[olug] Debian LDAP rolodap
Eric Penne
epenne at olug.org
Sun Nov 30 00:45:22 UTC 2003
I added:
dn: dc=thepennes, dc=net
objectclass: top
objectclass: organization
dc: thepennes
to the top of my sample.ldif file.
Now I don't get that error I getL:
ldap_bind: Invalid credentials (49)
so now I think it is a password issue. I don't think it has anything to
do with rolodap, yet. I'm still trying to figure out the password issue
but I set the rootdn to be "cn=admin,dc=thepennes,dc=net" and the rootpw
to "testing" but I think I may be missing something somewhere else.
Thanks
Eric
> I tried getting rolodap running on a Debian Sid machine. OpenLdap
> 2.1.23-1 with Rolodap v1.0. I uncompressed the rolodap file into my web
> folder. I modified the slapd.conf file to use dc=thepennes,dc=net . No
> errors on the restart of slapd. I then try to import sample.ldif using:
>
> ldapadd -x -D "cn=admin,dc=thepennes,dc=net" -W -f
> /var/www/rolodap/extras/sample.ldif
>
> It then asks for a password and it spits this out:
>
> adding new entry "dc=thepennes, dc=net"
> ldapadd: update failed: dc=thepennes, dc=net
> ldap_add: Naming violation (64)
> additional info: value of naming attribute 'dc' is not present
> in
> entry
>
> I don't know where to look next.
>
> I'm not sure if it is a password issue with trying to authenticate with
> cn=admin and password "testing" or if something is wrong with my
> sample.ldif file.
>
> I'm not quite sure how the password situation works with LDAP. Right
> now I just want to use cleartext passwords until I make this machine
> live and figure out how it works.
>
>
>
>
>
> I've attached the sample.ldif and the slapd.conf files.
>
>
> sample.ldif
> ****************************************************************** dn:
> dc=thepennes, dc=net
> objectclass: top
> objectclass: organization
> dc: thepennes.net
>
> dn: ou=contacts,dc=thepennes,dc=net
> objectclass: top
> objectclass: organizationalunit
> ou: contact
>
> dn: ou=books,dc=thepennes,dc=net
> objectclass: top
> objectclass: organizationalunit
> ou: books
>
> dn: ou=users,dc=thepennes,dc=net
> objectclass: top
> objectclass: organizationalunit
> ou: users
>
> dn: cn=roloaplastuid,dc=thepennes,dc=net
> objectclass: top
> objectclass: rolodapadmin
> cn: rolodaplastuid
> rolodaplastuid : 0
>
> dn: cn=firmwide,dc=thepennes,dc=net
> objectclass: top
> objectclass: rolodapbook
> cn: firmwide
>
> dn: cn=manager,dc=thepennes,dc=net
> objectclass: top
> objectclass: organizationalrole
> cn: manager
>
> dn: cn=rolodapadmins,dc=thepennes,dc=net
> objectclass: top
> objectclass: groupofnames
> cn: admins
> member: uid=johndoe,ou=users,dc=thepennes,dc=net
>
> dn: cn=rolodapconflict,dc=thepennes,dc=net
> objectclass: top
> objectclass: groupofnames
> cn: rolodap conflict checkers
> member: uid=johndoe,ou=users,dc=thepennes,dc=net
>
> dn: cn=rolodap,dc=thepennes,dc=net
> objectclass: top
> objectclass: organizationalrole
> objectclass: person
> cn: rolodap
> sn: rolodap
> userpassword : secret
>
> dn: uid=epenne,ou=users,dc=thepennes,dc=net
> objectclass : top
> objectclass : person
> objectclass : inetorgperson
> objectclass : rolodapuser
> objectclass : rolodapcontact
> uid : epenne
> userpassword : secret
> cn : Eric Penne
> sn : Penne
> givenname : Eric
> rolodapadmin : yes
> ********************************************************************
>
>
> slapd.conf
> ******************************************************************** #
> This is the main slapd configuration file. See slapd.conf(5) for more #
> info on the configuration options.
>
> #######################################################################
> # Global Directives:
>
> # Features to permit
> #allow bind_v2
>
> # Schema and objectClass definitions
> include /etc/ldap/schema/core.schema
> include /etc/ldap/schema/rolodap.schema
> #include /etc/ldap/schema/cosine.schema
> #include /etc/ldap/schema/nis.schema
> #include /etc/ldap/schema/inetorgperson.schema
>
> # Schema check allows for forcing entries to
> # match schemas for their objectClasses's
> schemacheck on
>
> # Where the pid file is put. The init.d script
> # will not stop the server if you change this.
> pidfile /var/run/slapd/slapd.pid
>
> # List of arguments that were passed to the server
> argsfile /var/run/slapd.args
>
> # Read slapd.conf(5) for possible values
> loglevel 0
>
> # Where the dynamically loaded modules are stored
> modulepath /usr/lib/ldap
> moduleload back_bdb
>
> #######################################################################
> # Specific Backend Directives for bdb:
> # Backend specific directives apply to this backend until another
> # 'backend' directive occurs
> backend bdb
>
> #######################################################################
> # Specific Backend Directives for 'other':
> # Backend specific directives apply to this backend until another
> # 'backend' directive occurs
> #backend <other>
>
> #######################################################################
> # Specific Directives for database #1, of type bdb:
> # Database specific directives apply to this databasse until another #
> 'database' directive occurs
> database bdb
>
> # The base of your directory in database #1
> suffix "dc=thepennes,dc=net"
>
> rootdn "cn=admin,dc=thepennes,dc=net"
> rootpw testing
> # Where the database file are physically stored for database #1
> directory "/var/lib/ldap"
>
> # Indexing options for database #1
> index objectClass,uid, eq
> index cn,mail,surname,givenname eq,subinitial
>
> # Save the time that the entry gets modified, for database #1
> lastmod on
>
> # Where to store the replica logs for database #1
> # replogfile /var/lib/ldap/replog
>
> # The userPassword by default can be changed
> # by the entry owning it if they are authenticated.
> # Others should not be able to see it, except the
> # admin entry below
> # These access lines apply to database #1 only
> access to attribute=userPassword
> by dn="cn=admin,dc=thepennes,dc=net" write
> by anonymous auth
> by self write
> by * none
>
> # Ensure read access to the base for things like
> # supportedSASLMechanisms. Without this you may
> # have problems with SASL not knowing what
> # mechanisms are available and the like.
> # Note that this is covered by the 'access to *'
> # ACL below too but if you change that as people
> # are wont to do you'll still need this if you
> # want SASL (and possible other things) to work
> # happily.
> access to dn.base="" by * read
>
> # The admin dn has full write access, everyone else
> # can read everything.
> access to *
> by dn="cn=admin,dc=thepennes,dc=net" write
> by * read
>
> # For Netscape Roaming support, each user gets a roaming
> # profile for which they have write access to
> #access to dn=".*,ou=Roaming,o=morsnet"
> # by dn="cn=admin,dc=nodomain" write
> # by dnattr=owner write
>
> #######################################################################
> # Specific Directives for database #2, of type 'other' (can be bdb too):
> # Database specific directives apply to this databasse until another #
> 'database' directive occurs
> #database <other>
>
> # The base of your directory for database #2
> #suffix "dc=debian,dc=org"
> ************************************************************************
>
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list