OpenLDAP version: 2.4.23-7.2 Samba Version: 2:3.5.6 Operating System Debian 6.0 "Squeeze"
Hello everybody.
I'm trying to install a Samba + LDAP PDC but when I try to create the database with smbldap-populate I get this error:
--------------------------------------------------------------------------------
Populating LDAP directory for domain empresa (S-1-5-21-802753395-3202467916-1484007712) (using builtin directory structure)
entry dc=empresa,dc=com already exist. entry ou=Users,dc=empresa,dc=com already exist. entry ou=Groups,dc=empresa,dc=com already exist. entry ou=Computers,dc=empresa,dc=com already exist. entry ou=Idmap,dc=empresa,dc=com already exist. adding new entry: uid=root,ou=Users,dc=empresa,dc=com failed to add entry: objectClass: value #4 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 58. adding new entry: uid=nobody,ou=Users,dc=empresa,dc=com failed to add entry: objectClass: value #4 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 89. adding new entry: cn=Domain Admins,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 101. adding new entry: cn=Domain Users,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 112. adding new entry: cn=Domain Guests,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 123. adding new entry: cn=Domain Computers,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 134. adding new entry: cn=Administrators,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 179. adding new entry: cn=Account Operators,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 201. adding new entry: cn=Print Operators,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 212. adding new entry: cn=Backup Operators,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 223. adding new entry: cn=Replicators,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 234. adding new entry: sambaDomainName=empresa,dc=empresa,dc=com failed to add entry: invalid DN at /usr/sbin/smbldap-populate line 498, <GEN1> line 242.
Please provide a password for the domain root: /usr/sbin/smbldap-passwd: user root doesn't exist
---------------------------------------------------------------------------------- In the log file I get this other error: ----------------------------------------------------------------------------------
slapd[1369]: conn=1005 op=28 do_search: invalid dn: "sambaDomainName=empresa,dc=empresa,dc=com"
slapd[1369]: conn=1005 op=29 do_add: invalid dn (sambaDomainName=empresa,dc=empresa,dc=com)
---------------------------------------------------------------------------------- I included in slapd.conf the samba.schema. Any ideas? I've been looking for any solution for 4 days and nobody seems to know anything. Thanks in advance for the responses.
On Monday, 2 January 2012 12:23:57 Adrián Arévalo Tirado wrote:
OpenLDAP version: 2.4.23-7.2 Samba Version: 2:3.5.6 Operating System Debian 6.0 "Squeeze"
Hello everybody.
I'm trying to install a Samba + LDAP PDC but when I try to create the database with smbldap-populate I get this error:
Populating LDAP directory for domain empresa (S-1-5-21-802753395-3202467916-1484007712) (using builtin directory structure)
entry dc=empresa,dc=com already exist. entry ou=Users,dc=empresa,dc=com already exist. entry ou=Groups,dc=empresa,dc=com already exist. entry ou=Computers,dc=empresa,dc=com already exist. entry ou=Idmap,dc=empresa,dc=com already exist. adding new entry: uid=root,ou=Users,dc=empresa,dc=com failed to add entry: objectClass: value #4 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 58.
Around line 199 of my version of smbldap-populate (which may be different), I have stuff like this:
$entries.="\ndn: uid=$adminName,$config{usersdn} cn: $adminName sn: $adminName objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount objectClass: shadowAccount
[...]
Value 4 would be: objectClass: sambaSAMAccount
adding new entry: cn=Domain Admins,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 101.
And at line 287 I have:
dn: cn=Domain Admins,$config{groupsdn} objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins
Value 2 would be: objectClass: sambaGroupMapping
So, this really looks like a very basic error, either in whatever documentation you are following, or your following of it. You cannot store Samba users in LDAP without having loaded the samba schema.
Please provide a password for the domain root: /usr/sbin/smbldap-passwd: user root doesn't exist
------- In the log file I get this other error:
slapd[1369]: conn=1005 op=28 do_search: invalid dn: "sambaDomainName=empresa,dc=empresa,dc=com"
slapd[1369]: conn=1005 op=29 do_add: invalid dn (sambaDomainName=empresa,dc=empresa,dc=com)
This is a better hint ...
------- I included in slapd.conf the samba.schema.
Does your system use slapd.conf for configuration, or the back-config / cn=config / /etc/ldap/slapd.d method?
Because, your LDAP server definitely doesn't have the schema definitions it should have. You could of course verify that yourself by searching under cn=Subschema ...
Any ideas? I've been looking for any solution for 4 days and nobody seems to know anything.
Well, it shouldn't have been too difficult to: 1)Find what data it is trying to add 2)Checking that you have the relevant schema to support the use of the attributes, and objectclass values, that are failing.
Regards, Buchan
First of all. Thanks for the response.
I'm totally new to LDAP (so, excuse me if I ask for nonsenses) and, to be honest, I don't know which method uses my distro (Debian 6) for configuration. On every documentation I see, they use /etc/slapd/slapd.conf, but in my case that file doesn't exist.
Therefore, I'm using /usr/share/slapd/slapd.conf (The only slapd.conf I find).
However, this is the /etc/ldap structure, so, it might be /etc/ldap/slapd.d method:
├── ldap.conf ├── sasl2 ├── schema │ ├── collective.schema │ ├── corba.schema │ ├── core.ldif │ ├── core.schema │ ├── cosine.ldif │ ├── cosine.schema │ ├── duaconf.schema │ ├── dyngroup.schema │ ├── inetorgperson.ldif │ ├── inetorgperson.schema │ ├── java.schema │ ├── misc.schema │ ├── nis.ldif │ ├── nis.schema │ ├── openldap.ldif │ ├── openldap.schema │ ├── pmi.schema │ ├── ppolicy.schema │ └── README └── slapd.d ├── cn=config │ ├── cn=module{0}.ldif │ ├── cn=schema │ │ ├── cn={0}core.ldif │ │ ├── cn={1}cosine.ldif │ │ ├── cn={2}nis.ldif │ │ └── cn={3}inetorgperson.ldif │ ├── cn=schema.ldif │ ├── olcBackend={0}hdb.ldif │ ├── olcDatabase={0}config.ldif │ ├── olcDatabase={-1}frontend.ldif │ └── olcDatabase={1}hdb.ldif └── cn=config.ldif
2012/1/3, Buchan Milne bgmilne@staff.telkomsa.net:
On Monday, 2 January 2012 12:23:57 Adrián Arévalo Tirado wrote:
OpenLDAP version: 2.4.23-7.2 Samba Version: 2:3.5.6 Operating System Debian 6.0 "Squeeze"
Hello everybody.
I'm trying to install a Samba + LDAP PDC but when I try to create the database with smbldap-populate I get this error:
Populating LDAP directory for domain empresa (S-1-5-21-802753395-3202467916-1484007712) (using builtin directory structure)
entry dc=empresa,dc=com already exist. entry ou=Users,dc=empresa,dc=com already exist. entry ou=Groups,dc=empresa,dc=com already exist. entry ou=Computers,dc=empresa,dc=com already exist. entry ou=Idmap,dc=empresa,dc=com already exist. adding new entry: uid=root,ou=Users,dc=empresa,dc=com failed to add entry: objectClass: value #4 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 58.
Around line 199 of my version of smbldap-populate (which may be different), I have stuff like this:
$entries.="\ndn: uid=$adminName,$config{usersdn} cn: $adminName sn: $adminName objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount objectClass: shadowAccount
[...]
Value 4 would be: objectClass: sambaSAMAccount
adding new entry: cn=Domain Admins,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, <GEN1> line 101.
And at line 287 I have:
dn: cn=Domain Admins,$config{groupsdn} objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins
Value 2 would be: objectClass: sambaGroupMapping
So, this really looks like a very basic error, either in whatever documentation you are following, or your following of it. You cannot store Samba users in LDAP without having loaded the samba schema.
Please provide a password for the domain root: /usr/sbin/smbldap-passwd: user root doesn't exist
------- In the log file I get this other error:
slapd[1369]: conn=1005 op=28 do_search: invalid dn: "sambaDomainName=empresa,dc=empresa,dc=com"
slapd[1369]: conn=1005 op=29 do_add: invalid dn (sambaDomainName=empresa,dc=empresa,dc=com)
This is a better hint ...
------- I included in slapd.conf the samba.schema.
Does your system use slapd.conf for configuration, or the back-config / cn=config / /etc/ldap/slapd.d method?
Because, your LDAP server definitely doesn't have the schema definitions it should have. You could of course verify that yourself by searching under cn=Subschema ...
Any ideas? I've been looking for any solution for 4 days and nobody seems to know anything.
Well, it shouldn't have been too difficult to: 1)Find what data it is trying to add 2)Checking that you have the relevant schema to support the use of the attributes, and objectclass values, that are failing.
Regards, Buchan
Il 03/01/2012 19:59, Adrián Arévalo Tirado ha scritto:
First of all. Thanks for the response.
I'm totally new to LDAP (so, excuse me if I ask for nonsenses) and, to be honest, I don't know which method uses my distro (Debian 6) for configuration. On every documentation I see, they use /etc/slapd/slapd.conf, but in my case that file doesn't exist.
Therefore, I'm using /usr/share/slapd/slapd.conf (The only slapd.conf I find).
Recent Debian use the cn=config by default on new installation. You have to add the samba schema (should be inside the samba-doc package), but I don't remember if there is an .ldif version or just the old samba.schema file.
Having a working traditional slapd.conf configuration it's just matter to add an include for the samba.schema file.
Simone
I have "converted" the new configuration into the old one (/etc/slap/slapd.conf). I saw in a forum that it was possible, so I deleted slap.d directory and placed slapd.conf instead.
Anyway, I had to change the example slapd.conf (/usr/share/slapd/slapd.conf) in order to match the old configuration, which took me quite a while. There are lots of "errors" (or warnings maybe), but I can follow the tutorials (the output of my commands is the same as those on the tutorial), so I suppose that everything is OK
At least the LDAP part is well configured, Now I have to move on to the Windows authentication.
2012/1/4 Simone Piccardi piccardi@truelite.it
Il 03/01/2012 19:59, Adrián Arévalo Tirado ha scritto:
First of all. Thanks for the response.
I'm totally new to LDAP (so, excuse me if I ask for nonsenses) and, to be honest, I don't know which method uses my distro (Debian 6) for configuration. On every documentation I see, they use /etc/slapd/slapd.conf, but in my case that file doesn't exist.
Therefore, I'm using /usr/share/slapd/slapd.conf (The only slapd.conf I
find).
Recent Debian use the cn=config by default on new installation. You have to add the samba schema (should be inside the samba-doc package), but I don't remember if there is an .ldif version or just the old samba.schema file.
Having a working traditional slapd.conf configuration it's just matter to add an include for the samba.schema file.
Simone
tis 2012-01-03 klockan 19:59 +0100 skrev Adrián Arévalo Tirado:
First of all. Thanks for the response.
I'm totally new to LDAP (so, excuse me if I ask for nonsenses) and, to be honest, I don't know which method uses my distro (Debian 6) for configuration. On every documentation I see, they use /etc/slapd/slapd.conf, but in my case that file doesn't exist.
Therefore, I'm using /usr/share/slapd/slapd.conf (The only slapd.conf I find).
However, this is the /etc/ldap structure, so, it might be /etc/ldap/slapd.d method:
Current debian (from squeeze and on) uses slapd.conf when bootstraping slapd for the first time (debconf asks you about domain-name and root-passwd when installing slapd.)
Afterwards it is slapd.d/cn=config/ forever.
That little schema_convert.conf is a somewhat specialized version of slapd.conf and only intended for generating .ldif from .schema.
openldap-technical@openldap.org
-
Adrián Arévalo Tirado -
Buchan Milne -
Simone Piccardi -
Stefan Skoglund