[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: basic usage of ldap



On Sun, 24 Feb 2002, Young, Brandon Khan wrote:

Hi Brandon,

I have the same problem on my RedHat 7.2 box when I installed things from 
rpms. When I installed openldap from the tar file downloaded from 
www.openldap.org and carefully followed quick start guide things worked 
for me. Since I did not have an account "Manager" on my system I put 
existing account into conf files and did tests as described in quick 
start guide. I had noticed that you have

rootdn          "cn=Manager,dc=infinity-computing,dc=com" 

in pkg/ldap/servers/slapd/slapd.conf

Do you have an account Manager on you system. If you do not have, I guess
you have to make one.

Sorry if it does not help, I know nothing about openldap, I started 
yesturday myself. If you find the answer, let me know as well.

Regards,

Ivan.




> In advance, thank you for your time and patience on this matter.
> 
> I, as a proof of concept, installed all the packages necessary in RedHat 7.2
> to get openldap2 up and running.  In following the quickstart guide, I came
> up with the following slapd.conf, where I simply addressed the things
> mentioned in the quickstart guide step #8 and beyond.
> 
> 
> 
> 
> 
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31
> kurt Exp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/redhat/rfc822-MailMember.schema
> include         /etc/openldap/schema/redhat/autofs.schema
> include         /etc/openldap/schema/redhat/kerberosobject.schema
> 
> # Define global ACLs to disable default read access.
> 
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral       ldap://root.openldap.org
> 
> #pidfile        //var/run/slapd.pid
> #argsfile       //var/run/slapd.args
> 
> # Create a replication log in /var/lib/ldap for use by slurpd.
> #replogfile     /var/lib/ldap/master-slapd.replog
> 
> # Load dynamic backend modules:
> # modulepath    /usr/sbin/openldap
> # moduleload    back_ldap.la
> # moduleload    back_ldbm.la
> # moduleload    back_passwd.la
> # moduleload    back_shell.la
> 
> #
> # The next two lines allow use of TLS for connections using a dummy test
> # certificate, but you should generate a proper certificate by changing to
> # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
> # slapd.pem so that the ldap user or group can read it.
> # TLSCertificateFile /usr/share/ssl/certs/slapd.pem
> # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
> #
> # Sample Access Control
> #       Allow read access of root DSE
> #       Allow self write access
> #       Allow authenticated users read access
> #       Allow anonymous users to authenticate
> #
> #access to dn="" by * read
> #access to *
> #       by self write
> #       by users read
> #       by anonymous auth
> #
> # if no access controls are present, the default is:
> #       Allow read by all
> #
> # rootdn can always write!
> 
> #######################################################################
> # ldbm database definitions
> #######################################################################
> 
> database        ldbm
> suffix          "dc=infinity-computing,dc=com"
> #suffix         "o=My Organization Name,c=US"
> rootdn          "cn=Manager,dc=infinity-computing,dc=com"
> #rootdn         "cn=Manager,o=My Organization Name,c=US"
> # Cleartext passwords, especially for the rootdn, should
> # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
>  rootpw         secret
> # rootpw        {crypt}a_OOAbS2vPWRY
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd/tools. Mode 700 recommended.
> directory       /var/lib/ldap
> # Indices to maintain
> index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
> index   cn,mail,surname,givenname                       eq,subinitial
> # Replicas to which we should propagate changes
> #replica host=ldap-1.example.com:389 tls=yes
> #       bindmethod=sasl saslmech=GSSAPI
> #       authcId=host/ldap-master.example.com@EXAMPLE.COM
> 
> 
> 
> 
> 
> 
> 
> step #9 returned results such as follows:
> 
> [root@redhat bkyoung]# ldapsearch -x -b '' -s base '(objectclass=*)'
> namingContexts
> version: 2
> 
> #
> # filter: (objectclass=*)
> # requesting: namingContexts 
> #
> 
> #
> dn:
> namingContexts: dc=infinity-computing,dc=com
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 2
> # numEntries: 1
> 
> 
> 
> 
> 
> 
> in step #10 I created the following example.ldif, taking care to only edit
> the applicable parts from those provided in the example LDIF file in that
> step of the quickstart:
> 
> dn: dc=infinity-computing,dc=com
> objectclass: dcObject
> objectclass: organization
> o: Infinity Computing
> dc: infinity-computing
> 
> dn: cn=Manager,dc=infinity-computing,dc=com
> objectclass: organizationalRole
> cn: Manager
> 
> 
> 
> AND HERE'S WHERE MY TROUBLE IS ...
> 
> [root@redhat bkyoung]# ldapadd -x -D
> "cn=Manager,dc=infinity-computing,dc=com" -W -f example.ldif
> Enter LDAP Password: {here I type secret, and i get ... }
> ldap_bind: Invalid credentials
> 
> I'm lost.  It is obvious to me that I am missing something extremely simple;
> I have no idea what the mechanics of adding crypted passwords to the
> slapd.conf file is, or even plain text passwords.  I just want to get
> SOMETHING to work, and then I'll fuss about the finer points.  The man pages
> and the HOWTO are not very clear about passwords.  I tried using slappasswd
> ... but it's unclear to me whether this generates a crypted password to
> paste into the slapd.conf, or if it set the passwd.  At any rate, I have had
> no success getting past this point, and that's very frustrating.  Could
> someone coach me through this part of the set up?  Again, thank you in
> advance.
> 
> 
> 
> Brandon
> 

-- 
================================================================================

Ivan Teliatnikov,
F05 David Edgeworth Building,
Department of Geology and Geophysics,
School of Geosciences,
University of Sydney, 2006
Australia

e-mail: ivan@es.usyd.edu.au
ph:  061-2-9351-2031 (w)
fax: 061-2-9351-0184 (w)

===============================================================================