Hi I just compiled an openldap server and am working on the server as root to add a test ldif entry.
I used MigrationTools (migration_passwd.pl) to export some users from my /etc/passwd file which created my test.ldif file
Below is an error and below the error is the test.ldif file and slapd.conf that I have been working with.
I receive the following error when I try to use ldapadd
***************my ERROR**************************** root@inside:/# ldapadd -H ldap://127.0.0.1 -x -D "cn=Manager,dc=inside,dc=domain,dc=org" -f /test.ldif -w 'rtpass' adding new entry "uid=fungi,ou=People,dc=inside,dc=domain,dc=org" ldap_add: No such object (32) matched DN: dc=inside,dc=domain,dc=org
***************test.ldif file********************** dn: uid=fungi,ou=People,dc=inside,dc=domain,dc=org uid: fungi cn: Fred Ungi objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {crypt}1234567891012 shadowLastChange: 14897 loginShell: /bin/false uidNumber: 1001 gidNumber: 1002 homeDirectory: /home/fungi gecos: Fred Ungi
******************slapd.conf********************** # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/misc.schema include /usr/local/etc/openldap/schema/nis.schema
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args
# Load dynamic backend modules: # modulepath /usr/local/libexec/openldap # moduleload back_bdb.la # moduleload back_hdb.la # moduleload back_ldap.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=inside,dc=domain,dc=org" rootdn "cn=Manager,dc=inside,dc=domain,dc=org" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}11111111111111111111111111 # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/var/openldap-data # Indices to maintain index objectClass eq
I'm a super newbie, so hopefully it is something I missed while reading the admin documentations
Thank you in advance for any experience you can throw my way :) ~eric
Are objects "ou=People,dc=inside,dc=domain,dc=org" and "dc=inside,dc=domain,dc=org"
already in directory? You've set up database suffix "dc=inside,dc=domain,dc=org",
so parent objects up to suffix object itself (dc=inside), must be present - or included in ldif file before the final object. There's matched DN returned in error message ( object, which message "no such object" reflects ).
Regards, DT
On Tue, 19 Oct 2010, eric wrote:
Hi I just compiled an openldap server and am working on the server as root to add a test ldif entry.
I used MigrationTools (migration_passwd.pl) to export some users from my /etc/passwd file which created my test.ldif file
Below is an error and below the error is the test.ldif file and slapd.conf that I have been working with.
I receive the following error when I try to use ldapadd
***************my ERROR**************************** root@inside:/# ldapadd -H ldap://127.0.0.1 -x -D "cn=Manager,dc=inside,dc=domain,dc=org" -f /test.ldif -w 'rtpass' adding new entry "uid=fungi,ou=People,dc=inside,dc=domain,dc=org" ldap_add: No such object (32) matched DN: dc=inside,dc=domain,dc=org
***************test.ldif file********************** dn: uid=fungi,ou=People,dc=inside,dc=domain,dc=org uid: fungi cn: Fred Ungi objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {crypt}1234567891012 shadowLastChange: 14897 loginShell: /bin/false uidNumber: 1001 gidNumber: 1002 homeDirectory: /home/fungi gecos: Fred Ungi
******************slapd.conf********************** # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/misc.schema include /usr/local/etc/openldap/schema/nis.schema
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args
# Load dynamic backend modules: # modulepath /usr/local/libexec/openldap # moduleload back_bdb.la # moduleload back_hdb.la # moduleload back_ldap.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=inside,dc=domain,dc=org" rootdn "cn=Manager,dc=inside,dc=domain,dc=org" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}11111111111111111111111111 # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/var/openldap-data # Indices to maintain index objectClass eq
I'm a super newbie, so hopefully it is something I missed while reading the admin documentations
Thank you in advance for any experience you can throw my way :) ~eric
On Tue, 19 Oct 2010, eric wrote:
***************my ERROR**************************** root@inside:/# ldapadd -H ldap://127.0.0.1 -x -D "cn=Manager,dc=inside,dc=domain,dc=org" -f /test.ldif -w 'rtpass' adding new entry "uid=fungi,ou=People,dc=inside,dc=domain,dc=org" ldap_add: No such object (32) matched DN: dc=inside,dc=domain,dc=org
Try adding "ou=People,dc=inside,dc=domain,dc=org" prior to adding "uid=fungi,ou=People,dc=inside,dc=domain,dc=org" (i.e. place it prior to that entry in your input LDIF).
On 19 oct. 10, at 16:34, eric wrote:
Hi I just compiled an openldap server and am working on the server as root to add a test ldif entry.
I used MigrationTools (migration_passwd.pl) to export some users from my /etc/passwd file which created my test.ldif file
Below is an error and below the error is the test.ldif file and slapd.conf that I have been working with.
I receive the following error when I try to use ldapadd
***************my ERROR**************************** root@inside:/# ldapadd -H ldap://127.0.0.1 -x -D "cn=Manager,dc=inside,dc=domain,dc=org" -f /test.ldif -w 'rtpass' adding new entry "uid=fungi,ou=People,dc=inside,dc=domain,dc=org" ldap_add: No such object (32) matched DN: dc=inside,dc=domain,dc=org
It seems you don't have the ou=People entry.
***************test.ldif file********************** dn: uid=fungi,ou=People,dc=inside,dc=domain,dc=org uid: fungi cn: Fred Ungi objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {crypt}1234567891012 shadowLastChange: 14897 loginShell: /bin/false uidNumber: 1001 gidNumber: 1002 homeDirectory: /home/fungi gecos: Fred Ungi
Try to ldapadd a file with the following content before : ou=People,dc=inside,dc=domain,dc=org objectClass: organizationalUnit ou: People
Regards, Thierry
Hi all,
I've just configured samba PDC + Ldap . I thouhg i had everything right done , but recently running last test, I've seen when i do :
smbldap-useradd -m testuser1 , I check phpldapadmin to see if user was created , and right, user appear in phpldapadmin , with an uuid=testuser1, but if I check with a shell: getent passwd
I have no results concern with testuser1 , just local users, what could I've been doing wrong.
This is my nsswitch.conf
passwd: compat ldap group: compat ldap shadow: compat ldap
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
netgroup: nis
if you need more information about others files just tell me .
Thanks for all , and excuse me for my english
Regards
Alejandro Gándara
I fixed it, the problem was in the libnss_ldap configuration, I ran to fix it:
dpkg-reconfigure libnss-ldap , and I filled it again. something should be wrong before.
Now Im having another problem, when i try to change permissions from windows , i get this errors from syslog lapd[5168]: <= bdb_equality_candidates: (gidNumber) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSID) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSID) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaGroupType) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSIDList) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSIDList) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSIDList) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSIDList) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaGroupType) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSIDList) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSIDList) not indexed
Regards, i hope someone answer me.
Thanks for all
regards Alejandro Gándara
2010/10/20 Alejandro agandara@optaresolutions.com
Hi all,
I've just configured samba PDC + Ldap . I thouhg i had everything right done , but recently running last test, I've seen when i do :
smbldap-useradd -m testuser1 , I check phpldapadmin to see if user was created , and right, user appear in phpldapadmin , with an uuid=testuser1, but if I check with a shell: getent passwd
I have no results concern with testuser1 , just local users, what could I've been doing wrong.
This is my nsswitch.conf
passwd: compat ldap group: compat ldap shadow: compat ldap
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
netgroup: nis
if you need more information about others files just tell me .
Thanks for all , and excuse me for my english
Regards
Alejandro Gándara
Hello,
if attributes are not indexed, only the performance is decreased, but should not have any other impacts.
You can set an index for your hdb/bdb for the mentioned index. for example, add this to your olcDatabase {1}hdb:
olcDbIndex sambaSID,sambaSiIDlist pres,eq
bye, benjamin.
On Wed, Oct 20, 2010 at 13:59, Alejandro Gandara agandara@optaresolutions.com wrote:
I fixed it, the problem was in the libnss_ldap configuration, I ran to fix it: dpkg-reconfigure libnss-ldap , and I filled it again. something should be wrong before. Now Im having another problem, when i try to change permissions from windows , i get this errors from syslog lapd[5168]: <= bdb_equality_candidates: (gidNumber) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSID) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSID) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaGroupType) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSIDList) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSIDList) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSIDList) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSIDList) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaGroupType) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSIDList) not indexed Oct 20 13:57:10 chacoli slapd[5168]: <= bdb_equality_candidates: (sambaSIDList) not indexed
Regards, i hope someone answer me. Thanks for all regards Alejandro Gándara 2010/10/20 Alejandro agandara@optaresolutions.com
Hi all,
I've just configured samba PDC + Ldap . I thouhg i had everything right done , but recently running last test, I've seen when i do :
smbldap-useradd -m testuser1 , I check phpldapadmin to see if user was created , and right, user appear in phpldapadmin , with an uuid=testuser1, but if I check with a shell: getent passwd
I have no results concern with testuser1 , just local users, what could I've been doing wrong.
This is my nsswitch.conf
passwd: compat ldap group: compat ldap shadow: compat ldap
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
netgroup: nis
if you need more information about others files just tell me .
Thanks for all , and excuse me for my english
Regards
Alejandro Gándara
--
<p style="font-size: xx-small; color: #0078aa; font-family: verdana, geneva;"> <strong style="font-size: x-small;">Nombre Apellidos</strong> | Puesto<br /> T/ + 34 986 410 091 (ext) xxx | M/ +34 xxx xxx xxx<br /> <a style="text-decoration: none; color: #0078aa;" href="http://www.optaresolutions.com" target="_blank"> www.optaresolutions.com<br /> </a> <br /> <a style="text-decoration: none; color: #0078aa;" href="http://optarecoolvendor.com" target="_blank"> <img style="border: 0;" src="http://www.optaresolutions.com/images/stories/optareemailsignature.jpg" alt="Optare Solutions" /> </a> </p>
Alejandro wrote:
Hi all,
I've just configured samba PDC + Ldap . I thouhg i had everything right done , but recently running last test, I've seen when i do :
smbldap-useradd -m testuser1 , I check phpldapadmin to see if user was created , and right, user appear in phpldapadmin , with an uuid=testuser1, but if I check with a shell: getent passwd
I have no results concern with testuser1 , just local users, what could I've been doing wrong.
This is my nsswitch.conf
passwd: compat ldap group: compat ldap shadow: compat ldap
I don't think you need the 'compat' in there. Change 'compat' to 'files'
passwd: files ldap group: files ldap shadow: files ldap
Are you require SSL encryption on your server? If SSL is not setup correctly in /etc/ldap.conf or /etc/openldap/ldap.conf, that can cause problems, too.
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
netgroup: nis
if you need more information about others files just tell me .
Thanks for all , and excuse me for my english
Regards
Alejandro Gándara
Hi,
Thanks for your answer, Mr Prentice , i do not use ssl autentification, anyways i think I fix a little bit the problem , now if I run getent passwd , i got all ldap users, how i fixed it?, well... i reconfigure libnss-ldap, something should be wrong there, but now I have a different problem, maybe you could help me,(i hope so ) , when i try to manage user access to share directory from a windows xp , I cant get the users from the domain ( but i could login in the domain with machines and users but not change their privileges from windows by properties--> security--> add . )
Maybe I need configure some extra packages , or any conflict , Im debugging ldap , but i didn't find out the problem's origin.
Thanks for all,
Regards Alejandro
Prentice Bisbal wrote:
Alejandro wrote:
Hi all,
I've just configured samba PDC + Ldap . I thouhg i had everything right done , but recently running last test, I've seen when i do :
smbldap-useradd -m testuser1 , I check phpldapadmin to see if user was created , and right, user appear in phpldapadmin , with an uuid=testuser1, but if I check with a shell: getent passwd
I have no results concern with testuser1 , just local users, what could I've been doing wrong.
This is my nsswitch.conf
passwd: compat ldap group: compat ldap shadow: compat ldap
I don't think you need the 'compat' in there. Change 'compat' to 'files'
passwd: files ldap group: files ldap shadow: files ldap
Are you require SSL encryption on your server? If SSL is not setup correctly in /etc/ldap.conf or /etc/openldap/ldap.conf, that can cause problems, too.
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
netgroup: nis
if you need more information about others files just tell me .
Thanks for all , and excuse me for my english
Regards
Alejandro Gándara
В Срд, 20/10/2010 в 10:32 +0200, Alejandro пишет:
Hi all,
I've just configured samba PDC + Ldap . I thouhg i had everything right done , but recently running last test, I've seen when i do :
smbldap-useradd -m testuser1 , I check phpldapadmin to see if user was created , and right, user appear in phpldapadmin , with an uuid=testuser1, but if I check with a shell: getent passwd
I have no results concern with testuser1 , just local users, what could I've been doing wrong.
This is my nsswitch.conf
passwd: compat ldap group: compat ldap shadow: compat ldap
Besides that "compat" should be replaced with "files", shadow line should be commented, isn't it?
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
netgroup: nis
if you need more information about others files just tell me .
Thanks for all , and excuse me for my english
Regards
Alejandro Gándara
Hi,
Ok , I have changed that, but it didnt resolv my problem, (Modify access of users in samba share with windows, i mean propertys--->security and add new user or modify rights, in a folder and sub files, i can get users if i do with acl Linux , but i cant modify this with windows).
Maybe I need change something more , but its weird because I have read many How To and I think Ive done everything right.
Thanks for the answer and i hope you can help me with my problem
Regards,
Alejandro
2010/10/20 Покотиленко Костик casper@meteor.dp.ua
В Срд, 20/10/2010 в 10:32 +0200, Alejandro пишет:
Hi all,
I've just configured samba PDC + Ldap . I thouhg i had everything right done , but recently running last test, I've seen when i do :
smbldap-useradd -m testuser1 , I check phpldapadmin to see if user was created , and right, user appear in phpldapadmin , with an uuid=testuser1, but if I check with a shell: getent passwd
I have no results concern with testuser1 , just local users, what could I've been doing wrong.
This is my nsswitch.conf
passwd: compat ldap group: compat ldap shadow: compat ldap
Besides that "compat" should be replaced with "files", shadow line should be commented, isn't it?
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
netgroup: nis
if you need more information about others files just tell me .
Thanks for all , and excuse me for my english
Regards
Alejandro Gándara
-- Покотиленко Костик casper@meteor.dp.ua
openldap-technical@openldap.org
-
Aaron Richton -
Alejandro -
Alejandro Gandara
-
Benjamin Griese -
DT Piotr Wadas -
eric -
Prentice Bisbal -
Thierry Lacoste -
Покотиленко Костик