Hi,
I have ldap server started up in freebsd. I tried to test it with Apache Directory Studio. When I open a New Connection in the Studio, it asks for User name. I entered "root" as user name, then go for the connection...
However I got following error message in ldap log file:
Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 ACCEPT from IP=192.168.1.100:57297 (IP=192.168.1.20:389) Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 do_bind: invalid dn (root) Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 RESULT tag=97 err=34 text=invalid DN Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 closed (connection lost)
What value of DN I should enter in the ldap browser (Apache Directory Studio) in order to connect to the ldap server?
I have ldap listening to the following ports: hometest:openldap # netstat -an | egrep '389|636' tcp4 0 0 192.168.1.20.636 *.* LISTEN tcp4 0 0 192.168.1.20.389 *.* LISTEN
Your help is much appreciated
Thanks Sam
Sam,
You need to specify a DN (that has at least read access).
It could be a DN within the scope of the server, or root/manager/etc DN's specified in your slapd.conf (which would give you write access).
For example, use the rootdn entry from your slapd.conf: rootdn "cn=root,dc=example,dc=net"
Remember: You /may/ have several accounts with the same name in your LDAP tree - so you need to specify /exactly/ which one.
For example, in our implementation, we have subtrees used for authentication for specific systems - and there are CN's that are the same between them and the 'default' user branches. If someone who should have rights to one of the subtrees wants to connect, then can - but they have to specify a DN they know the creds to, and the Base DN they want to use as a Base: DN: cn=DevMgr,dc=dev,dc=subtree,dc=example,dc=net Base DN: dc=dev,dc=subtree,dc=example,dc=net
That DN is granted full rights to the tree based at 'Base DN'.
It might seem annoying, but 'root' doesn't mean anything specific. Use the full DN.
- chris
-----Original Message----- From: openldap-technical-bounces+chris.jacobs=apollogrp.edu@OpenLDAP.org [mailto:openldap-technical-bounces+chris.jacobs=apollogrp.edu@OpenLDAP.org] On Behalf Of sam Sent: Monday, June 21, 2010 6:42 AM To: openldap-technical@openldap.org Subject: What DN (user name) I should use for connecting to ldap server?
Hi,
I have ldap server started up in freebsd. I tried to test it with Apache Directory Studio. When I open a New Connection in the Studio, it asks for User name. I entered "root" as user name, then go for the connection...
However I got following error message in ldap log file:
Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 ACCEPT from IP=192.168.1.100:57297 (IP=192.168.1.20:389) Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 do_bind: invalid dn (root) Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 RESULT tag=97 err=34 text=invalid DN Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 closed (connection lost)
What value of DN I should enter in the ldap browser (Apache Directory Studio) in order to connect to the ldap server?
I have ldap listening to the following ports: hometest:openldap # netstat -an | egrep '389|636' tcp4 0 0 192.168.1.20.636 *.* LISTEN tcp4 0 0 192.168.1.20.389 *.* LISTEN
Your help is much appreciated
Thanks Sam
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Chris Jacobs wrote:
Sam,
You need to specify a DN (that has at least read access).
It could be a DN within the scope of the server, or root/manager/etc DN's specified in your slapd.conf (which would give you write access).
For example, use the rootdn entry from your slapd.conf: rootdn "cn=root,dc=example,dc=net"
Remember: You /may/ have several accounts with the same name in your LDAP tree - so you need to specify /exactly/ which one.
For example, in our implementation, we have subtrees used for authentication for specific systems - and there are CN's that are the same between them and the 'default' user branches. If someone who should have rights to one of the subtrees wants to connect, then can - but they have to specify a DN they know the creds to, and the Base DN they want to use as a Base: DN: cn=DevMgr,dc=dev,dc=subtree,dc=example,dc=net Base DN: dc=dev,dc=subtree,dc=example,dc=net
That DN is granted full rights to the tree based at 'Base DN'.
It might seem annoying, but 'root' doesn't mean anything specific. Use the full DN.
- chris
-----Original Message----- From: openldap-technical-bounces+chris.jacobs=apollogrp.edu@OpenLDAP.org [mailto:openldap-technical-bounces+chris.jacobs=apollogrp.edu@OpenLDAP.org] On Behalf Of sam Sent: Monday, June 21, 2010 6:42 AM To: openldap-technical@openldap.org Subject: What DN (user name) I should use for connecting to ldap server?
Hi,
I have ldap server started up in freebsd. I tried to test it with Apache Directory Studio. When I open a New Connection in the Studio, it asks for User name. I entered "root" as user name, then go for the connection...
However I got following error message in ldap log file:
Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 ACCEPT from IP=192.168.1.100:57297 (IP=192.168.1.20:389) Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 do_bind: invalid dn (root) Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 RESULT tag=97 err=34 text=invalid DN Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 closed (connection lost)
What value of DN I should enter in the ldap browser (Apache Directory Studio) in order to connect to the ldap server?
I have ldap listening to the following ports: hometest:openldap # netstat -an | egrep '389|636' tcp4 0 0 192.168.1.20.636 *.* LISTEN tcp4 0 0 192.168.1.20.389 *.* LISTEN
Your help is much appreciated
Thanks Sam
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
that works, I use cn=Manager,dc=ip6,dc=com,dc=au as defined in my slapd.conf.
thanks for everyone's great help.
Sam.
Hi, that depends on your slapd.conf
Usually it its "cn=root,dc=example,dc=com", but it could be completely different in your case. admin, root, administrator or whatever you have chosen to be the master in your slapd.conf/slap.d
Check your config and build your path backwards. :)
Bye.
On Mon, Jun 21, 2010 at 15:42, sam sam@ip6.com.au wrote:
Hi,
I have ldap server started up in freebsd. I tried to test it with Apache Directory Studio. When I open a New Connection in the Studio, it asks for User name. I entered "root" as user name, then go for the connection...
However I got following error message in ldap log file:
Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 ACCEPT from IP= 192.168.1.100:57297 (IP=192.168.1.20:389) Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 do_bind: invalid dn (root) Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 RESULT tag=97 err=34 text=invalid DN Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 closed (connection lost)
What value of DN I should enter in the ldap browser (Apache Directory Studio) in order to connect to the ldap server?
I have ldap listening to the following ports: hometest:openldap # netstat -an | egrep '389|636' tcp4 0 0 192.168.1.20.636 *.* LISTEN tcp4 0 0 192.168.1.20.389 *.* LISTEN
Your help is much appreciated
Thanks Sam
On 21 juin 10, at 15:42, sam wrote:
Hi,
I have ldap server started up in freebsd. I tried to test it with Apache Directory Studio. When I open a New Connection in the Studio, it asks for User name. I entered "root" as user name, then go for the connection...
However I got following error message in ldap log file:
Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 ACCEPT from IP=192.168.1.100:57297 (IP=192.168.1.20:389) Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 do_bind: invalid dn (root) Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 RESULT tag=97 err=34 text=invalid DN Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 closed (connection lost)
What value of DN I should enter in the ldap browser (Apache Directory Studio) in order to connect to the ldap server?
Use the rootdn of your slapd.conf (cn=Manager,dc=ip6,dc=com,dc=au). Again, you won't go very far if you don't read a bit of documentation.
Thierry
--On Monday, June 21, 2010 11:42 PM +1000 sam sam@ip6.com.au wrote:
Hi,
I have ldap server started up in freebsd. I tried to test it with Apache Directory Studio. When I open a New Connection in the Studio, it asks for User name. I entered "root" as user name, then go for the connection...
However I got following error message in ldap log file:
Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 ACCEPT from IP=192.168.1.100:57297 (IP=192.168.1.20:389) Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 do_bind: invalid dn (root)
"root" is not a valid dn. You should use a dn as you have configured in your configuration file/db, or as you have created in your database. Such as:
cn=config uid=joe,dc=whatever,dc=com
etc.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
On 06/21/10 15:42, sam wrote:
Hi,
I have ldap server started up in freebsd. I tried to test it with Apache Directory Studio. When I open a New Connection in the Studio, it asks for User name. I entered "root" as user name, then go for the connection...
However I got following error message in ldap log file:
Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 ACCEPT from IP=192.168.1.100:57297 (IP=192.168.1.20:389) Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 do_bind: invalid dn (root) Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 RESULT tag=97 err=34 text=invalid DN Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 closed (connection lost)
What value of DN I should enter in the ldap browser (Apache Directory Studio) in order to connect to the ldap server?
I have ldap listening to the following ports: hometest:openldap # netstat -an | egrep '389|636' tcp4 0 0 192.168.1.20.636 *.* LISTEN tcp4 0 0 192.168.1.20.389 *.* LISTEN
Your help is much appreciated
Thanks Sam
cn=Manager,dc=mydomain,dc=tld
replace values according to your slapd.conf
Regards, Zdenek
openldap-technical@openldap.org