[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAP Auth



I feel silly… using ldapadd with the –x switch seems to work.

 

Can’t believe the time I wasted checking this, seems I was doing the wrong kind of authentication.

 

From: Nuno Manuel Martins
Sent: quinta-feira, 14 de Fevereiro de 2008 11:02
To: openldap-technical@openldap.org
Subject: RE: LDAP Auth

 

Hello everyone again,

 

I didn’t have any help that would lead me to fix this, so I have spent some hours trying to understand things better but still haven’t got there.

 

I changed my ldif.file and now looks like this:

dn: uid=myuser,dc=example,dc=com

uid: myuser

cn: myuser

sn: Doe

uidnumber: 10001

gidnumber: 10001

homedirectory: /home/ldap/john

loginshell: /bin/bash

userPassword: password

objectclass: person

objectclass: posixaccount

 

I am trying to add this entry with the following command: ldapadd -D "cn=manager,dc=example,dc=com" -W -f /root/tmp/tstuser.ldif

 

From the client I get the following message:

adding new entry "uid=myuser,dc=example,dc=com"

ldap_add: No such object (32)

 

I have put the slapd in debug mode and I get a lot of messages. In order not to flood the list I will post what I think are the relevant ones. If you need to see the whole messages let me know and I’ll use an attachment or something.

 

ber_scanf fmt (}) ber:

>>> dnPrettyNormal: <uid=myuser,dc=example,dc=com>

=> ldap_bv2dn(uid=myuser,dc=example,dc=com,0)

<= ldap_bv2dn(uid=myuser,dc=example,dc=com)=0

=> ldap_dn2bv(272)

<= ldap_dn2bv(uid=myuser,dc=example,dc=com)=0

=> ldap_dn2bv(272)

<= ldap_dn2bv(uid=myuser,dc=example,dc=com)=0

<<< dnPrettyNormal: <uid=myuser,dc=example,dc=com>, <uid=myuser,dc=example,dc=com>

bdb_dn2entry("uid=myuser,dc=example,dc=com")

=> bdb_dn2id("dc=example,dc=com")

<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)

bdb_referrals: tag=104 target="uid=myuser,dc=example,dc=com" matched=""

==> bdb_add: uid=myuser,dc=example,dc=com

oc_check_required entry (uid=myuser,dc=example,dc=com), objectClass "person"

oc_check_required entry (uid=myuser,dc=example,dc=com), objectClass "posixAccount"

oc_check_allowed type "uid"

oc_check_allowed type "cn"

oc_check_allowed type "sn"

oc_check_allowed type "uidNumber"

oc_check_allowed type "gidNumber"

oc_check_allowed type "homeDirectory"

oc_check_allowed type "loginShell"

oc_check_allowed type "userPassword"

oc_check_allowed type "objectClass"

oc_check_allowed type "structuralObjectClass"

bdb_dn2entry("uid=myuser,dc=example,dc=com")

=> bdb_dn2id("dc=example,dc=com")

<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)

bdb_add: parent does not exist

send_ldap_result: conn=15 op=3 p=3

send_ldap_result: err=10 matched="" text=""

send_ldap_response: msgid=4 tag=105 err=32

 

I googled around for that DB_NOTFOUND problem and all I got were some ideas about permissions, but I’m starting OpenLDAP as root so I don’t think that is it. Maybe something I skipped on installation of OpenLDAP? Is there any step needed to initialize the DB?

 

This is my slapd.conf:

 

include         /usr/local/etc/openldap/schema/core.schema

include         /usr/local/etc/openldap/schema/cosine.schema

include         /usr/local/etc/openldap/schema/inetorgperson.schema

include         /usr/local/etc/openldap/schema/nis.schema

 

pidfile         /usr/local/var/run/slapd.pid

argsfile        /usr/local/var/run/slapd.args

 

database        bdb

suffix          "dc=example,dc=com"

rootdn          "cn=manager,dc=example,dc=com"

rootpw  [something]

 

directory       /usr/local/var/openldap-data

index   objectClass     eq

 

If anyone can help, it would be really appreciated.

 

Thank you,

Nuno

 




Hello List,
 
I am very new to OpenLDAP and I am trying to put a Linux box authenticating trough OpenLDAP instead of using the standard password file.
 
For this use I followed the tutorial you can find at http://ldots.org/ldap/ but it seems this howto is out of date. The first problem I ran into was when trying to insert a new user in LDIF format, I corrected the first error I got and now this is the file I have
 
dn: uid=myuser,ou=People,dc=example,dc=com
uid: myuser
cn: myuser
sn: Doe
givenname: John
objectclass: person
objectclass: posixaccount
objectclass: account
ou: People
uidnumber: 10001
gidnumber: 10001
homedirectory=: /home/ldap/john
loginshell: /bin/bash
 
When I try to run ldapadd I get the following error:
adding new entry "uid=branc0,ou=People,dc=example,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectclass: value #1 invalid per syntax
 
I am not sure what the problem is, although I’m pretty sure it is between the chair and the keyboard. Maybe someone on the list can direct me to a more up-to-date tutorial on setting up authentication with LDAP ?
 
OpenLDAP version is 2.4.7