[ale] LDAP Problems (newbie)
Mike Panetta
ahuitzot at mindspring.com
Fri Aug 6 20:02:35 EDT 2004
I just set up an LDAP auth server today, using this FAQ:
http://www.mandrakesecure.net/en/docs/ldap-auth2.php
with no problems at all. It works, I can log in, and redhat even
does most of what is required as far as PAM is concirned
with its autconfig tool. All I had to set up was the ldap
database itself. I am using the tool at the bottom of the
page to add users and groups, and restrict access to certian
clients with no problems at all. I am sure that if you follow
that doc in order that things are presented you should have
a successfull ldap login within a few hours of work.
I highly suggest you use the above doc, and nothing else
to at least get started, as its the most up to date one I have
seen, and the only one that helped me get this thing working
(I have been trying with other docs for the last 2 days without
success).
After you get logins to work, then is where you can play around
with the other stuff and get it to work. That will make it much
easier to debug the problems I think.
Mike
-----Original Message-----
From: "Nathan J. Underwood" <ale1 at cybertechcafe.net>
Sent: Aug 6, 2004 12:37 PM
To: Atlanta Linux Enthusiasts <ale at ale.org>
Subject: Re: [ale] LDAP Problems (newbie)
In trying to get a control specimen to work with, I cut and pasted the
.ldif file from the page on Linux Journal, and modified it so that it
was using my domain name rather than foo.com, and root rather than
manager, and then copied and pasted the slapd.conf from the site (again,
substituting my domain name and root). This time, though, when I try to
add the .ldif, I get the following error:
[root at gandalf openldap]# ldapadd -x -D 'cn=root,dc=domainname,dc=com' -f
ldifs/top.ldif -W
Enter LDAP Password:
adding new entry "dc=domanname,dc=com"
ldapadd: update failed: dc=domainname,dc=com
ldap_add: Internal (implementation specific) error (80)
I googled a bit, and found that 80 seems to be some kind of
miscellaneous error, which didn't help out much. Below are my
slapd.conf and top.ldif file.
**** slapd.conf
# Schemas to use
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/
rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/
kerberosobject.schema
database ldbm
suffix "dc=domanname,dc=com"
rootdn "cn=root, dc=domanname, dc=com"
rootpw {SSHA}PDquw1to2fRhHCQ08r8Td51I6B3CiYbt
directory /var/lib/ldap/domanname.com
loglevel -1
index default eq
index objectClass,uid,uidNumber,gidNumber eq
index cn,mail,surname,givenname eq,sub
# Access Control (See openldap v.2.0 Admin Guide)
access to attr=userPassword
by self write
by anonymous auth
by dn="cn=root,dc=domanname,dc=com" write
by * compare
access to *
by self write
by dn="cn=root,dc=domanname,dc=com" write
by * read
**** top.ldif
dn: dc=domanname,dc=com
objectclass: dcObject
objectclass: organization
o: domain name
dc: domanname <-------If I put the .com on here, I get the other (64)
error. I apologize, but I'm at the trial and error stage now. Not very
scientific, but when I get it right, I can work backwards from there.
dn: cn=root, dc=domanname, dc=com
objectclass: organizationalRole
cn: manager
dn: ou=people, dc=domanname, dc=com
ou: people
objectclass: organizationalUnit
objectclass: domainRelatedObject
associatedDomain: domanname.com
dn: ou=contacts, ou=people, dc=domanname, dc=com
ou: contacts
ou: people
objectclass: organizationalUnit
objectclass: domainRelatedObject
associatedDomain: domanname.com
dn: ou=group, dc=domanname, dc=com
ou: group
objectclass: organizationalUnit
objectclass: domainRelatedObject
--
registered linux user # 73046
Nathan J. Underwood
Cyber Tech Cafe' <><
http://www.cybertechcafe.net
Nathan J. Underwood wrote:
> Ok, I'm fumbling my way through this LDAP / Samba v3 stuff for domain
> authentication, and I'm just not having a lot of luck. I have my
> /etc/openldap/slapd.conf file setup the way that (I believe) I need it
> (per the Quick Start guide and
> http://www.linuxjournal.com/article.php?sid=6266), and I'm able to start
> and query the server. The article at
> http://www.linuxjournal.com/article.php?sid=6266 is actually pretty much
> everything that I want to do, so I got excited when I found it, but it's
> not working quite like I'd hoped. I've basically mirrored the
> slapd.conf file, and created a top.ldif file that's almost identical to
> the one listed (I've changed foo to my domain name). When I try to use
> ldapadd to add it to the directory, I get the following error:
>
> ldap_add: Naming violation (64)
> additional info: value of naming attribute 'dc' is not present
> in entry
>
> I'm going to continue googling (isn't it funny how that's a verb now?),
> but if any of you have had / overcome the same problem, any pointers
> would be appreciated.
> --
> registered linux user # 73046
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list