif
> Enter LDAP Password: {here I type secret, and i get ... }
> ldap_bind: Invalid credentials
>
> I'm lost. It is obvious to me that I am missing something extremely simple;
> I have no idea what the mechanics of adding crypted passwords to the
> slapd.conf file is, or even plain text passwords. I just want to get
> SOMETHING to work, and then I'll fuss about the finer points. The man pages
> and the HOWTO are not very clear about passwords. I tried using slappasswd
> ... but it's unclear to me whether this generates a crypted password to
> paste into the slapd.conf, or if it set the passwd. At any rate, I have had
> no success getting past this point, and that's very frustrating. Could
> someone coach me through this part of the set up? Again, thank you in
> advance.
>
>
>
> Brandon
>
--
================================================================================
Ivan Teliatnikov,
F05 David Edgeworth Building,
Department of Geology and Geophysics,
School of Geosciences,
University of Sydney, 2006
Australia
e-mail: ivan@es.usyd.edu.au
ph: 061-2-9351-2031 (w)
fax: 061-2-9351-0184 (w)
===============================================================================