Re: ldap
Hi all, Thanks for your help, i created another domain and from my slapcat output i get this dn: dc=mycompnay,dc=com objectClass: dcObject objectClass: organization o: mycompany dc: mycompany structuralObjectClass: organization entryUUID: e235aa56-cd4a-102e-9e99- 4f8ab88a5141 creatorsName: cn=root,dc=mycompany,dc=com modifiersName: cn=root,dc=mycompany,dc=com createTimestamp: 20100326174351Z modifyTimestamp: 20100326174351Z entryCSN: 20100326174351Z#00#00# 00 dn: dc=mycompany,dc=local objectClass: dcObject objectClass: organization o: mycompany dc: mycompany structuralObjectClass: organization entryUUID: 4c85f2e4-cf9e-102e-9a60- f35afa4f4768 creatorsName: cn=root,dc=mycompany,dc=local modifiersName: cn=root,dc=mycompany,dc=local createTimestamp: 20100329164559Z modifyTimestamp: 20100329164559Z entryCSN: 20100329164559Z#00#00# 00 i want to delete the first domain entry dc=mycompany,dc=comso i am left with the last one ie dc=mycompany,dc=local Also, i get this error from ldasearch; ldap_bind Can't contact LDAP server, i have gotten a lead on linuxquestions which i will try end of day, but a quick suggestion will be appreciated. I am doing some good reading on openldap so it wont be long until i get openldap right. I am also checking on the forums. This is a small project i am working on, and soon i will be doing ZCS running on CentOS. Thanks in advance. From: Patrick Mburu patrick_li...@yahoo.com To: openldap-technical@openldap.org Sent: Mon, March 29, 2010 12:37:01 PM Subject: ldap Hi all, I have been trying to work with my .ldif file which looks like below but i get an error: All Services are started in this scenario; My ldif file dn: dc=mycompany,dc=COM objectclass: dcObject objectclass: organization o: mycompany dc: mycompany dn: cn=root,dc=mycompany,dc=COM objectclass: organizationalRole cn: root Error = bdb_tool_entry_put: id2entry_add failed: DB_KEYEXIST: Key/data pair already exists (-30996) = bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996) slapadd: could not add entry dn=dc=mycompnaye,dc=com (line=6): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996) What am i not getting right, urgent help needed.
Re: Configuring OpenLDAP on Ubuntu 9.10.Need help!
Thank you Benjamin for your prompt response, I ve gone through this article you suggested too however the problem here is for entering any command like ldapadd it prompts for entering LDAP password but since dpkg-reconfigure slapd has not asked me to configure any password yet I have no clue what to enter. Do you know of a workaround here? may be then I could proceed a little :( Thanks in advance Shamika On Tue, Mar 30, 2010 at 3:06 PM, Benjamin Griese der.dar...@gmail.comwrote: Hi Shamika, as I read on some community pages, since Ubuntu 9.10 the process of the dpkg scripts has been changed to the basics. I don't know why this has been done, but that's a matter of fact. So you have to do some more basic settings on your own via ldif files and ldapadd commands. You may take a look at this guide: https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html That guide is still applicable onto newer versions of ubuntu, it even works on a sles11 host. good look and have fun. benjamin On Tue, Mar 30, 2010 at 11:04, Shamika Joshi shamika.jo...@gmail.comwrote: I have followed following article to install/configure OpenLDAP on Ubuntu Server 9.10 https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html There is no slapd.conf in picture here instead running dpkg-reconfigure slapd should come up with following Wizard (got this after running through numerous articles on this) *Wizard steps:* 1. *omit openldap server configuration? – no* 2. *dns domain name? vm.example.org* 3. *organization name? myCompany* 4. *database backend to use? hdb* 5. *do you want the database to be removed when slapd is purged? yes* 6. *may be the question: move old database? yes* 7. *administrator password? the same one as entered during installation* 8. *confirm password? see last step* 9. *allow LDAPv2 protocol? no* However in my installation wizards asks * Omit OpenLDAP server configuration?No Do you want the database to be removed when slapd is purged? No Allow LDAPv2 protocol? No Creating initial slapd configuration... done. Starting OpenLDAP: slapd. *Has anyone attempted this before? What I'm missing here? Could someone like to pitch in for some help? So when I run ldapsearch -x it gives me following output adm...@x6:/etc/ldap$ ldapsearch -x # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object # numResponses: 1 where is should give the output like # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # vm.example.org dn: dc=vm,dc=example,dc=org objectClass: top objectClass: dcObject objectClass: organization o: myCompany dc: vm # admin, vm.example.org dn: cn=admin,dc=vm,dc=example,dc=org objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 Thanks Shamika -- To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra
Re: Configuring OpenLDAP on Ubuntu 9.10.Need help!
Hi again, try to set a baseDN or if you're searching locally try the expression with an -x when searching your ldaptree, in your case: ldapsearch -x -b dc=example,dc=org or ldapsearch -b dc=example,dc=org but probably you havn't set any users to bind to or acls to restrict access, please read the manpage for binddn and basedn to connect to your server. These are very important basics you should know about. Bye. On Tue, Mar 30, 2010 at 11:56, Shamika Joshi shamika.jo...@gmail.comwrote: Thank you Benjamin for your prompt response, I ve gone through this article you suggested too however the problem here is for entering any command like ldapadd it prompts for entering LDAP password but since dpkg-reconfigure slapd has not asked me to configure any password yet I have no clue what to enter. Do you know of a workaround here? may be then I could proceed a little :( Thanks in advance Shamika On Tue, Mar 30, 2010 at 3:06 PM, Benjamin Griese der.dar...@gmail.comwrote: Hi Shamika, as I read on some community pages, since Ubuntu 9.10 the process of the dpkg scripts has been changed to the basics. I don't know why this has been done, but that's a matter of fact. So you have to do some more basic settings on your own via ldif files and ldapadd commands. You may take a look at this guide: https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html That guide is still applicable onto newer versions of ubuntu, it even works on a sles11 host. good look and have fun. benjamin On Tue, Mar 30, 2010 at 11:04, Shamika Joshi shamika.jo...@gmail.comwrote: I have followed following article to install/configure OpenLDAP on Ubuntu Server 9.10 https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html There is no slapd.conf in picture here instead running dpkg-reconfigure slapd should come up with following Wizard (got this after running through numerous articles on this) *Wizard steps:* 1. *omit openldap server configuration? – no* 2. *dns domain name? vm.example.org* 3. *organization name? myCompany* 4. *database backend to use? hdb* 5. *do you want the database to be removed when slapd is purged? yes* 6. *may be the question: move old database? yes* 7. *administrator password? the same one as entered during installation* 8. *confirm password? see last step* 9. *allow LDAPv2 protocol? no* However in my installation wizards asks * Omit OpenLDAP server configuration?No Do you want the database to be removed when slapd is purged? No Allow LDAPv2 protocol? No Creating initial slapd configuration... done. Starting OpenLDAP: slapd. *Has anyone attempted this before? What I'm missing here? Could someone like to pitch in for some help? So when I run ldapsearch -x it gives me following output adm...@x6:/etc/ldap$ ldapsearch -x # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object # numResponses: 1 where is should give the output like # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # vm.example.org dn: dc=vm,dc=example,dc=org objectClass: top objectClass: dcObject objectClass: organization o: myCompany dc: vm # admin, vm.example.org dn: cn=admin,dc=vm,dc=example,dc=org objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 Thanks Shamika -- To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra -- To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra
Re: Not getting password expiry warnings on login
On Tuesday, 30 March 2010 00:09:42 Chris Jacobs wrote: STRANGE. I'd just decided to 'heck with this' and work out some process that will send emails - removing the 'need' for this feature. So I modified the policy to 184 days (max value for any 6 months), set the password warning to 1 second less than that, and viola! When I login with my test account it now tells me my password will expire in 183 days. Is that the trick? Previously, I'd set my expiration to 60 minutes... ALSO: when I asked my coworker to login to check it out - he wasn't getting the notice. Most likely he had last changed his password before ppolicy was enabled, as such his account's entry probably has not pwdChangedTime, ppolicy can't calculate the password age. Investigating further, I notice that his account was setup a long time ago - and things are done differently now. His account objectclasses: objectClass: account objectClass: posixAccount objectClass: shadowAccount objectClass: top Mine (Test account): objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: top If I attempt to modify his account to remove the objectclass account and add inetOrgPerson, ldap complains: Mar 29 22:51:36 ldapmaster1 slapd[32653]: entry failed schema check: structural object class modification from 'account' to 'inetOrgPerson' not allowed You can't change structuralObjectclass, and account and inetOrgPerson are the structuralObjectclasses in question. If you want to change this (which in itself isn't the cause of your problem), you will have to delete and recreate. Most likely this will fix your problem as you will have a newly modified userPassword attribute (but, any other way of updating userPassword would fix the password expiry problem). At the same time, my LDAP browser (apache DS) also adds organizationalPerson and person objectclasses to his account - which smbldap-useradd (the tool we've historically used to add accounts) hasn't been doing. Irrelevant. If I simply attempt to add just the inetOrgPerson class, and not remove account - slapd complains slightly differently: Mar 29 23:05:22 ldapmaster1 slapd[32653]: entry failed schema check: invalid structural object class chain (account/inetOrgPerson) See above. I suspect, and would love verification/clarification/clue-by-fours: 1) I'm going to need to change how we add users - suggestions for a 'better' CLI method? Not necessarily. 2) I'm probably going to need to scrub these accounts so that they're created correctly - likely through a slapcat - modify output - wipe db (or delete entry) - slapadd (replace slapcat/add with ldapmodify if that's your pref). No, update userPassword. E.g., something which does more or less: ldapsearch ((userPassword=*)(!(pwdChangedTime=*))) userPassword|ldapmodify Am I about on target? - chris PS: I haven't seen /anywhere/ what objectclasses are required for certain 'features' to work correctly - why not? If that's a limitation/requirement you'd expect someone to mention it... Since it isn't, it isn't ... Regards, Buchan
Re: Re-engaging the Samba4 LDAP backend
Andrew Bartlett wrote: I'm trying to pick up the ball again on the OpenLDAP and Fedora DS backends, and hopefully to bring them back up to speed as a working and respectable solution. - A way to invoke slpad -Ttest -fconfig file -Fconfig dir without issuing errors because of the missing databases I already answered this quite a while back. Just add -n 0 to the invocation. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Re: Configuring OpenLDAP on Ubuntu 9.10.Need help!
Starting with Ubuntu Karmic (9.10), the slapd package changed from creating a typical LDAP administrator account (i.e., username and password) to using LDAPI and SASL EXTERNAL which automatically provides LDAP administrator access via the system root account. As root, run your LDAP utilities with -Y external -H ldapi:/// instead of -x, -D, and -W where appropriate. For example, to search your LDAP directory: ldapsearch -Y external -H ldapi:/// -b dc=domain,dc=com I'm not sure why the Ubuntu Server Guide for 9.10 did not get updated to reflect these changes, but if you search the web for ubuntu sasl external you'll get quite a few hits on the issue. You may also want to read these bugs when configuring clients: https://bugs.launchpad.net/bugs/423252 https://bugs.launchpad.net/bugs/427842 Matt On 3/30/10 4:04 AM, Shamika Joshi wrote: I have followed following article to install/configure OpenLDAP on Ubuntu Server 9.10 https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html There is no slapd.conf in picture here instead running dpkg-reconfigure slapd should come up with following Wizard (got this after running through numerous articles on this) *Wizard steps:* 1. *omit openldap server configuration? – no* 2. *dns domain name? vm.example.org http://vm.example.org* 3. *organization name? myCompany* 4. *database backend to use? hdb* 5. *do you want the database to be removed when slapd is purged? yes* 6. *may be the question: move old database? yes* 7. *administrator password? the same one as entered during installation* 8. *confirm password? see last step* 9. *allow LDAPv2 protocol? no* However in my installation wizards asks * Omit OpenLDAP server configuration?No Do you want the database to be removed when slapd is purged? No Allow LDAPv2 protocol? No Creating initial slapd configuration... done. Starting OpenLDAP: slapd. *Has anyone attempted this before? What I'm missing here? Could someone like to pitch in for some help? So when I run ldapsearch -x it gives me following output adm...@x6:/etc/ldap$ ldapsearch -x # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object # numResponses: 1 where is should give the output like # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # #vm.example.org http://vm.example.org dn: dc=vm,dc=example,dc=org objectClass: top objectClass: dcObject objectClass: organization o: myCompany dc: vm # admin,vm.example.org http://vm.example.org dn: cn=admin,dc=vm,dc=example,dc=org objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 Thanks Shamika
Partial replication
Is it possible to replicate, on a slave, two branches of the DIT (only)? I have several instances of LDAP running on servers throughout the world. Connection to some of these from our support location is not dependable. I want to do something similar to this: Main LDAP (here, master): dc=example,dc=com | +--o=support | +--o=location_A | +--o=location_B | +--o=location_C In Location A (remote slave): dc=example,dc=com | +--o=support | +--o=location_A In Location B (remote slave): dc=example,dc=com | +--o=support | +--o=location_B Location A B are two different customers, therefore it would not be prudent to replicate Location B's users in Locations A. But I need the Support group to exist in all locations. Can this be done using syncrepl? Another thought is to have LDAP Masters existing in each location, and somehow replicate the Support branch to each (mirrormode?). Should this be the approach? Thanks, Joe _ Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID27925::T:WLMTAGL:ON:WL:en-US:WM_HMP:032010_1
Re: ldap_ssl_client_init equivalent?
Hi, is there a ldap_ssl_client_init function in the openldap C API? I couldn't find any in the openldap header files. Because there isn't. What is the equivalent of the following ldapsearch query in C using the API, on Linux? ldapsearch -x -H 'ldaps://activedirectory.abc.com/636' -b 'dc=abc,dc=com' -D 'testdn' -W '((objectclass=user)(!(objectclass=computer))(samaccountname=myname))' samaccountname You can find that information in clients/tools/common.c clients/tools/ldapsearch.c p.
RE: Not getting password expiry warnings on login
I haven't had any success adding pwdChangedTime to accounts - and it seems you've assisted others with that issue - with the result being ya can't do that. http://www.openldap.org/lists/openldap-software/200706/msg00298.html So, how do I add pwdChangedTime to accounts? I'm being advised here to do so, but the only success I've had so far is painful: delete the entry, and use slapadd. Thanks, - chris PS: Yes, I've read the man page for ldapmodify - I see mention of some 'general extensions flag - but it doesn't make sense to me. I've also seen mention of a '-k' flag, but it's not an option with the version of ldapsearch compiled with openldap 2.4. -Original Message- From: Buchan Milne [mailto:bgmi...@staff.telkomsa.net] Sent: Tuesday, March 30, 2010 3:57 AM To: openldap-technical@openldap.org Cc: Chris Jacobs Subject: Re: Not getting password expiry warnings on login On Tuesday, 30 March 2010 00:09:42 Chris Jacobs wrote: STRANGE. I'd just decided to 'heck with this' and work out some process that will send emails - removing the 'need' for this feature. So I modified the policy to 184 days (max value for any 6 months), set the password warning to 1 second less than that, and viola! When I login with my test account it now tells me my password will expire in 183 days. Is that the trick? Previously, I'd set my expiration to 60 minutes... ALSO: when I asked my coworker to login to check it out - he wasn't getting the notice. Most likely he had last changed his password before ppolicy was enabled, as such his account's entry probably has not pwdChangedTime, ppolicy can't calculate the password age. Investigating further, I notice that his account was setup a long time ago - and things are done differently now. His account objectclasses: objectClass: account objectClass: posixAccount objectClass: shadowAccount objectClass: top Mine (Test account): objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: top If I attempt to modify his account to remove the objectclass account and add inetOrgPerson, ldap complains: Mar 29 22:51:36 ldapmaster1 slapd[32653]: entry failed schema check: structural object class modification from 'account' to 'inetOrgPerson' not allowed You can't change structuralObjectclass, and account and inetOrgPerson are the structuralObjectclasses in question. If you want to change this (which in itself isn't the cause of your problem), you will have to delete and recreate. Most likely this will fix your problem as you will have a newly modified userPassword attribute (but, any other way of updating userPassword would fix the password expiry problem). At the same time, my LDAP browser (apache DS) also adds organizationalPerson and person objectclasses to his account - which smbldap-useradd (the tool we've historically used to add accounts) hasn't been doing. Irrelevant. If I simply attempt to add just the inetOrgPerson class, and not remove account - slapd complains slightly differently: Mar 29 23:05:22 ldapmaster1 slapd[32653]: entry failed schema check: invalid structural object class chain (account/inetOrgPerson) See above. I suspect, and would love verification/clarification/clue-by-fours: 1) I'm going to need to change how we add users - suggestions for a 'better' CLI method? Not necessarily. 2) I'm probably going to need to scrub these accounts so that they're created correctly - likely through a slapcat - modify output - wipe db (or delete entry) - slapadd (replace slapcat/add with ldapmodify if that's your pref). No, update userPassword. E.g., something which does more or less: ldapsearch ((userPassword=*)(!(pwdChangedTime=*))) userPassword|ldapmodify Am I about on target? - chris PS: I haven't seen /anywhere/ what objectclasses are required for certain 'features' to work correctly - why not? If that's a limitation/requirement you'd expect someone to mention it... Since it isn't, it isn't ... Regards, Buchan This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Re: ldap_ssl_client_init equivalent?
phi...@free.fr wrote: Hi, is there a ldap_ssl_client_init function in the openldap C API? I couldn't find any in the openldap header files. No, nor is one needed. A single ldap_initialize() API does everything needed for all LDAP session types. Requiring a separate API for each connection type would be stupid, and require pointless API revving when new types are added. What is the equivalent of the following ldapsearch query in C using the API, on Linux? If you want to know how ldapsearch does a query in C, just read the ldapsearch source code. ldapsearch -x -H 'ldaps://activedirectory.abc.com/636' -b 'dc=abc,dc=com' -D 'testdn' -W '((objectclass=user)(!(objectclass=computer))(samaccountname=myname))' samaccountname -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Re: Partial replication
On 03/30/10 18:36, Joe Friedeggs wrote: Is it possible to replicate, on a slave, two branches of the DIT (only)? I have several instances of LDAP running on servers throughout the world. Connection to some of these from our support location is not dependable. I want to do something similar to this: Main LDAP (here, master): dc=example,dc=com | +--o=support | +--o=location_A | +--o=location_B | +--o=location_C In Location A (remote slave): dc=example,dc=com | +--o=support | +--o=location_A In Location B (remote slave): dc=example,dc=com | +--o=support | +--o=location_B Location A B are two different customers, therefore it would not be prudent to replicate Location B's users in Locations A. But I need the Support group to exist in all locations. Hello, Can this be done using syncrepl? I believe this could be done via 'searchbase=dc=domain,dc=tld' option. ... Thanks, Joe Regards, Zdenek -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: sty...@turnovfree.net jabber: sty...@jabber.turnovfree.net
RE: Partial replication
On 03/30/10 18:36, Joe Friedeggs wrote: Is it possible to replicate, on a slave, two branches of the DIT (only)? I have several instances of LDAP running on servers throughout the world. Connection to some of these from our support location is not dependable. I want to do something similar to this: Main LDAP (here, master): dc=example,dc=com | +--o=support | +--o=location_A | +--o=location_B | +--o=location_C In Location A (remote slave): dc=example,dc=com | +--o=support | +--o=location_A In Location B (remote slave): dc=example,dc=com | +--o=support | +--o=location_B Location A B are two different customers, therefore it would not be prudent to replicate Location B's users in Locations A. But I need the Support group to exist in all locations. Hello, Can this be done using syncrepl? I believe this could be done via 'searchbase=dc=domain,dc=tld' option. I wish it was that easy. What I need is both o=support,dc=example,dc=com AND o=location_A,dc=example,dc=com replicated in the Location_A database, but I don't want o=location_B,dc=example,dc=com in the database of Location_A I have not found a way to make that work with syncrepl searchbase. Thanks, Joe ... Thanks, Joe Regards, Zdenek _ Hotmail: Trusted email with powerful SPAM protection. http://clk.atdmt.com/GBL/go/210850553/direct/01/
Re: Configuring OpenLDAP on Ubuntu 9.10 [using slapd.conf??]
Thank you guys for your help! I'll try my way through it. One more question here, i have a old working slapd.conf file from a RHEL server, if I want to same slapd.conf file provide its path in /etc/default/slapd as SLAPD_CONF=/etc/ldap/slapd.conf should that work? Or should I need to make more changes? Has anyone done this before? Any articles you may want to suggest I should go through to achieve this? Thanks Shamika On Tue, Mar 30, 2010 at 5:43 PM, Matt Kassawara mkassaw...@gmail.comwrote: Starting with Ubuntu Karmic (9.10), the slapd package changed from creating a typical LDAP administrator account (i.e., username and password) to using LDAPI and SASL EXTERNAL which automatically provides LDAP administrator access via the system root account. As root, run your LDAP utilities with -Y external -H ldapi:/// instead of -x, -D, and -W where appropriate. For example, to search your LDAP directory: ldapsearch -Y external -H ldapi:/// -b dc=domain,dc=com I'm not sure why the Ubuntu Server Guide for 9.10 did not get updated to reflect these changes, but if you search the web for ubuntu sasl external you'll get quite a few hits on the issue. You may also want to read these bugs when configuring clients: https://bugs.launchpad.net/bugs/423252 https://bugs.launchpad.net/bugs/427842 Matt On 3/30/10 4:04 AM, Shamika Joshi wrote: I have followed following article to install/configure OpenLDAP on Ubuntu Server 9.10 https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html There is no slapd.conf in picture here instead running dpkg-reconfigure slapd should come up with following Wizard (got this after running through numerous articles on this) *Wizard steps:* 1. *omit openldap server configuration? – no* 2. *dns domain name? vm.example.org http://vm.example.org* 3. *organization name? myCompany* 4. *database backend to use? hdb* 5. *do you want the database to be removed when slapd is purged? yes* 6. *may be the question: move old database? yes* 7. *administrator password? the same one as entered during installation* 8. *confirm password? see last step* 9. *allow LDAPv2 protocol? no* However in my installation wizards asks * Omit OpenLDAP server configuration?No Do you want the database to be removed when slapd is purged? No Allow LDAPv2 protocol? No Creating initial slapd configuration... done. Starting OpenLDAP: slapd. *Has anyone attempted this before? What I'm missing here? Could someone like to pitch in for some help? So when I run ldapsearch -x it gives me following output adm...@x6:/etc/ldap$ ldapsearch -x # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object # numResponses: 1 where is should give the output like # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # #vm.example.org http://vm.example.org dn: dc=vm,dc=example,dc=org objectClass: top objectClass: dcObject objectClass: organization o: myCompany dc: vm # admin,vm.example.org http://vm.example.org dn: cn=admin,dc=vm,dc=example,dc=org objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 Thanks Shamika