# ldapsearch -h localhost -x -b '' -s base +
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: +
#
#
dn:
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts: dc=toby,dc=org,dc=org
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
supportedControl: 1.3.6.1.4.1.4203.666.5.16
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.3344810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedExtension: 1.3.6.1.1.8
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
supportedSASLMechanisms: OTP
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
entryDN:
subschemaSubentry: cn=Subschema
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
#
-Toby
-----Original Message-----
From: Bill MacAllister [mailto:whm@stanford.edu]
Sent: Wednesday, April 18, 2012 9:25 AM
To: Richards, Toby; Brandon Hume; openldap-technical@openldap.org
Subject: RE: ldapd vs. slapd
--On Wednesday, April 18, 2012 08:57:20 AM -0700 "Richards, Toby"
<toby.richards@slo.courts.ca.gov> wrote:
> Yes. I have one of those free subdomains (org.org), so mine is
toby.org.org.
>
> Something is definitely wrong. I've been scouring the Internet for
> documentation and tutorials. I finally broke down, and downloaded a
> GUI LDAP tool. Actually, I've tried several including jxplorer and
> LDAP Administration Tool, but I like the one by Jarek Gawor best:
>
> http://www.novell.com/communities/node/8652/gawors-excellent-ldap-brow
> seredi
> tor-v282
>
> Anyway, the GUI isn't even working. It gives me errors that it can't
> read dc=toby,dc=org,dc=org. It errors and fails when I try to add a
> user. I'm not sure what could be wrong with my conf files. They're
> pretty much set up with all the defaults except with my own realm instead
of dc=example,dc=com.
>
> Am I supposed to do something between editing the conf files/starting
> slapd and adding users?
>
> -Toby
What do you get when you try a base dn search, i.e.
% ldapsearch -h your-host -x -b '' -s base +
Bill
>
> -----Original Message-----
> From: Bill MacAllister [mailto:whm@stanford.edu]
> Sent: Wednesday, April 18, 2012 8:52 AM
> To: Richards, Toby; Brandon Hume; openldap-technical@openldap.org
> Subject: RE: ldapd vs. slapd
>
>
>
> --On Wednesday, April 18, 2012 08:19:29 AM -0700 "Richards, Toby"
> <toby.richards@slo.courts.ca.gov> wrote:
>
>> So I've followed the suggestion to have only the objectClass
> inetOrgPerson.
>> Now I'm told that there's no such object. My LDIF file:
>>
>> dn: uid=trichards,dc=toby,dc=org,dc=org
>
> Did you really mean to have dc=org twice?
>
> Bill
>
>> cn: Toby Richards
>> givenName: Toby
>> sn: Richards
>> uid: trichards
>> mail: trichards@toby.org.org
>> objectClass: inetOrgPerson
>> password: {CRYPT}*
>>
>> Result: ldap_add: No such object (32)
>>
>> -Toby
>>
>> -----Original Message-----
>> From: openldap-technical-bounces@OpenLDAP.org
>> [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Brandon
>> Hume
>> Sent: Tuesday, April 17, 2012 9:16 AM
>> To: openldap-technical@openldap.org
>> Subject: Re: ldapd vs. slapd
>>
>> On 04/17/12 12:47 PM, Richards, Toby wrote:
>>> The above doesn't work. It says that top/account isn't a valid chain.
>>>
>>
>> What happens if you leave out "account"? It's a structural
>> objectclass and is likely conflicting with inetOrgPerson.
>>
>> If you check cosine.schema, you'll see the objectclass "account" as
>> being meant for a computer account. You're essentially adding an
>> entry that says it's for a person *and* a computer. (A cyborg,
>> maybe?) LDAP wants clear lines of inheritance.
--
Bill MacAllister
Infrastructure Delivery Group, Stanford University
Attachment:
smime.p7s
Description: S/MIME cryptographic signature