Hello to all.
My situation is the following. Migrating from an older Suse server : # rpm -qa | grep -i openldap openldap2-2.4.12-7.19.1 openldap2-client-2.4.12-7.19.1 to a New RHEL 6.6 server: # rpm -qa |grep ldap mod_authz_ldap-0.26-16.el6.x86_64 sssd-ldap-1.11.6-30.el6_6.4.x86_64 apr-util-ldap-1.3.9-3.el6_0.1.x86_64 openldap-clients-2.4.39-8.el6.x86_64 openldap-2.4.39-8.el6.x86_64 openldap-servers-2.4.39-8.el6.x86_64 compat-openldap-2.3.43-2.el6.x86_64 My exported information looks to be in order, has 47,000 lines but when I try to import it I run into trouble. ldapadd -x -D "cn=administrator,dc=mydomain,dc=com" -W -f nis.ldif.ldapDump When prompted for a password I am using the password from the old server (Suse) and that fails, thinking that no password has been setup on the new server I tried an empty password and that also failed. Next I tried setting a new password 'ldappasswd Testing123' but that gave a SASL failure GSSAPI error :( additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired) Am I going down the wrong road or what? Thanks for any help,KJ
--On Friday, January 29, 2016 8:25 PM +0000 k j kj37075@yahoo.com wrote:
ldapadd -x -D "cn=administrator,dc=mydomain,dc=com" -W -f nis.ldif.ldapDump
That is ldapadd, not slapadd.
Since you haven't imported your database yet, I'm going to guess the user doesn't exist in it yet, thus it can't bind. This is why one would need to use slapadd with slapd offline instead.
I would note it is highly recommended to avoid the broken RHEL packages of OpenLDAP. If you require paid support for your LDAP deployment, you likely want to contact Symas and use their packages. If you are fine without paid support, you may wish to use the packages provided by the LTB project if you are not comfortable building OpenLDAP on your own.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Noted: sorry of intermingling the two commands. It has been a bit frustrating with all of this.
I tried using ldapadd with just "manager" instead but seems all I get are ldap_bind: Invalid credentials (49)Tried using no CN at all, Is there a better guide for migrating ldap to a new server that anyone would recommend?
I've been using the Redhat guide but it obviously is lacking a little bit and their support is too. With no CN: # ldapadd -x -D "dc=mydomain,dc=com" -W -f /tmp/nis.ldif.ldapDumpEnter LDAP Password:ldap_bind: Invalid credentials (49)
Tried with no password, assuming that none has been correctly set:# ldapadd -x -D "dc=mydomain,dc=com" -W -f /tmp/nis.ldif.ldapDumpEnter LDAP Password:ldap_bind: Server is unwilling to perform (53) additional info: unauthenticated bind (DN with no password) disallowed Turn of slapd and use slapadd: # slapadd -l /tmp/nis.ldif.ldapDump56afc9ed The first database does not allow slapadd; using the first available one (2)56afc9ed bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2).Expect poor performance for suffix "dc=my-domain,dc=com".slapadd: line 1: database #2 (dc=my-domain,dc=com) not configured to hold "ou=Hosts,dc=company,dc=com"; no database configured for that naming context_ 0.01% eta none elapsed none spd 2.3 M/sClosing DB... Surely I am not the first person to try migrating data but searching for good guides on this has not turned up anything that works.
BTW Quanah, I loved my Zimbra server back in the 3.x days, was wonderful, hated leaving that behind. Not sure how long you've been with them but kudos for your work with that. Thanks again, Ken From: Quanah Gibson-Mount quanah@zimbra.com To: k j kj37075@yahoo.com; openldap-technical@openldap.org Sent: Friday, January 29, 2016 3:35 PM Subject: Re: problem with slapadd in migrating LDAP servers
--On Friday, January 29, 2016 8:25 PM +0000 k j kj37075@yahoo.com wrote:
ldapadd -x -D "cn=administrator,dc=mydomain,dc=com" -W -f nis.ldif.ldapDump
That is ldapadd, not slapadd.
Since you haven't imported your database yet, I'm going to guess the user doesn't exist in it yet, thus it can't bind. This is why one would need to use slapadd with slapd offline instead.
I would note it is highly recommended to avoid the broken RHEL packages of OpenLDAP. If you require paid support for your LDAP deployment, you likely want to contact Symas and use their packages. If you are fine without paid support, you may wish to use the packages provided by the LTB project if you are not comfortable building OpenLDAP on your own.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
--On Monday, February 01, 2016 9:13 PM +0000 k j kj37075@yahoo.com wrote:
# slapadd -l /tmp/nis.ldif.ldapDump 56afc9ed The first database does not allow slapadd; using the first available one (2) 56afc9ed bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2). Expect poor performance for suffix "dc=my-domain,dc=com". slapadd: line 1: database #2 (dc=my-domain,dc=com) not configured to hold "ou=Hosts,dc=company,dc=com"; no database configured for that naming context
That seems pretty clear. You're trying to import "ou=hosts,dc=company,dc=com" into a database that's configured to hold data for "dc=my-domain,dc=com". Clearly those are not even remotely the same. It also seems like you're purely importing host data, which may be problematic if this is an empty database.
Your ldapadd is also clearly invalid, because you're trying to do it as "dc=mydomain,dc=com" where the DB is clearly configured as "dc=my-domain,dc=com". Again, clearly not the same thing at all.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration A division of Synacor, Inc
Thanks for such a quick response on my last post. The mydomain vs my-domain is just that I am not using the actual domain for security purposes. I left out the - when typing over the real name. Just as "SekRit" seen above is not the real password to be appearing on the internet.
So I could use some guidance an clearing out the DB or setting it up. I have reviewed 10. Database Creation and Maintenance Tools in the admin24 guide but still seem to be having trouble.
slapd runnning:# ldapadd -f /root/initializeDB.ldif -x -D "cn=administrator,dc=my-domain,dc=com" -w SekRitldap_bind: Invalid credentials (49) slapd off: # slapadd -l /root/initializeDB.ldif -F /etc/openldap/slapd.d/cn=configAvailable database(s) do not allow slapadd Maybe there is a way to just wipe out any contents and password in the database for a fresh start?
Thanks again, Ken
From: Quanah Gibson-Mount quanah@zimbra.com To: k j kj37075@yahoo.com; openldap-technical@openldap.org Sent: Monday, February 1, 2016 3:20 PM Subject: Re: problem with slapadd in migrating LDAP servers
--On Monday, February 01, 2016 9:13 PM +0000 k j kj37075@yahoo.com wrote:
# slapadd -l /tmp/nis.ldif.ldapDump 56afc9ed The first database does not allow slapadd; using the first available one (2) 56afc9ed bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2). Expect poor performance for suffix "dc=my-domain,dc=com". slapadd: line 1: database #2 (dc=my-domain,dc=com) not configured to hold "ou=Hosts,dc=company,dc=com"; no database configured for that naming context
That seems pretty clear. You're trying to import "ou=hosts,dc=company,dc=com" into a database that's configured to hold data for "dc=my-domain,dc=com". Clearly those are not even remotely the same. It also seems like you're purely importing host data, which may be problematic if this is an empty database.
Your ldapadd is also clearly invalid, because you're trying to do it as "dc=mydomain,dc=com" where the DB is clearly configured as "dc=my-domain,dc=com". Again, clearly not the same thing at all.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration A division of Synacor, Inc
--On Monday, February 01, 2016 10:05 PM +0000 k j kj37075@yahoo.com wrote:
So I could use some guidance an clearing out the DB or setting it up. I have reviewed 10. Database Creation and Maintenance Tools in the admin24 guide but still seem to be having trouble.
slapd runnning: # ldapadd -f /root/initializeDB.ldif -x -D # "cn=administrator,dc=my-domain,dc=com" -w SekRit ldap_bind: Invalid credentials (49)
Then either (a) You're using the wrong password for that DN, OR that DN doesn't actually exist (either as the rootDN in the configuration files, or as an entry in the DB).
slapd off:
# slapadd -l /root/initializeDB.ldif -F /etc/openldap/slapd.d/cn=config Available database(s) do not allow slapadd
You are missing a -b option to say which DB you want slapadd to go against.
Generally, there is way too little information to go on here. Do you have an existing DB already? I've no idea. Is cn=administrator,... a valid DN? No idea. etc.
You can use slapcat to /export/ any existing data you have, that could determine whether or not you have an existing DB. You may also want to examine your configuration as to rootDN, etc, as well.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration A division of Synacor, Inc
openldap-technical@openldap.org
-
k j -
Quanah Gibson-Mount