2 dec 2010 kl. 00.36 skrev Keith: > I am trying to setup LDAPD but keep running into 'Base DN' issues. My coluege managed to get OpenLDAP working on a linux server but as LDAPD is now available for OBSD I am keen to switch to ldap servers before we start to populate our directory. I've managed to get the ldap web gui phpldapadmin to talk to LDAPD but after logging in we get the following. > > ? dn=example, dn=com
Have you defined a 'dn' attribute in the schema? Otherwise this is a weird DN. Although ldapd might not currently check for valid attribute types allowed in a RDN, you should stick to defined attributes with an EQUALITY matching rule. > This base entry does not exist. Create it ? < the 'create it' link is a javascript link that doesn't do anything! I don't know about phpldapadmin, but ldapd won't let you create base DNs over LDAP. You create base DNs in the ldapd.conf file, where they're called namespaces. > This page describes the issue with phpLDAPadmin and baseDN but I haven't been able to get it to work. > http://phpldapadmin.sourceforge.net/wiki/index.php/FAQ#How_does_PLA_work_out_ the_BASE_DN.3F > > Our phpLDAPadmin connection is using 'ldapi://%2fvar%2frun%2fldapi/' as to avoid ssl, sasl issues. > I was wondering if the issue is related to ldapd acl's and have tried putting some entried into the ldapd.conf file but no joy. Running ldapsearch I can see that the DN and Base appear to be empty, My guess is that this is where the issue is. Unless you've defined deny rules, the root DSE is readable by anyone. > # ldapsearch -LLL -x -h localhost -b '' -s base + > dn: > supportedLDAPVersion: 3 > namingContexts: dc=nhsscotland,dc=com > supportedExtension: 1.3.6.1.4.1.1466.20037 > supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 > subschemaSubentry: cn=schema > supportedSASLMechanisms: PLAIN Here you have a base DN of "dc=nhsscotland,dc=com". > # ldapsearch -x -H 'ldapi://%2fvar%2frun%2fldapi/' > # extended LDIF > # LDAPv3 > # base <> with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # search result > search: 2 > result: 32 No such object > # numResponses: 1 If you want to search the root DSE, you must use a base scope (-s base). -martin > Does anyone have any ideas what the problem might be ? > > Thanks > Keith
