Hello,
I'm struggling to setup my Hdb database in OpenLDAP. I'm trying to create the entire directory from ldif files with cn=config.
I have two initialization ldifs. The first one creates all the cn=config stuff, and also creates my Hdb database. The first file is too long to completely list here (I included core, cosine, nis, and inetorgperson schema ldifs.), but I'll put some excerpts here.
dn: cn=config objectClass: olcGlobal cn: config ...
dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema ...
dn: cn={0}core,cn=schema,cn=config objectClass: olcSchemaConfig cn: {0}core ...
(There are lots more for the other included schemas. I also have three custom objectClasses in cn=schema,cn=config, and one custom attributeType there, too.)
The file finishes with the database configurations.
dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend ...
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by * none olcRootDN: cn=config olcRootPW: secret ...
dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcSuffix: dc=appName,dc=app olcDbDirectory: /var/lib/ldap olcRootDN: cn=admin,dc=appName,dc=app olcRootPW: secret olcAccess: to * by * write by * read ...
This file runs successfully with slapadd: sudo -u ldap slapadd -l init.ldif -F /etc/openldap/slapd.d -n0
The second file is very simple and just sets up the root objects in my database.
dn: dc=appName,dc=app objectClass: top objectClass: dcObject objectclass: domain dc: addressbook
dn: dc=directory,dc=appName,dc=app objectClass: top objectClass: domain dc: directory
This also runs successfully with sudo -u ldap slapadd -l init2.ldif -F /etc/openldap/slapd.d -n1
Now if I use slapcat to view the directory, I see those objects: sudo slapcat
523b5022 hdb_monitor_db_open: monitoring disabled; configure monitor database to enable dn: dc=appName,dc=app objectClass: top objectClass: dcObject objectClass: domain dc: addressbook structuralObjectClass: domain entryUUID: 37f1bd06-b5ad-1032-824f-6ffc71c73dcf creatorsName: cn=admin,dc=appName,dc=app createTimestamp: 20130919192708Z entryCSN: 20130919192708.309183Z#000000#000#000000 modifiersName: cn=admin,dc=appName,dc=app modifyTimestamp: 20130919192708Z
dn: dc=directory,dc=appName,dc=app objectClass: top objectClass: domain dc: directory structuralObjectClass: domain entryUUID: 37f4023c-b5ad-1032-8250-6ffc71c73dcf creatorsName: cn=admin,dc=appName,dc=app createTimestamp: 20130919192708Z entryCSN: 20130919192708.324059Z#000000#000#000000 modifiersName: cn=admin,dc=appName,dc=app modifyTimestamp: 20130919192708Z
The problem is that I can't locate these objects using the ldap tools (ldapsearch and python-ldap).
ldapsearch -xb 'dc=addressbook,dc=app' gives result: 34 Invalid DN syntax text: invalid DN
If I don't specify a base DN, then I get 32: No such object: ldapsearch -x '(objectClass=*)' # extended LDIF # # LDAPv3 # base <> (default) with scope subtree # filter: (objectClass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
Does anyone know why I cannot see my objects through the LDAP "interface?" My configuration seems entirely consistent with http://www.openldap.org/doc/admin24/slapdconf2.html.
Thanks, J
--On Thursday, September 19, 2013 2:35 PM -0500 Justin Brown justin.brown@fandingo.org wrote:
The problem is that I can't locate these objects using the ldap tools (ldapsearch and python-ldap).
You are doing anonymous searches. Likely you haven't granted anonymous access to read these entries.
Try ldapsearch -x -b "..." -D "..." -W
with the values that are correct for your installation.
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra Software, LLC -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org