12:25 p.m.
Hello to all.
My situation is the following.
Migrating from an older Suse server : # rpm -qa | grep -i openldap
openldap2-2.4.12-7.19.1 openldap2-client-2.4.12-7.19.1
to a New RHEL 6.6 server: # rpm -qa |grep ldap mod_authz_ldap-0.26-16.el6.x86_64
sssd-ldap-1.11.6-30.el6_6.4.x86_64 apr-util-ldap-1.3.9-3.el6_0.1.x86_64
openldap-clients-2.4.39-8.el6.x86_64 openldap-2.4.39-8.el6.x86_64
openldap-servers-2.4.39-8.el6.x86_64 compat-openldap-2.3.43-2.el6.x86_64
My exported information looks to be in order, has 47,000 lines but when I try to import it
I run into trouble.
ldapadd -x -D "cn=administrator,dc=mydomain,dc=com" -W -f nis.ldif.ldapDump
When prompted for a password I am using the password from the old server (Suse) and that
fails, thinking that no password has been setup on the new server I tried an empty
password and that also failed.
Next I tried setting a new password 'ldappasswd Testing123' but that gave a SASL
failure GSSAPI error :( additional info: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more information (Ticket expired)
Am I going down the wrong road or what?
Thanks for any help,KJ
1:35 p.m.
--On Friday, January 29, 2016 8:25 PM +0000 k j <kj37075(a)yahoo.com> wrote:
ldapadd -x -D "cn=administrator,dc=mydomain,dc=com" -W -f
nis.ldif.ldapDump
That is ldapadd, not slapadd.
Since you haven't imported your database yet, I'm going to guess the user
doesn't exist in it yet, thus it can't bind. This is why one would need to
use slapadd with slapd offline instead.
I would note it is highly recommended to avoid the broken RHEL packages of
OpenLDAP. If you require paid support for your LDAP deployment, you likely
want to contact Symas and use their packages. If you are fine without paid
support, you may wish to use the packages provided by the LTB project if
you are not comfortable building OpenLDAP on your own.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
1:13 p.m.
Noted: sorry of intermingling the two commands. It has been a bit frustrating with all of
this.
I tried using ldapadd with just "manager" instead but seems all I get
are ldap_bind: Invalid credentials (49)Tried using no CN at all,
Is there a better guide for migrating ldap to a new server that anyone would recommend?
I've been using the Redhat guide but it obviously is lacking a little bit and their
support is too.
With no CN:
# ldapadd -x -D "dc=mydomain,dc=com" -W -f /tmp/nis.ldif.ldapDumpEnter LDAP
Password:ldap_bind: Invalid credentials (49)
Tried with no password, assuming that none has been correctly set:# ldapadd -x -D
"dc=mydomain,dc=com" -W -f /tmp/nis.ldif.ldapDumpEnter LDAP Password:ldap_bind:
Server is unwilling to perform (53) additional info: unauthenticated bind (DN with
no password) disallowed
Turn of slapd and use slapadd:
# slapadd -l /tmp/nis.ldif.ldapDump56afc9ed The first database does not allow slapadd;
using the first available one (2)56afc9ed bdb_db_open: warning - no DB_CONFIG file found
in directory /var/lib/ldap: (2).Expect poor performance for suffix
"dc=my-domain,dc=com".slapadd: line 1: database #2 (dc=my-domain,dc=com) not
configured to hold "ou=Hosts,dc=company,dc=com"; no database configured for that
naming context_ 0.01% eta none elapsed none spd 2.3
M/sClosing DB...
Surely I am not the first person to try migrating data but searching for good guides on
this has not turned up anything that works.
BTW Quanah, I loved my Zimbra server back in the 3.x days, was wonderful, hated leaving
that behind. Not sure how long you've been with them but kudos for your work with
that.
Thanks again,
Ken
From: Quanah Gibson-Mount <quanah(a)zimbra.com>
To: k j <kj37075(a)yahoo.com>; openldap-technical(a)openldap.org
Sent: Friday, January 29, 2016 3:35 PM
Subject: Re: problem with slapadd in migrating LDAP servers
--On Friday, January 29, 2016 8:25 PM +0000 k j <kj37075(a)yahoo.com> wrote:
ldapadd -x -D "cn=administrator,dc=mydomain,dc=com" -W -f
nis.ldif.ldapDump
That is ldapadd, not slapadd.
Since you haven't imported your database yet, I'm going to guess the user
doesn't exist in it yet, thus it can't bind. This is why one would need to
use slapadd with slapd offline instead.
I would note it is highly recommended to avoid the broken RHEL packages of
OpenLDAP. If you require paid support for your LDAP deployment, you likely
want to contact Symas and use their packages. If you are fine without paid
support, you may wish to use the packages provided by the LTB project if
you are not comfortable building OpenLDAP on your own.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
1:20 p.m.
--On Monday, February 01, 2016 9:13 PM +0000 k j <kj37075(a)yahoo.com> wrote:
# slapadd -l /tmp/nis.ldif.ldapDump
56afc9ed The first database does not allow slapadd; using the first
available one (2)
56afc9ed bdb_db_open: warning - no DB_CONFIG file found in directory
/var/lib/ldap: (2).
Expect poor performance for suffix "dc=my-domain,dc=com".
slapadd: line 1: database #2 (dc=my-domain,dc=com) not configured to hold
"ou=Hosts,dc=company,dc=com"; no database configured for that naming
context
That seems pretty clear. You're trying to import
"ou=hosts,dc=company,dc=com" into a database that's configured to hold data
for "dc=my-domain,dc=com". Clearly those are not even remotely the same.
It also seems like you're purely importing host data, which may be
problematic if this is an empty database.
Your ldapadd is also clearly invalid, because you're trying to do it as
"dc=mydomain,dc=com" where the DB is clearly configured as
"dc=my-domain,dc=com". Again, clearly not the same thing at all.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
A division of Synacor, Inc
2:05 p.m.
Thanks for such a quick response on my last post. The mydomain vs my-domain is just that I
am not using the actual domain for security purposes. I left out the - when typing over
the real name. Just as "SekRit" seen above is not the real password to be
appearing on the internet.
So I could use some guidance an clearing out the DB or setting it up. I have reviewed 10.
Database Creation and Maintenance Tools in the admin24 guide but still seem to be having
trouble.
slapd runnning:# ldapadd -f /root/initializeDB.ldif -x -D
"cn=administrator,dc=my-domain,dc=com" -w SekRitldap_bind: Invalid credentials
(49)
slapd off:
# slapadd -l /root/initializeDB.ldif -F /etc/openldap/slapd.d/cn=configAvailable
database(s) do not allow slapadd
Maybe there is a way to just wipe out any contents and password in the database for a
fresh start?
Thanks again,
Ken
From: Quanah Gibson-Mount <quanah(a)zimbra.com>
To: k j <kj37075(a)yahoo.com>; openldap-technical(a)openldap.org
Sent: Monday, February 1, 2016 3:20 PM
Subject: Re: problem with slapadd in migrating LDAP servers
--On Monday, February 01, 2016 9:13 PM +0000 k j <kj37075(a)yahoo.com> wrote:
# slapadd -l /tmp/nis.ldif.ldapDump
56afc9ed The first database does not allow slapadd; using the first
available one (2)
56afc9ed bdb_db_open: warning - no DB_CONFIG file found in directory
/var/lib/ldap: (2).
Expect poor performance for suffix "dc=my-domain,dc=com".
slapadd: line 1: database #2 (dc=my-domain,dc=com) not configured to hold
"ou=Hosts,dc=company,dc=com"; no database configured for that naming
context
That seems pretty clear. You're trying to import
"ou=hosts,dc=company,dc=com" into a database that's configured to hold data
for "dc=my-domain,dc=com". Clearly those are not even remotely the same.
It also seems like you're purely importing host data, which may be
problematic if this is an empty database.
Your ldapadd is also clearly invalid, because you're trying to do it as
"dc=mydomain,dc=com" where the DB is clearly configured as
"dc=my-domain,dc=com". Again, clearly not the same thing at all.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
A division of Synacor, Inc
11:21 a.m.
--On Monday, February 01, 2016 10:05 PM +0000 k j <kj37075(a)yahoo.com> wrote:
So I could use some guidance an clearing out the DB or setting it
up.
I have reviewed 10. Database Creation and Maintenance Tools in the
admin24 guide but still seem to be having trouble.
slapd runnning:
# ldapadd -f /root/initializeDB.ldif -x -D
# "cn=administrator,dc=my-domain,dc=com" -w SekRit
ldap_bind: Invalid credentials (49)
Then either (a) You're using the wrong password for that DN, OR that DN
doesn't actually exist (either as the rootDN in the configuration files, or
as an entry in the DB).
slapd off:
# slapadd -l /root/initializeDB.ldif -F /etc/openldap/slapd.d/cn=config
Available database(s) do not allow slapadd
You are missing a -b option to say which DB you want slapadd to go against.
Generally, there is way too little information to go on here. Do you have
an existing DB already? I've no idea. Is cn=administrator,... a valid DN?
No idea. etc.
You can use slapcat to /export/ any existing data you have, that could
determine whether or not you have an existing DB. You may also want to
examine your configuration as to rootDN, etc, as well.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
A division of Synacor, Inc
2796
days inactive
2800
days old
openldap-technical@openldap.org
5 comments
2 participants
participants (2)
-
k j -
Quanah Gibson-Mount