Le jeu. 15 déc. 2011 10:59:31 CET, Raffael Sahli a écrit :
On 12/15/2011 10:54 AM, reyman wrote:
On Thu, Dec 15, 2011 at 10:24 AM, Raffael Sahli <public@raffaelsahli.com mailto:public@raffaelsahli.com> wrote:
On 12/15/2011 09:46 AM, rey sebastien wrote: Le jeu. 15 déc. 2011 08:51:29 CET, Raffael Sahli a écrit : OK, it's work, i have a fonctionnal slapd.d/cn=config folder, but i don't understand why i can't access to openldap with cn=admin,dc=parisgeo,dc=cnrs,dc=fr and good password generated by My slapd.conf before conversion contain the SSHA password generated by slappasswd for rootDn : ----- database bdb suffix "dc=parisgeo,dc=cnrs,dc=fr" rootdn "cn=admin,dc=parisgeo,dc=cnrs,dc=fr" rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxx ---- I try this : root@xxxxx:/usr/local/etc/openldap/slapd.d# ldapsearch -D cn=admin,dc=parisgeo,dc=cnrs,dc=fr -W -x 'userName=*' Enter LDAP Password: ldap_bind: Invalid credentials (49) Bizarre ... Perhaps i can try to redefine the rootdn, because it disapear with conversion ? Do you have an idea about this ? Thanks, SR. >Use slapadd. Again, RTFM. Everything you've asked in the past week or so has been documented in the manpages and the Admin Guide. Read and learn. Yes right, @rey rtfm, and ask your question again, if you're sure your point is not in the OpenLDAP manual. But i'm sure you will find your answer there. >Please trim irrelevant text from your emails. Please update your Subject line to something relevant to the actual discussion topic. @Howard, please say that to the guy who ask questions, and not me^^ Raffael Sahli wrote: On 14.12.2011 16:54, rey sebastien wrote: Le 13/12/2011 16:48, Raffael Sahli a écrit : Hi! It's not easy to start with zero configuration with cn=config new openldap administration .. I create my bd.ldif based on the slapd.ldif example in the /usr/local/etc/openldap directory. But how can i insert this ldif with ldapadd -Y EXTERNAL -H ldapi:/// -f myldiffile.ldif if i cannot run slapd without configuration ? How do you start a fresh install of openldap in this case? there is an option to run slapd without zero configuration? Thanks a lot, Use slapadd. Again, RTFM. Everything you've asked in the past week or so has been documented in the manpages and the Admin Guide. Read and learn. Everything ? really ... Install from sources with specific init script installation on debian ? Also, i find nothing about a fresh install directly with cn=config (without conversion of slapd.conf) into the admin guide ... I'm not a junior system administrator, i make a phd in geography / geomatics, and i have only one week before christmas to create and populate a new ldap in my laboratory. I try to learn the maximum with google/debian tutorial and a lot of false tutorial, but actually, and i'm sorry about that, i have no time to read all the man page, and all the admin guide ... Thanks you again for the time you take to answer to my question Raffael, and others. First, change the subject, your problem has nothing to do with SSL. And to your root password problem, if you just convert your offline config to online config, you root password will be the same as before. Did it worked with the offline configuration? Or change the olcRootPW manually in the config ldif of your database.
Hum i check into my config ldif and olcRootPW doesn't appear.
Sorry, but again RTFM http://www.openldap.org/doc/admin24/
Thats the global configuration, the password is in your database configuration.
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 7bbc1dd2 dn: cn=config objectClass: olcGlobal cn: config olcConfigFile: slapd.conf.seb olcConfigDir: /usr/local/etc/openldap/slapd.d/ olcArgsFile: /usr/local/var/run/slapd.args olcAttributeOptions: lang- olcAuthzPolicy: none olcConcurrency: 0 olcConnMaxPending: 100 olcConnMaxPendingAuth: 1000 olcGentleHUP: FALSE olcIdleTimeout: 0 olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcIndexIntLen: 4 olcLocalSSF: 71 olcLogLevel: Stats olcPidFile: /usr/local/var/run/slapd.pid olcReadOnly: FALSE olcReverseLookup: FALSE olcSaslHost: claroline.parisgeo.cnrs.fr http://claroline.parisgeo.cnrs.fr olcSaslSecProps: noplain,noanonymous olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcThreads: 16 olcTLSCRLCheck: none olcTLSVerifyClient: never olcToolThreads: 1 olcWriteTimeout: 0 structuralObjectClass: olcGlobal entryUUID: 065b0668-632b-4573-a915-bbe2caf96586 creatorsName: cn=config createTimestamp: 20111214212046Z entryCSN: 20111214212046.446261Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20111214212046Z
I try to re-add the pasword with slapmodify :
dn:cn=config changetype: modify add: olcRootDN olcRootDN: cn=admin,dc=parisgeo,dc=cnrs,dc=fr
dn: cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}1dWxkkRtyUJt5fDga0Pn4EAyKQ5RPI4+
root@xxxxx:/usr/local/etc/openldap# ldapadd -Y EXTERNAL -H ldapi:/// -f initSlapd.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" ldap_modify: Insufficient access (50)
Hum, i don't really understand why i have not access, i change only password, rootsuffix, and rootdn into the slapd.conf before conversion ..
I try to add manually the attribute olcRootPw, olcSuffix,olcRootDN olcSuffix: dc=parisgeo,dc=cnrs,dc=fr olcRootDN: cn=admin,dc=parisgeo,dc=cnrs,dc=fr olcRootPW: {SSHA}1dWxkkRtyUJt5fDga0Pn4EAyKQ5RPI4+
I have this error at restart : Dec 15 10:52:04 claroline slapd[11462]: olcSuffix: value #0: suffix <DC=parisgeo,DC=cnrs,DC=fr> not allowed in frontend database.
Hum i think it's a good idea to remove all config/data file, restart with a fresh slapd.conf and retry the conversion ..
-- Raffael Sahli public@raffaelsahli.com <mailto:public@raffaelsahli.com> Switzerland
-- Raffael Sahli public@raffaelsahli.com Switzerland
OK i verify into the slapd.d, and the three line is ok. I change the password directly in the file, but it's impossible to connect with cn=admin,dc=parisgeo,dc=cnrs,dc=fr
THe ldap log says : Dec 15 11:28:50 claroline slapd[12237]: conn=1001 fd=12 ACCEPT from IP=127.0.0.1:35697 (IP=0.0.0.0:389) Dec 15 11:28:50 claroline slapd[12237]: conn=1001 op=0 BIND dn="cn=admin,dc=parisgeo,dc=cnrs,dc=fr" method=128 Dec 15 11:28:50 claroline slapd[12237]: conn=1001 op=0 RESULT tag=97 err=49 text=