12:10 p.m.
Hi All,
I have install openldap, openldap-servers and openldap-clients and systemctl start
slapd without anyproblem but when try ti do an initial ldapadd I got error. My slapd.conf
and oidbase.ldif as below. Please help and thank you very much
Garry
slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/oidschema/oidbase.schema
include /etc/openldap/oidschema/oidnet.schema
include /etc/openldap/oidschema/oidrdbms.schema
include /etc/openldap/oidschema/alias.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
#default searchbase
defaultsearchbase "dc=cornell,dc=edu"
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=cornell,dc=edu"
rootdn "cn=admin,dc=cornell,dc=edu"
rootpw {SSHA}gZp2hnEA/xq/FfxMgPTjDmSPo78PuZAs
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap/cornell
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
### for root oraclecontext
#
database bdb
suffix ""
rootdn "cn=admin"
rootpw {SSHA}gZp2hnEA/xq/FfxMgPTjDmSPo78PuZAs
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap/rootoraclecontext
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
oidbase.ldif
dn: dc=cornell,dc=edu
objectClass: top
objectClass: dcObject
objectClass: organization
o: cornell.edu
dc: cornell
dn: cn=OracleContext,dc=cornell,dc=edu
objectclass: orclContext
cn: OracleContext
l$ ldapadd -vc -x -D “cn=admin,dc=cornell,dc=edu” -w $passwd -f oidbase.ldif
ldap_initialize( <DEFAULT> )
ldap_bind: Invalid DN syntax (34)
additional info: invalid DN
9:08 a.m.
--On Tuesday, December 04, 2018 8:10 PM +0000 Eggo why <eggo(a)hotmail.com>
wrote:
database bdb
Don't use BDB as your backend.
### for root oraclecontext
OpenLDAP is not Oracle. It probably should not have an oracle context.
oidbase.ldif
dn: dc=cornell,dc=edu
objectClass: top
objectClass: dcObject
objectClass: organization
o: cornell.edu
dc: cornell
dn: cn=OracleContext,dc=cornell,dc=edu
objectclass: orclContext
cn: OracleContext
I can't tell if your LDIF file is badly formatted or the extra spacing here
is an effect of the mailer you are using.
l$ ldapadd -vc -x -D "cn=admin,dc=cornell,dc=edu" -w
$passwd -f
oidbase.ldif
ldap_initialize( <DEFAULT> )
ldap_bind: Invalid DN syntax (34)
additional info: invalid DN
What does the slapd server log show as the received DN?
Additionally, if you're working on converting from OID to OpenLDAP I would
note that Symas has extensive experience in this area.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
10:27 a.m.
On 12/5/18 6:08 PM, Quanah Gibson-Mount wrote:
--On Tuesday, December 04, 2018 8:10 PM +0000 Eggo why
<eggo(a)hotmail.com> wrote:
> ### for root oraclecontext
OpenLDAP is not Oracle. It probably should not have an oracle context.
One can provide a replacement for tnsnames.ora for Oracle SQL clients
via LDAP service. That's probably what the original poster wants to
achieve. No problem to implement such a service based on OpenLDAP
provided you load the right schema.
See also:
https://markjbobak.wordpress.com/2013/10/10/openldap-configuration-for-ne...
Ciao, Michael.
2:27 p.m.
--On Wednesday, December 05, 2018 7:27 PM +0100 Michael Ströder
<michael(a)stroeder.com> wrote:
> OpenLDAP is not Oracle. It probably should not have an oracle
context.
One can provide a replacement for tnsnames.ora for Oracle SQL clients
via LDAP service. That's probably what the original poster wants to
achieve. No problem to implement such a service based on OpenLDAP
provided you load the right schema.
Part of why I put the word "probably". ;) I.e., in case there was something
outside of a direct OID->OpenLDAP migration in play.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
1819
days inactive
1820
days old
openldap-technical@openldap.org
3 comments
3 participants
participants (3)
-
Eggo why -
Michael Ströder -
Quanah Gibson-Mount