Hello List,
I am very new to OpenLDAP and I am trying to put a Linux box authenticating trough OpenLDAP instead of using the standard password file.
For this use I followed the tutorial you can find at http://ldots.org/ldap/ but it seems this howto is out of date. The first problem I ran into was when trying to insert a new user in LDIF format, I corrected the first error I got and now this is the file I have
dn: uid=myuser,ou=People,dc=example,dc=com uid: myuser cn: myuser sn: Doe givenname: John objectclass: person objectclass: posixaccount objectclass: account ou: People uidnumber: 10001 gidnumber: 10001 homedirectory=: /home/ldap/john loginshell: /bin/bash
When I try to run ldapadd I get the following error: adding new entry "uid=branc0,ou=People,dc=example,dc=com" ldap_add: Invalid syntax (21) additional info: objectclass: value #1 invalid per syntax
I am not sure what the problem is, although I'm pretty sure it is between the chair and the keyboard. Maybe someone on the list can direct me to a more up-to-date tutorial on setting up authentication with LDAP ?
OpenLDAP version is 2.4.7
I think you need to include the nis.schema in your slapd.conf. Also you might want to try a LDAP browser, as it helps add users and allows you to see what objectclass are available and which attributes are needed.
Vinh
Nuno Manuel Martins nuno.mmartins_externo@sonae.com Sent by: openldap-technical-bounces+vinh.ctr.hoang=faa.gov@OpenLDAP.org 02/01/2008 12:58 PM
To "openldap-technical@openldap.org" openldap-technical@openldap.org cc
Subject LDAP Auth
Hello List,
I am very new to OpenLDAP and I am trying to put a Linux box authenticating trough OpenLDAP instead of using the standard password file.
For this use I followed the tutorial you can find at http://ldots.org/ldap/ but it seems this howto is out of date. The first problem I ran into was when trying to insert a new user in LDIF format, I corrected the first error I got and now this is the file I have
dn: uid=myuser,ou=People,dc=example,dc=com uid: myuser cn: myuser sn: Doe givenname: John objectclass: person objectclass: posixaccount objectclass: account ou: People uidnumber: 10001 gidnumber: 10001 homedirectory=: /home/ldap/john loginshell: /bin/bash
When I try to run ldapadd I get the following error: adding new entry "uid=branc0,ou=People,dc=example,dc=com" ldap_add: Invalid syntax (21) additional info: objectclass: value #1 invalid per syntax
I am not sure what the problem is, although I?m pretty sure it is between the chair and the keyboard. Maybe someone on the list can direct me to a more up-to-date tutorial on setting up authentication with LDAP ?
OpenLDAP version is 2.4.7
Hello everyone again,
I didn't have any help that would lead me to fix this, so I have spent some hours trying to understand things better but still haven't got there.
I changed my ldif.file and now looks like this: dn: uid=myuser,dc=example,dc=com uid: myuser cn: myuser sn: Doe uidnumber: 10001 gidnumber: 10001 homedirectory: /home/ldap/john loginshell: /bin/bash userPassword: password objectclass: person objectclass: posixaccount
I am trying to add this entry with the following command: ldapadd -D "cn=manager,dc=example,dc=com" -W -f /root/tmp/tstuser.ldif
From the client I get the following message:
adding new entry "uid=myuser,dc=example,dc=com" ldap_add: No such object (32)
I have put the slapd in debug mode and I get a lot of messages. In order not to flood the list I will post what I think are the relevant ones. If you need to see the whole messages let me know and I'll use an attachment or something.
ber_scanf fmt (}) ber:
dnPrettyNormal: <uid=myuser,dc=example,dc=com>
=> ldap_bv2dn(uid=myuser,dc=example,dc=com,0) <= ldap_bv2dn(uid=myuser,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=myuser,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=myuser,dc=example,dc=com)=0 <<< dnPrettyNormal: <uid=myuser,dc=example,dc=com>, <uid=myuser,dc=example,dc=com> bdb_dn2entry("uid=myuser,dc=example,dc=com") => bdb_dn2id("dc=example,dc=com") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) bdb_referrals: tag=104 target="uid=myuser,dc=example,dc=com" matched="" ==> bdb_add: uid=myuser,dc=example,dc=com oc_check_required entry (uid=myuser,dc=example,dc=com), objectClass "person" oc_check_required entry (uid=myuser,dc=example,dc=com), objectClass "posixAccount" oc_check_allowed type "uid" oc_check_allowed type "cn" oc_check_allowed type "sn" oc_check_allowed type "uidNumber" oc_check_allowed type "gidNumber" oc_check_allowed type "homeDirectory" oc_check_allowed type "loginShell" oc_check_allowed type "userPassword" oc_check_allowed type "objectClass" oc_check_allowed type "structuralObjectClass" bdb_dn2entry("uid=myuser,dc=example,dc=com") => bdb_dn2id("dc=example,dc=com") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) bdb_add: parent does not exist send_ldap_result: conn=15 op=3 p=3 send_ldap_result: err=10 matched="" text="" send_ldap_response: msgid=4 tag=105 err=32
I googled around for that DB_NOTFOUND problem and all I got were some ideas about permissions, but I'm starting OpenLDAP as root so I don't think that is it. Maybe something I skipped on installation of OpenLDAP? Is there any step needed to initialize the DB?
This is my slapd.conf:
include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema
pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args
database bdb suffix "dc=example,dc=com" rootdn "cn=manager,dc=example,dc=com" rootpw [something]
directory /usr/local/var/openldap-data index objectClass eq
If anyone can help, it would be really appreciated.
Thank you, Nuno
________________________________
Hello List,
I am very new to OpenLDAP and I am trying to put a Linux box authenticating trough OpenLDAP instead of using the standard password file.
For this use I followed the tutorial you can find at http://ldots.org/ldap/ but it seems this howto is out of date. The first problem I ran into was when trying to insert a new user in LDIF format, I corrected the first error I got and now this is the file I have
dn: uid=myuser,ou=People,dc=example,dc=com uid: myuser cn: myuser sn: Doe givenname: John objectclass: person objectclass: posixaccount objectclass: account ou: People uidnumber: 10001 gidnumber: 10001 homedirectory=: /home/ldap/john loginshell: /bin/bash
When I try to run ldapadd I get the following error: adding new entry "uid=branc0,ou=People,dc=example,dc=com" ldap_add: Invalid syntax (21) additional info: objectclass: value #1 invalid per syntax
I am not sure what the problem is, although I'm pretty sure it is between the chair and the keyboard. Maybe someone on the list can direct me to a more up-to-date tutorial on setting up authentication with LDAP ?
OpenLDAP version is 2.4.7
Nuno Manuel Martins wrote:
I changed my ldif.file and now looks like this:
dn: uid=myuser,dc=example,dc=com [..] I am trying to add this entry with the following command: /ldapadd -D "cn=manager,dc=example,dc=com" -W -f /root/tmp/tstuser.ldif /
From the client I get the following message:
adding new entry "uid=myuser,dc=example,dc=com"
ldap_add: No such object (32)
http://www.openldap.org/faq/data/cache/157.html
OpenLDAP's FAQ-O-MATIC contains a wealth of good information, e.g. a section about "Common Errors" in which you can find the FAQ article mentioned above:
http://www.openldap.org/faq/data/cache/53.html
Ciao, Michael.
On Thursday 14 February 2008 13:02:12 Nuno Manuel Martins wrote:
Hello everyone again,
I didn't have any help that would lead me to fix this, so I have spent some hours trying to understand things better but still haven't got there.
I changed my ldif.file and now looks like this: dn: uid=myuser,dc=example,dc=com uid: myuser cn: myuser sn: Doe uidnumber: 10001 gidnumber: 10001 homedirectory: /home/ldap/john loginshell: /bin/bash userPassword: password objectclass: person objectclass: posixaccount
I am trying to add this entry with the following command: ldapadd -D "cn=manager,dc=example,dc=com" -W -f /root/tmp/tstuser.ldif
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) bdb_add: parent does not exist
You haven't created dc=example,dc=com.
What documentation are you following ? For example, this is step 10 in the OpenLDAP quick start guide: http://www.openldap.org/doc/admin24/quickstart.html .
I feel silly... using ldapadd with the -x switch seems to work.
Can't believe the time I wasted checking this, seems I was doing the wrong kind of authentication.
From: Nuno Manuel Martins Sent: quinta-feira, 14 de Fevereiro de 2008 11:02 To: openldap-technical@openldap.org Subject: RE: LDAP Auth
Hello everyone again,
I didn't have any help that would lead me to fix this, so I have spent some hours trying to understand things better but still haven't got there.
I changed my ldif.file and now looks like this: dn: uid=myuser,dc=example,dc=com uid: myuser cn: myuser sn: Doe uidnumber: 10001 gidnumber: 10001 homedirectory: /home/ldap/john loginshell: /bin/bash userPassword: password objectclass: person objectclass: posixaccount
I am trying to add this entry with the following command: ldapadd -D "cn=manager,dc=example,dc=com" -W -f /root/tmp/tstuser.ldif
From the client I get the following message:
adding new entry "uid=myuser,dc=example,dc=com" ldap_add: No such object (32)
I have put the slapd in debug mode and I get a lot of messages. In order not to flood the list I will post what I think are the relevant ones. If you need to see the whole messages let me know and I'll use an attachment or something.
ber_scanf fmt (}) ber:
dnPrettyNormal: <uid=myuser,dc=example,dc=com>
=> ldap_bv2dn(uid=myuser,dc=example,dc=com,0) <= ldap_bv2dn(uid=myuser,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=myuser,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=myuser,dc=example,dc=com)=0 <<< dnPrettyNormal: <uid=myuser,dc=example,dc=com>, <uid=myuser,dc=example,dc=com> bdb_dn2entry("uid=myuser,dc=example,dc=com") => bdb_dn2id("dc=example,dc=com") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) bdb_referrals: tag=104 target="uid=myuser,dc=example,dc=com" matched="" ==> bdb_add: uid=myuser,dc=example,dc=com oc_check_required entry (uid=myuser,dc=example,dc=com), objectClass "person" oc_check_required entry (uid=myuser,dc=example,dc=com), objectClass "posixAccount" oc_check_allowed type "uid" oc_check_allowed type "cn" oc_check_allowed type "sn" oc_check_allowed type "uidNumber" oc_check_allowed type "gidNumber" oc_check_allowed type "homeDirectory" oc_check_allowed type "loginShell" oc_check_allowed type "userPassword" oc_check_allowed type "objectClass" oc_check_allowed type "structuralObjectClass" bdb_dn2entry("uid=myuser,dc=example,dc=com") => bdb_dn2id("dc=example,dc=com") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) bdb_add: parent does not exist send_ldap_result: conn=15 op=3 p=3 send_ldap_result: err=10 matched="" text="" send_ldap_response: msgid=4 tag=105 err=32
I googled around for that DB_NOTFOUND problem and all I got were some ideas about permissions, but I'm starting OpenLDAP as root so I don't think that is it. Maybe something I skipped on installation of OpenLDAP? Is there any step needed to initialize the DB?
This is my slapd.conf:
include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema
pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args
database bdb suffix "dc=example,dc=com" rootdn "cn=manager,dc=example,dc=com" rootpw [something]
directory /usr/local/var/openldap-data index objectClass eq
If anyone can help, it would be really appreciated.
Thank you, Nuno
________________________________
Hello List,
I am very new to OpenLDAP and I am trying to put a Linux box authenticating trough OpenLDAP instead of using the standard password file.
For this use I followed the tutorial you can find at http://ldots.org/ldap/ but it seems this howto is out of date. The first problem I ran into was when trying to insert a new user in LDIF format, I corrected the first error I got and now this is the file I have
dn: uid=myuser,ou=People,dc=example,dc=com uid: myuser cn: myuser sn: Doe givenname: John objectclass: person objectclass: posixaccount objectclass: account ou: People uidnumber: 10001 gidnumber: 10001 homedirectory=: /home/ldap/john loginshell: /bin/bash
When I try to run ldapadd I get the following error: adding new entry "uid=branc0,ou=People,dc=example,dc=com" ldap_add: Invalid syntax (21) additional info: objectclass: value #1 invalid per syntax
I am not sure what the problem is, although I'm pretty sure it is between the chair and the keyboard. Maybe someone on the list can direct me to a more up-to-date tutorial on setting up authentication with LDAP ?
OpenLDAP version is 2.4.7
On Thursday 14 February 2008 14:20:18 Nuno Manuel Martins wrote:
Can't believe the time I wasted checking this, seems I was doing the wrong kind of authentication.
If you don't actually read the accurate error messages, you will waste time, and be uncertain about what you are doing wrong.
This list is maybe not the most appropriate list for a user who is learning the very basics of LDAP, openldap-software may be a better list for your questions at this stage.
Regards, Buchan
openldap-technical@openldap.org
-
Buchan Milne -
Michael Ströder -
Nuno Manuel Martins -
Vinh.CTR.Hoang@faa.gov