[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Newbie LDIF question

To: Steve Parker <steve@itops.com>
Subject: Re: Newbie LDIF question
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Fri, 16 Sep 2005 10:28:08 +0200
Cc: Openldap-Software <openldap-software@OpenLDAP.org>
In-reply-to: <4329F4B5.3000003@itops.com>
Organization: Telkom Internet
References: <4329F4B5.3000003@itops.com>
User-agent: KMail/1.8.2

On Friday 16 September 2005 00:24, Steve Parker wrote:
> Peter Huetmannsberger wrote:

>
> Thanks for these suggestions, but I can't get either to work... with
> Peter's suggestion, I get:
> adding new entry "dc=itops,dc=com"
> ldap_add: Naming violation (64)
>        additional info: value of naming attribute 'dc' is not present in
> entry
>
> With Patrick's suggestion I still get:
> adding new entry "dc=itops,dc=com"
> ldap_add: No such object (32)
>
> Since all the (presumably) right answers, from here and what I've found
> on the web, aren't working, could it possibly be something to do with my
> config?
>
> ///// what I assume is the relevant part of ldap.conf ////
> SSL true
> #
> BASE dc=itops,dc=com
> ROOTBINDDN cn=Manager,dc=itops,dc=com

This configuration option doesn't exist.

> BINDDN cn=Manager,dc=itops,dc=com

Quote from ldap.conf(5):

"BINDDN <dn>
              Specifies the default bind DN to use when performing ldap opera-
              tions.  The bind DN must be specified as a Distinguished Name in
              LDAP format.  This is a user-only option."

Since it is a user-only option, it won't work in an ldap.conf file, but only 
ldaprc or .ldaprc.

> # Dont forget to put the LDAP Manager password in /etc/ldap.secret
> PORT 636
>
> ///// what I assume is the relevant part of slapd.conf /////
> database        bdb
> suffix          "dc=itops,dc=com"
> rootdn          "cn=Manager,dc=itops,dc=com"
> rootpw      <my_password>
> /////
>
> Does that look sensible?

Yes, but your commandline doesn't match it:

# /usr/local/bin/ldapadd -c -Y DIGEST-MD5 -U Manager -W -f i.ldif -v

 Your other slapd.conf snippet contained:

> rootpw          <my_password>
> #rootpw   <my_encrypted_password> # I've hashed this out for now, let's 
> keep it simple!

Problems I see here are:
1)No authz-regexp

You probably need something like:
authz-regexp UID=([^,]*),CN=DIGEST-MD5,CN=auth cn=$1,dc=itops,dc=com

2)Your comment on the rootpw from the 2nd snippet implies you were using an 
encrypted rootpw, this won't work with digest-md5.

Before you debug your LDIF further, make sure you can authenticate your 
rootdn:

# ldapwhoami -U Manager -W -Y DIGEST-MD5

Regards,
Buchan

-- 
Buchan Milne
ISP Systems Specialist
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)

Attachment: pgpdcIjq27Lk0.pgp
Description: PGP signature

Follow-Ups:
- Re: Newbie LDIF question
  - From: Steve Parker <steve@itops.com>

References:
- Re: Newbie LDIF question
  - From: Steve Parker <steve@itops.com>

Prev by Date: Re: Newbie LDIF question
Next by Date: Re: Newbie LDIF question
Index(es):
- Chronological
- Thread