Hi everyone,
I am new to OpenLDAP and this list. I joined because I am trying to set up an OpenLDAP server so that Moodle and ELGG can authenticate users from the LDAP server. It is a little more difficult than I thought it would be, and I am running into some frustrating problems that I don't understand. I am hoping someone here might be able to help.
I am using Ubuntu and using the book Mastering OpenLDAP as my guide.
I have the server set up, edited config files and installed phpldapadmin to make things a little easier for me. I added my first entries but do not see them when I do a search, and nothing appears under my base in phpldapadmin (see attached screen shot). I don't get any complaints when I add the entries from my .ldif file, so I just don't understand why they don't seem to end up in my directory.
If I do this command, sudo slapcat -a '(uid=barbara)' , the result is:
dn: ou: Users uid: barbara sn: Jensen cn: Barbara Jensen givenName: Barbara displayName: Barbara Jensen mail: barbara@example.com userPassword:: c2VjcmV0 objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson structuralObjectClass: inetOrgPerson entryUUID: 8565f97e-e25b-102c-828c-238ab0ab2691 creatorsName: cn=Manager,dc=example,dc=com modifiersName: cn=Manager,dc=example,dc=com createTimestamp: 20080709233555Z modifyTimestamp: 20080709233555Z entryCSN: 20080709233555Z#000005#00#000000
So, it seems like there is a user with uid barbara in the directory. But if I try using ldapsearch to find that user, and I use this command,
ldapsearch -x -D 'cn=Manager,dc=example,dc=com' -b 'ou=Users,dc=example,dc=com' -LLL '(userID=barbara)' +
I get this: No such object (32)
Also, it seems like I can't connect to my database unless I do an anonymous bind. When I try typing in a password to login to phpldapadmin it rejects my credentials and the same thing when I try using -w with a password on the command line.
Thanks so much for any and all help in advance!
-Kristen
-- Kristen Walker
Digital Media Resources Developer Instructional Media Services Santa Barbara County Education Office 4400 Cathedral Oaks Road P.O. Box 6307 Santa Barbara, CA 93160-6307 (805)964-4711 ext. 5244/FAX (805)683-3597 kwalker@sbceo.org http://www.sbceoportal.org
Kristen Walker wrote:
If I do this command, sudo slapcat -a '(uid=barbara)' , the result is:
dn:
That's an empty DN - teh DN of the rootDSE. The data you imported/added was likely wrong.
ldapsearch -x -D 'cn=Manager,dc=example,dc=com' -b 'ou=Users,dc=example,dc=com' -LLL '(userID=barbara)' +
I get this: No such object (32)
This means the entry ou=Users,dc=example,dc=com does not exist. Fix your data when loading your directory.
Ciao, Michael.
Hi,
Kristen Walker kwalker@sbceo.org writes:
Hi everyone,
I am new to OpenLDAP and this list. I joined because I am trying to set up an OpenLDAP server so that Moodle and ELGG can authenticate users from the LDAP server. It is a little more difficult than I thought it would be, and I am running into some frustrating problems that I don't understand. I am hoping someone here might be able to help.
I am using Ubuntu and using the book Mastering OpenLDAP as my guide.
I have the server set up, edited config files and installed phpldapadmin to make things a little easier for me. I added my first entries but do not see them when I do a search, and nothing appears under my base in phpldapadmin (see attached screen shot). I don't get any complaints when I add the entries from my .ldif file, so I just don't understand why they don't seem to end up in my directory.
If I do this command, sudo slapcat -a '(uid=barbara)' , the result is:
dn: ou: Users uid: barbara sn: Jensen
[...]
This entry has an empty DN, thus is not stored in the database defined by the suffix parameter in slapd.conf
create propper entries as described in the OpenLDAP docs http://www.openldap.org/doc/admin24/dbtools.html
-Dieter
I am confused about how I have an empty dn. I am including my ldap.conf and slapd.conf as well as the ldif file I imported via the command line.
From what I can see, I have defined a suffix in slapd.conf. I imported
basics.ldif with the command:
Sudo slapadd -v -f /etc/ldap/salpd.conf -l basics.ldif
When I executed the command it seemed to do the import fine.
The other thing I don't understand is what the password is for root DN (cn=Manager,dc=example,dc=com). To me it seems like the password is "secret" but when I type that in it rejects those credentials, so I am very confused as to what I am supposed to type in for a password. The only way I can seem to connect is by leaving the password out and connecting via an anonymous bind.
I apologize if I missing something really obvious, this is all new to me. And I really appreciate the help!
-Kristen
On 7/10/08 11:07 AM, "Dieter Kluenter" dieter@dkluenter.de wrote:
Hi,
Kristen Walker kwalker@sbceo.org writes:
Hi everyone,
I am new to OpenLDAP and this list. I joined because I am trying to set up an OpenLDAP server so that Moodle and ELGG can authenticate users from the LDAP server. It is a little more difficult than I thought it would be, and I am running into some frustrating problems that I don't understand. I am hoping someone here might be able to help.
I am using Ubuntu and using the book Mastering OpenLDAP as my guide.
I have the server set up, edited config files and installed phpldapadmin to make things a little easier for me. I added my first entries but do not see them when I do a search, and nothing appears under my base in phpldapadmin (see attached screen shot). I don't get any complaints when I add the entries from my .ldif file, so I just don't understand why they don't seem to end up in my directory.
If I do this command, sudo slapcat -a '(uid=barbara)' , the result is:
dn: ou: Users uid: barbara sn: Jensen
[...]
This entry has an empty DN, thus is not stored in the database defined by the suffix parameter in slapd.conf
create propper entries as described in the OpenLDAP docs http://www.openldap.org/doc/admin24/dbtools.html
-Dieter
-- Kristen Walker
Digital Media Resources Developer Instructional Media Services Santa Barbara County Education Office 4400 Cathedral Oaks Road P.O. Box 6307 Santa Barbara, CA 93160-6307 (805)964-4711 ext. 5244/FAX (805)683-3597 kwalker@sbceo.org http://www.sbceoportal.org
On Thu, 2008-07-10 at 13:21 -0700, Kristen Walker wrote:
I am confused about how I have an empty dn. I am including my ldap.conf and slapd.conf as well as the ldif file I imported via the command line.
From what I can see, I have defined a suffix in slapd.conf. I imported
basics.ldif with the command:
Sudo slapadd -v -f /etc/ldap/salpd.conf -l basics.ldif
You should first run the slapd and then add the basics.ldif using ldapadd.
When I executed the command it seemed to do the import fine.
The other thing I don't understand is what the password is for root DN (cn=Manager,dc=example,dc=com). To me it seems like the password is "secret" but when I type that in it rejects those credentials, so I am very confused as to what I am supposed to type in for a password. The only way I can seem to connect is by leaving the password out and connecting via an anonymous bind.
The set the password , run the command slappasswd and it would prompt you for a password. It will returned the hashed result which you need to copy to you slapd.conf .
Eg.
$ slappasswd
New password: Re-enter new password: {SSHA}Iq7/biIQnXZI7XVuqI40jlE1RgQUVPLr
The above hashed password is to be now copied to slapd.conf
rootpw {SSHA}Iq7/biIQnXZI7XVuqI40jlE1RgQUVPLr
Then restart the slapd and add the ldif using ldapadd command.
Follow the example in this link :
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centr...
Thanks Sambuddho
I apologize if I missing something really obvious, this is all new to me. And I really appreciate the help!
-Kristen
On 7/10/08 11:07 AM, "Dieter Kluenter" dieter@dkluenter.de wrote:
Hi,
Kristen Walker kwalker@sbceo.org writes:
Hi everyone,
I am new to OpenLDAP and this list. I joined because I am trying to set up an OpenLDAP server so that Moodle and ELGG can authenticate users from the LDAP server. It is a little more difficult than I thought it would be, and I am running into some frustrating problems that I don't understand. I am hoping someone here might be able to help.
I am using Ubuntu and using the book Mastering OpenLDAP as my guide.
I have the server set up, edited config files and installed phpldapadmin to make things a little easier for me. I added my first entries but do not see them when I do a search, and nothing appears under my base in phpldapadmin (see attached screen shot). I don't get any complaints when I add the entries from my .ldif file, so I just don't understand why they don't seem to end up in my directory.
If I do this command, sudo slapcat -a '(uid=barbara)' , the result is:
dn: ou: Users uid: barbara sn: Jensen
[...]
This entry has an empty DN, thus is not stored in the database defined by the suffix parameter in slapd.conf
create propper entries as described in the OpenLDAP docs http://www.openldap.org/doc/admin24/dbtools.html
-Dieter
-- Kristen Walker
Digital Media Resources Developer Instructional Media Services Santa Barbara County Education Office 4400 Cathedral Oaks Road P.O. Box 6307 Santa Barbara, CA 93160-6307 (805)964-4711 ext. 5244/FAX (805)683-3597 kwalker@sbceo.org http://www.sbceoportal.org
Kristen Walker writes:
I am confused about how I have an empty dn. I am including my ldap.conf and slapd.conf as well as the ldif file I imported via the command line.
Maybe you first had a slapd.conf with suffix "", then imported the data, then edited slapd.conf to have the new suffix? Then slapcat will still dump the entire database, but ldapsearch & co can only get at entries whose DNs end with the new suffix.
Hallvard B Furuseth writes:
Kristen Walker writes:
I am confused about how I have an empty dn. I am including my ldap.conf and slapd.conf as well as the ldif file I imported via the command line.
Maybe you first had a slapd.conf with suffix "", then imported the data, then edited slapd.conf to have the new suffix?
Nevermind, that was silly. slapd should not have accepted it anyway. If you had a database with an empty DN, slapd should not have accepted adding such an object anyway. The object with an empty DN is a special object called the root DSE. It describes some aspects of the server.
On Thu, 2008-07-10 at 09:14 -0700, Kristen Walker wrote:
Hi everyone,
I am new to OpenLDAP and this list. I joined because I am trying to set up an OpenLDAP server so that Moodle and ELGG can authenticate users from the LDAP server. It is a little more difficult than I thought it would be, and I am running into some frustrating problems that I don't understand. I am hoping someone here might be able to help.
I am using Ubuntu and using the book Mastering OpenLDAP as my guide.
I have the server set up, edited config files and installed phpldapadmin to make things a little easier for me. I added my first entries but do not see them when I do a search, and nothing appears under my base in phpldapadmin (see attached screen shot). I don't get any complaints when I add the entries from my .ldif file, so I just don't understand why they don't seem to end up in my directory.
If I do this command, sudo slapcat -a '(uid=barbara)' , the result is:
dn: ou: Users uid: barbara sn: Jensen cn: Barbara Jensen givenName: Barbara displayName: Barbara Jensen mail: barbara@example.com userPassword:: c2VjcmV0 objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson structuralObjectClass: inetOrgPerson entryUUID: 8565f97e-e25b-102c-828c-238ab0ab2691 creatorsName: cn=Manager,dc=example,dc=com modifiersName: cn=Manager,dc=example,dc=com createTimestamp: 20080709233555Z modifyTimestamp: 20080709233555Z entryCSN: 20080709233555Z#000005#00#000000
Try to add the ldif into the database from the regular shell command line . Input the root DN (cn=Manager,dc=example,dc=com) password when prompted and check. Also , do you have the correct password (shared secret) in the slapd.conf. IMO you should try to use openLDAP compiled from the source code rather than using the precompiled version distributed through ubuntu repository
Thanks Sambuddho
So, it seems like there is a user with uid barbara in the directory. But if I try using ldapsearch to find that user, and I use this command,
ldapsearch -x -D 'cn=Manager,dc=example,dc=com' -b 'ou=Users,dc=example,dc=com' -LLL '(userID=barbara)' +
I get this: No such object (32)
Also, it seems like I can't connect to my database unless I do an anonymous bind. When I try typing in a password to login to phpldapadmin it rejects my credentials and the same thing when I try using -w with a password on the command line.
Thanks so much for any and all help in advance!
-Kristen
-- Kristen Walker
Digital Media Resources Developer Instructional Media Services Santa Barbara County Education Office 4400 Cathedral Oaks Road P.O. Box 6307 Santa Barbara, CA 93160-6307 (805)964-4711 ext. 5244/FAX (805)683-3597 kwalker@sbceo.org http://www.sbceoportal.org
openldap-technical@openldap.org
-
Dieter Kluenter -
Hallvard B Furuseth -
Kristen Walker -
Michael Ströder -
Sambuddho Chakravarty