On 12/15/2011 10:54 AM, reyman wrote:


On Thu, Dec 15, 2011 at 10:24 AM, Raffael Sahli <public@raffaelsahli.com> wrote:
On 12/15/2011 09:46 AM, rey sebastien wrote:
Le jeu. 15 déc. 2011 08:51:29 CET, Raffael Sahli a écrit :


OK, it's work, i have a fonctionnal slapd.d/cn=config folder, but i don't understand why i can't access to openldap with cn=admin,dc=parisgeo,dc=cnrs,dc=fr and good password generated by


My slapd.conf before conversion contain the SSHA password generated by slappasswd for rootDn :
-----

database bdb
suffix "dc=parisgeo,dc=cnrs,dc=fr"
rootdn "cn=admin,dc=parisgeo,dc=cnrs,dc=fr"
rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxx

----
I try this : root@xxxxx:/usr/local/etc/openldap/slapd.d# ldapsearch -D cn=admin,dc=parisgeo,dc=cnrs,dc=fr -W -x 'userName=*'
Enter LDAP Password: ldap_bind: Invalid credentials (49)

Bizarre ...
Perhaps i can try to redefine the rootdn, because it disapear with conversion ?
Do you have an idea about this ?

Thanks,
SR.

>Use slapadd. Again, RTFM. Everything you've asked in the past week or so has been documented in the manpages and the Admin Guide. Read and learn.

Yes right, @rey rtfm, and ask your question again, if you're sure your point is not in the OpenLDAP manual.
But i'm sure you will find your answer there.



>Please trim irrelevant text from your emails. Please update your Subject line to something relevant to the actual discussion topic.
@Howard, please say that to the guy who ask questions, and not me^^


Raffael Sahli wrote:
On 14.12.2011 16:54, rey sebastien wrote:
Le 13/12/2011 16:48, Raffael Sahli a écrit :

Hi!
It's not easy to start with zero configuration with cn=config new
openldap administration ..
I create my bd.ldif based on the slapd.ldif example in the
/usr/local/etc/openldap directory.
But how can i insert this ldif with

ldapadd -Y EXTERNAL -H ldapi:/// -f myldiffile.ldif

if i cannot run slapd without configuration ?
How do you start a fresh install of openldap in this case? there is an
option to run slapd without zero configuration?
Thanks a lot,

Use slapadd. Again, RTFM. Everything you've asked in the past week or so has been documented in the manpages and the Admin Guide. Read and learn.



Everything ? really ... Install from sources with specific init script installation on debian ? Also, i find nothing about a fresh install directly with cn=config (without conversion of slapd.conf) into the admin guide ...

I'm not a junior system administrator, i make a phd in geography / geomatics, and i have only one week before christmas to create and populate a new ldap in my laboratory. I try to learn the maximum with google/debian tutorial and a lot of false tutorial, but actually, and i'm sorry about that, i have no time to read all the man page, and all the admin guide ...

Thanks you again for the time you take to answer to my question Raffael, and others.

First, change the subject, your problem has nothing to do with SSL.

And to your root password problem, if you just convert your offline config to online config, you root password will be the same as before.
Did it worked with the offline configuration?
Or change the olcRootPW manually in the config ldif of your database.

 
Hum i check  into my config ldif and olcRootPW doesn't appear.

Sorry, but again RTFM http://www.openldap.org/doc/admin24/

Thats the global configuration, the password is in your database configuration.


# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 7bbc1dd2
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: slapd.conf.seb
olcConfigDir: /usr/local/etc/openldap/slapd.d/
olcArgsFile: /usr/local/var/run/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcLocalSSF: 71
olcLogLevel: Stats
olcPidFile: /usr/local/var/run/slapd.pid
olcReadOnly: FALSE
olcReverseLookup: FALSE
olcSaslHost: claroline.parisgeo.cnrs.fr
olcSaslSecProps: noplain,noanonymous
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCRLCheck: none
olcTLSVerifyClient: never
olcToolThreads: 1
olcWriteTimeout: 0
structuralObjectClass: olcGlobal
entryUUID: 065b0668-632b-4573-a915-bbe2caf96586
creatorsName: cn=config
createTimestamp: 20111214212046Z
entryCSN: 20111214212046.446261Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20111214212046Z

I try to re-add the pasword with slapmodify :

dn:cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,dc=parisgeo,dc=cnrs,dc=fr

dn: cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}1dWxkkRtyUJt5fDga0Pn4EAyKQ5RPI4+

root@xxxxx:/usr/local/etc/openldap# ldapadd -Y EXTERNAL -H ldapi:/// -f initSlapd.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
ldap_modify: Insufficient access (50)

Hum, i don't really understand why i have not access,
i change only password, rootsuffix, and rootdn into the slapd.conf before conversion ..

I try to add manually the attribute olcRootPw, olcSuffix,olcRootDN
olcSuffix: dc=parisgeo,dc=cnrs,dc=fr
olcRootDN: cn=admin,dc=parisgeo,dc=cnrs,dc=fr
olcRootPW: {SSHA}1dWxkkRtyUJt5fDga0Pn4EAyKQ5RPI4+

I have this error at restart :
Dec 15 10:52:04 claroline slapd[11462]: olcSuffix: value #0: suffix <DC=parisgeo,DC=cnrs,DC=fr> not allowed in frontend database.

Hum i think it's a good idea to remove all config/data file, restart with a fresh slapd.conf and retry the conversion ..

 

--
Raffael Sahli
public@raffaelsahli.com
Switzerland




--




-- 
Raffael Sahli
public@raffaelsahli.com
Switzerland