| View previous topic :: View next topic |
| Author |
Message |
warrens
Apprentice
Joined: 04 Jan 2005
Posts: 239
Location: Don't Tread On Me!
|
 Posted: Sat Nov 26, 2005 12:50 pm Post subject: Problems with OpenLDAP (SOLVED) |
 |
|
I am trying to load the ldif that I created with migrationtools into OpenLDAP, however when I try to add /tmp/base.ldif I get the following error:
| Code: | ldapadd -D "cn=Manager,dc=home,dc=local" -W -f /tmp/base.ldif
Enter LDAP Password:
adding new entry "dc=home,dc=local"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #1 invalid per syntax
|
My slapd.conf:
| Code: | # See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# Include the needed data schemes
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
# Use md5 to hash the passwords
password-hash {md5}
# Define SSL and TLS properties (optional)
TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
TLSCACertificateFile /etc/ssl/ldap.pem
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
# modulepath /usr/lib/openldap/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database ldbm
suffix "dc=home,dc=local"
rootdn "cn=Manager,dc=home,dc=local"
rootpw {MD5}TOP SECRET -- EYES ONLY
directory /var/lib/openldap-ldbm
index objectClass eq
|
and my ldap.conf:
| Code: | #
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=home, dc=local
URI ldaps://backup-server.home.local:636
TLS_REQCERT never
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never |
I am new to using openLDAP so I do not know what the problem may be. Thanks in advance for any help that is provided.
_________________
The BIGGER the GOVERNMENT, the smaller the citizen.
DON'T TREAD ON ME!!!
My Bias #1
The best government is the government that governs least.
Last edited by warrens on Sat Nov 26, 2005 3:31 pm; edited 1 time in total |
|
| Back to top |
|
 |
dambacher
Apprentice
Joined: 11 Feb 2003
Posts: 290
Location: Germany
|
| Posted: Sat Nov 26, 2005 1:11 pm Post subject: |
|
|
This is a syntax error in ylur base.ldif
please post your base.ldif, too.
but Remember to XXX out the password stuff
bye
ulf |
|
| Back to top |
|
|
warrens
Apprentice
Joined: 04 Jan 2005
Posts: 239
Location: Don't Tread On Me!
|
| Posted: Sat Nov 26, 2005 1:51 pm Post subject: |
|
|
Here is my base.ldif file generated by migrationtools:
[/code]
| Code: | dn: dc=home,dc=local
dc: home
objectClass: top
objectClass: domain
dn: ou=Hosts,dc=home,dc=local
ou: Hosts
objectClass: top
objectClass: organizationalUnit
dn: ou=Rpc,dc=home,dc=local
ou: Rpc
objectClass: top
objectClass: organizationalUnit
dn: ou=Services,dc=home,dc=local
ou: Services
objectClass: top
objectClass: organizationalUnit
dn: nisMapName=netgroup.byuser,dc=home,dc=local
nismapname: netgroup.byuser
objectClass: top
objectClass: nisMap
dn: ou=Mounts,dc=home,dc=local
ou: Mounts
objectClass: top
objectClass: organizationalUnit
dn: ou=Networks,dc=home,dc=local
ou: Networks
objectClass: top
objectClass: organizationalUnit
dn: ou=People,dc=home,dc=local
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=home,dc=local
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou=Netgroup,dc=home,dc=local
ou: Netgroup
objectClass: top
objectClass: organizationalUnit
dn: ou=Protocols,dc=home,dc=local
ou: Protocols
objectClass: top
objectClass: organizationalUnit
dn: ou=Aliases,dc=home,dc=local
ou: Aliases
objectClass: top
objectClass: organizationalUnit
dn: nisMapName=netgroup.byhost,dc=home,dc=local
nismapname: netgroup.byhost
objectClass: top
objectClass: nisMap |
_________________
The BIGGER the GOVERNMENT, the smaller the citizen.
DON'T TREAD ON ME!!!
My Bias #1
The best government is the government that governs least. |
|
| Back to top |
|
|
dambacher
Apprentice
Joined: 11 Feb 2003
Posts: 290
Location: Germany
|
| Posted: Sat Nov 26, 2005 2:15 pm Post subject: |
|
|
your base.ldif is correct, but openldap does not know the correct syntax. I had similar problems with my samba/pam/ldap setup
In my setup I had to add the following lines to slab.conf for it to work properly:
| Code: |
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/samba.schema
|
Hope this helps:
Ulf |
|
| Back to top |
|
|
warrens
Apprentice
Joined: 04 Jan 2005
Posts: 239
Location: Don't Tread On Me!
|
| Posted: Sat Nov 26, 2005 3:34 pm Post subject: |
|
|
Thanks, fixed it!! Now to figure out how to make Samba use OpenLDAP, more reading to do 
_________________
The BIGGER the GOVERNMENT, the smaller the citizen.
DON'T TREAD ON ME!!!
My Bias #1
The best government is the government that governs least. |
|
| Back to top |
|
|
dambacher
Apprentice
Joined: 11 Feb 2003
Posts: 290
Location: Germany
|
| Posted: Sat Nov 26, 2005 5:31 pm Post subject: |
|
|
My working samba config file includes this:
| Code: |
# LDAP configuration
ldap admin dn = cn=Manager,dc=xxxxxx,dc=de
ldap suffix = dc=xxxxxx,dc=de
ldap ssl = start tls
passdb backend = ldapsam:ldap://xxxxxxxxx.xx.xxxxxx.de
ldap delete dn = no
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Computers
#ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap passwd sync = yes
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
