I'm working on putting together a new RHEL4 box to serve as our primary Samba server, and I'd like to have OpenLDAP running on it for the userbase backend. I've tried this on and off for several years, but have never been totally successful, and ended up using other options. This time, I'd really like to get it to work.
I'm using a howto as a guide that was written specifically for RHEL4 and Samba, http://www.grennan.com/ldap-HOWTO.html (Stalled at step 4.1) I'm at the point where I'm adding my first record, and with success, I should just get a prompt back. Unfortunately, I don't just get a prompt back.
Commandline error message: [root@ggw-s-bdc openldap]# ldapadd -a -W -x -D "cn=Manager,dc=ggw,dc=nws,dc=noaa" -f base.ldif Enter LDAP Password: adding new entry "dc=nws,dc=noaa" ldap_add: Server is unwilling to perform (53) additional info: no global superior knowledge
Based on this, http://www.openldap.org/faq/data/cache/157.html, I'm guessing that my problem is that I'm adding ggw.nws.noaa before I added nws.noaa, but I'm not sure how to correct my ldif file to indicate that. I used a tool referenced in the howto to automatically generate the base.ldif. From looking at the file, it appears to me like there is a nws.noaa before the ggw.nws.noaa.
The reason for me using ggw.nws.noaa is that at some point, we are going to move to AD, and the 'vision' statement for that move has our office using that three segment identifier.
I don't know where I'm going wrong here.
Thanks for any pointers, Gar
Contents of base.ldif: dn: dc=nws,dc=noaa dc: nws objectClass: top objectClass: domain
dn: dc=ggw,dc=nws,dc=noaa dc: ggw objectClass: top objectClass: domain
dn: ou=Hosts,dc=ggw,dc=nws,dc=noaa ou: Hosts objectClass: top objectClass: organizationalUnit
dn: ou=Rpc,dc=ggw,dc=nws,dc=noaa ou: Rpc objectClass: top objectClass: organizationalUnit
dn: ou=Services,dc=ggw,dc=nws,dc=noaa ou: Services objectClass: top objectClass: organizationalUnit
dn: nisMapName=netgroup.byuser,dc=ggw,dc=nws,dc=noaa nismapname: netgroup.byuser objectClass: top objectClass: nisMap
dn: ou=Mounts,dc=ggw,dc=nws,dc=noaa ou: Mounts objectClass: top objectClass: organizationalUnit
dn: ou=Networks,dc=ggw,dc=nws,dc=noaa ou: Networks objectClass: top objectClass: organizationalUnit
dn: ou=People,dc=ggw,dc=nws,dc=noaa ou: People objectClass: top objectClass: organizationalUnit
dn: ou=Group,dc=ggw,dc=nws,dc=noaa ou: Group objectClass: top objectClass: organizationalUnit
dn: ou=Netgroup,dc=ggw,dc=nws,dc=noaa ou: Netgroup objectClass: top objectClass: organizationalUnit
dn: ou=Protocols,dc=ggw,dc=nws,dc=noaa ou: Protocols objectClass: top objectClass: organizationalUnit
dn: ou=Aliases,dc=ggw,dc=nws,dc=noaa ou: Aliases objectClass: top objectClass: organizationalUnit
dn: nisMapName=netgroup.byhost,dc=ggw,dc=nws,dc=noaa nismapname: netgroup.byhost objectClass: top objectClass: nisMap
Content of slapd.conf: (comments removed) include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema loglevel -1 allow bind_v2 pidfile /var/run/slapd.pid argsfile /var/run/slapd.args database bdb suffix "dc=ggw,dc=nws,dc=noaa" rootdn "cn=Manager,dc=ggw,dc=nws,dc=noaa" rootpw secret directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq
Installed OpenLDAP rpms: openldap-devel-2.2.13-7.4E openldap-2.2.13-7.4E openldap-clients-2.2.13-7.4E openldap-servers-2.2.13-7.4E nss_ldap-226-18 db4-4.2.52-7.1 db4-utils-4.2.52-7.1 db4-devel-4.2.52-7.1
slapd command line: ldap 7785 1 0 10:59 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldap:///
In slapd.com, you have: Suffix "dc=ggw,dc=nws,dc=noaa"
So your server is not defined to know anything above that. By attempting to add the "dc=nws,dc=noaa" entry, you are effectively trying to add something your server is not configured to serve. Try removing that from your ldif file (or make the suffix in slapd.conf just "dc=nws,dc=noaa").
- Jeff
The electronic mail message you have received and any files transmitted with it are confidential and solely for the intended addressee(s) attention. Do not divulge, copy, forward, or use the contents, attachments, or information without permission of Fannie Mae. Information contained in this message is provided solely for the purpose stated in the message or its attachment(s) and must not be disclosed to any third party or used for any other purpose without consent of Fannie Mae. If you have received this message and/or any files transmitted with it in error, please delete them from your system, destroy any hard copies of them, and contact the sender.
-----Original Message----- From: openldap-software-bounces+jeff_clowser=fanniemae.com@openldap.org [mailto:openldap-software-bounces+jeff_clowser=fanniemae.com@openldap.or g] On Behalf Of Gar Nelson Sent: Wednesday, October 17, 2007 9:05 AM To: openldap-software@openldap.org Subject: Problems with initial install of OpenLDAP
I'm working on putting together a new RHEL4 box to serve as our primary Samba server, and I'd like to have OpenLDAP running on it for the userbase backend. I've tried this on and off for several years, but have never been totally successful, and ended up using other options. This time, I'd really like to get it to work.
I'm using a howto as a guide that was written specifically for RHEL4 and
Samba, http://www.grennan.com/ldap-HOWTO.html (Stalled at step 4.1) I'm at the point where I'm adding my first record, and with success, I should just get a prompt back. Unfortunately, I don't just get a prompt
back.
Commandline error message: [root@ggw-s-bdc openldap]# ldapadd -a -W -x -D "cn=Manager,dc=ggw,dc=nws,dc=noaa" -f base.ldif Enter LDAP Password: adding new entry "dc=nws,dc=noaa" ldap_add: Server is unwilling to perform (53) additional info: no global superior knowledge
Based on this, http://www.openldap.org/faq/data/cache/157.html, I'm guessing that my problem is that I'm adding ggw.nws.noaa before I added nws.noaa, but I'm not sure how to correct my ldif file to indicate that.
I used a tool referenced in the howto to automatically generate the base.ldif. From looking at the file, it appears to me like there is a nws.noaa before the ggw.nws.noaa.
The reason for me using ggw.nws.noaa is that at some point, we are going
to move to AD, and the 'vision' statement for that move has our office using that three segment identifier.
I don't know where I'm going wrong here.
Thanks for any pointers, Gar
Contents of base.ldif: dn: dc=nws,dc=noaa dc: nws objectClass: top objectClass: domain
dn: dc=ggw,dc=nws,dc=noaa dc: ggw objectClass: top objectClass: domain
dn: ou=Hosts,dc=ggw,dc=nws,dc=noaa ou: Hosts objectClass: top objectClass: organizationalUnit
dn: ou=Rpc,dc=ggw,dc=nws,dc=noaa ou: Rpc objectClass: top objectClass: organizationalUnit
dn: ou=Services,dc=ggw,dc=nws,dc=noaa ou: Services objectClass: top objectClass: organizationalUnit
dn: nisMapName=netgroup.byuser,dc=ggw,dc=nws,dc=noaa nismapname: netgroup.byuser objectClass: top objectClass: nisMap
dn: ou=Mounts,dc=ggw,dc=nws,dc=noaa ou: Mounts objectClass: top objectClass: organizationalUnit
dn: ou=Networks,dc=ggw,dc=nws,dc=noaa ou: Networks objectClass: top objectClass: organizationalUnit
dn: ou=People,dc=ggw,dc=nws,dc=noaa ou: People objectClass: top objectClass: organizationalUnit
dn: ou=Group,dc=ggw,dc=nws,dc=noaa ou: Group objectClass: top objectClass: organizationalUnit
dn: ou=Netgroup,dc=ggw,dc=nws,dc=noaa ou: Netgroup objectClass: top objectClass: organizationalUnit
dn: ou=Protocols,dc=ggw,dc=nws,dc=noaa ou: Protocols objectClass: top objectClass: organizationalUnit
dn: ou=Aliases,dc=ggw,dc=nws,dc=noaa ou: Aliases objectClass: top objectClass: organizationalUnit
dn: nisMapName=netgroup.byhost,dc=ggw,dc=nws,dc=noaa nismapname: netgroup.byhost objectClass: top objectClass: nisMap
Content of slapd.conf: (comments removed) include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema loglevel -1 allow bind_v2 pidfile /var/run/slapd.pid argsfile /var/run/slapd.args database bdb suffix "dc=ggw,dc=nws,dc=noaa" rootdn "cn=Manager,dc=ggw,dc=nws,dc=noaa" rootpw secret directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq
Installed OpenLDAP rpms: openldap-devel-2.2.13-7.4E openldap-2.2.13-7.4E openldap-clients-2.2.13-7.4E openldap-servers-2.2.13-7.4E nss_ldap-226-18 db4-4.2.52-7.1 db4-utils-4.2.52-7.1 db4-devel-4.2.52-7.1
slapd command line: ldap 7785 1 0 10:59 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldap:///
Gar Nelson writes:
adding new entry "dc=nws,dc=noaa" ldap_add: Server is unwilling to perform (53) additional info: no global superior knowledge (...) Content of slapd.conf: (comments removed) (...) suffix "dc=ggw,dc=nws,dc=noaa"
Your slapd can only hold entries with DNs ending in your suffix. "dc=nws,dc=noaa" is "outside" that subtree, hence it must be elsewhere - but you didn't tell slapd where.
The fix is to either remove the "dc=nws,dc=noaa" entry from your LDIF or to change your suffix to "dc=nws,dc=noaa".
That was exactly it. Thank you. I edited the base.ldif file to remove that first entry (nws.noaa) and then the ldapadd worked perfectly.
Gar
Hallvard B Furuseth wrote:
Gar Nelson writes:
adding new entry "dc=nws,dc=noaa" ldap_add: Server is unwilling to perform (53) additional info: no global superior knowledge (...) Content of slapd.conf: (comments removed) (...) suffix "dc=ggw,dc=nws,dc=noaa"
Your slapd can only hold entries with DNs ending in your suffix. "dc=nws,dc=noaa" is "outside" that subtree, hence it must be elsewhere - but you didn't tell slapd where.
The fix is to either remove the "dc=nws,dc=noaa" entry from your LDIF or to change your suffix to "dc=nws,dc=noaa".
openldap-software@openldap.org
-
Clowser, Jeff (Contractor) -
Gar Nelson -
Hallvard B Furuseth