[ale] LDAP Problems (newbie)

Mike Panetta ahuitzot at mindspring.com
Fri Aug 6 20:02:35 EDT 2004 

I just set up an LDAP auth server today, using this FAQ:

http://www.mandrakesecure.net/en/docs/ldap-auth2.php

with no problems at all.  It works, I can log in, and redhat even
does most of what is required as far as PAM is concirned
with its autconfig tool.  All I had to set up was the ldap
database itself.  I am using the tool at the bottom of the
page to add users and groups, and restrict access to certian
clients with no problems at all.  I am sure that if you follow
that doc in order that things are presented you should have
a successfull ldap login within a few hours of work.

I highly suggest you use the above doc, and nothing else
to at least get started, as its the most up to date one I have
seen, and the only one that helped me get this thing working
(I have been trying with other docs for the last 2 days without
success).

After you get logins to work, then is where you can play around
with the other stuff and get it to work.  That will make it much
easier to debug the problems I think.


Mike


-----Original Message-----
From: "Nathan J. Underwood" <ale1 at cybertechcafe.net>
Sent: Aug 6, 2004 12:37 PM
To: Atlanta Linux Enthusiasts <ale at ale.org>
Subject: Re: [ale] LDAP Problems (newbie)

In trying to get a control specimen to work with, I cut and pasted the 
.ldif file from the page on Linux Journal, and modified it so that it 
was using my domain name rather than foo.com, and root rather than 
manager, and then copied and pasted the slapd.conf from the site (again, 
substituting my domain name and root).  This time, though, when I try to 
add the .ldif, I get the following error:

[root at gandalf openldap]# ldapadd -x -D 'cn=root,dc=domainname,dc=com' -f 
ldifs/top.ldif -W
Enter LDAP Password:
adding new entry "dc=domanname,dc=com"
ldapadd: update failed: dc=domainname,dc=com
ldap_add: Internal (implementation specific) error (80)

I googled a bit, and found that 80 seems to be some kind of 
miscellaneous error, which didn't help out much.  Below are my 
slapd.conf and top.ldif file.

****  slapd.conf
# Schemas to use
include  /etc/openldap/schema/core.schema
include  /etc/openldap/schema/cosine.schema
include  /etc/openldap/schema/inetorgperson.schema
include  /etc/openldap/schema/nis.schema
include  /etc/openldap/schema/redhat/
rfc822-MailMember.schema
include  /etc/openldap/schema/redhat/autofs.schema
include  /etc/openldap/schema/redhat/
kerberosobject.schema

database       ldbm
suffix         "dc=domanname,dc=com"
rootdn         "cn=root, dc=domanname, dc=com"
rootpw         {SSHA}PDquw1to2fRhHCQ08r8Td51I6B3CiYbt
directory      /var/lib/ldap/domanname.com
loglevel -1

index   default                             eq
index   objectClass,uid,uidNumber,gidNumber eq
index   cn,mail,surname,givenname           eq,sub

# Access Control (See openldap v.2.0 Admin Guide)
access to attr=userPassword
    by self         write
    by anonymous    auth
    by dn="cn=root,dc=domanname,dc=com"       write
    by *    compare
access to *
    by self write
    by dn="cn=root,dc=domanname,dc=com"       write
    by * read

**** top.ldif

dn: dc=domanname,dc=com
objectclass: dcObject
objectclass: organization
o: domain name
dc: domanname   <-------If I put the .com on here, I get the other (64) 
error.  I apologize, but I'm at the trial and error stage now.  Not very 
  scientific, but when I get it right, I can work backwards from there.

dn: cn=root, dc=domanname, dc=com
objectclass: organizationalRole
cn: manager

dn: ou=people, dc=domanname, dc=com
ou: people
objectclass: organizationalUnit
objectclass: domainRelatedObject
associatedDomain: domanname.com

dn: ou=contacts, ou=people, dc=domanname, dc=com
ou: contacts
ou: people
objectclass: organizationalUnit
objectclass: domainRelatedObject
associatedDomain: domanname.com

dn: ou=group, dc=domanname, dc=com
ou: group
objectclass: organizationalUnit
objectclass: domainRelatedObject


--
registered linux user # 73046

Nathan J. Underwood
Cyber Tech Cafe' <><
http://www.cybertechcafe.net

Nathan J. Underwood wrote:
> Ok, I'm fumbling my way through this LDAP / Samba v3 stuff for domain 
> authentication, and I'm just not having a lot of luck.  I have my 
> /etc/openldap/slapd.conf file setup the way that (I believe) I need it 
> (per the Quick Start guide and 
> http://www.linuxjournal.com/article.php?sid=6266), and I'm able to start 
> and query the server.  The article at 
> http://www.linuxjournal.com/article.php?sid=6266 is actually pretty much 
> everything that I want to do, so I got excited when I found it, but it's 
> not working quite like I'd hoped.  I've basically mirrored the 
> slapd.conf file, and created a top.ldif file that's almost identical to 
> the one listed (I've changed foo to my domain name).  When I try to use 
> ldapadd to add it to the directory, I get the following error:
> 
> ldap_add: Naming violation (64)
>         additional info: value of naming attribute 'dc' is not present 
> in entry
> 
> I'm going to continue googling (isn't it funny how that's a verb now?), 
> but if any of you have had / overcome the same problem, any pointers 
> would be appreciated.
> -- 
> registered linux user # 73046
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list