Re: Unable to do a ldapsearch/ldapadd

[Turbo Fredriksson <turbo@bayour.com>]

Quoting Jim Worke <jimworke@yahoo.com>:

> I'm experimenting with the OpenLDAP+SASL+Kerberos 5,
> as shown from http://www.bayour.com/LDAPv3-HOWTO.html.
> 
> I'm a bit confused on how to add data for the first
> time into the LDAP database, i.e. data for the
> ldapadm,krbadm, domain, etc.

The HOWTO _requires_ that you know the basics in OpenLDAP
and MIT Kerberos V...

> Do I use slapadd or ldapadd?  If I use slapadd, the
> data can be inserted.  But if I use ldapadd, I have an
> error of insufficient access.

Then fix your ACL's. See the OpenLDAP Admin guide.

> After adding the data with slapadd, I can't do a
> ldapsearch.  The error is No such object.

Probably because you did not create a propper LDIF.
Slapadd modifies the db files 'raw', without going
through the LDAP daemon (which makes sure that the
data is correct).

> I've already set my ACL to access to * by * write and
> default access to write (for the time being only, just
> for testing).  So I guess it's not the ACL?

Did you restart the daemon? Are you adding BELOW your
configured base DN? Does the base DN _EXISTS_ in the
database?

> Note that, testing for "ldapsearch -H ldaps:/// -I -b
> "" -s base -LLL supportedSASLMechanisms" works well. 
> So my guess is that I've inserted the data wrongly
> (though slapcat can give me the data).

Send us the LDIF, maybe it's something obvious :)

> Also, I use ldapsearch as ldapsearch -H ldaps:/// -I
> -b "" -s sub "uid=administrator".  Is this correct? 

No. If you're using KerberosV, then you first have to
get a ticket, THEN you 'just search' (without -x).
You _MIGHT_ have to use the '-I' option...

If you're using SASL (without Kerberos), then I don't
know. The HOWTO don't cover this (yet).

> Or do I have to add -U/-X?

Either that, or -I (interactive).


PS. Keep this on the list...