Check my OpenLDAP Tutorials https://sites.google.com/site/openldaptutorial/
On Fri, Mar 18, 2011 at 11:01 PM, Caloocan Gangsta <xcaloo...@yahoo.com> wrote: > Good day to all plug users, > > I am installing openldap inside our private network, during the installation > i was having a hardtime fixing errors from occurring after ldapadd. The > error i was getting is this. > > [root@naruto openldap]# /usr/bin/ldapadd -x -D > 'cn=Manager,dc=naruto,dc=sasuke,dc=internal' -W -f ldap-init.ldif > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > > > I dont know if this is a human error or a bug, maybe someone with a similar > case can share their thought on this or perhaps a little help from our > experts. =) > > i followed the sample links based on this website -> > http://www.howtoforge.com/install-and-configure-openldap-on-centos-5 > ================================================================= > Here are my slapd.conf files. > > [root@naruto openldap]# cat slapd.conf > # > # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. > # > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/nis.schema > > # Allow LDAPv2 client connections. This is NOT the default. > allow bind_v2 > > # Do not enable referrals until AFTER you have a working directory > # service AND an understanding of referrals. > #referral ldap://root.openldap.org > > pidfile /var/run/openldap/slapd.pid > argsfile /var/run/openldap/slapd.args > > # Load dynamic backend modules: > # modulepath /usr/lib/openldap > > # Modules available in openldap-servers-overlays RPM package > # Module syncprov.la is now statically linked with slapd and there > # is no need to load it here > # moduleload accesslog.la > # moduleload auditlog.la > # moduleload denyop.la > # moduleload dyngroup.la > # moduleload dynlist.la > # moduleload lastmod.la > # moduleload pcache.la > # moduleload ppolicy.la > # moduleload refint.la > # moduleload retcode.la > # moduleload rwm.la > # moduleload smbk5pwd.la > # moduleload translucent.la > # moduleload unique.la > # moduleload valsort.la > # modules available in openldap-servers-sql RPM package: > # moduleload back_sql.la > > # The next three lines allow use of TLS for encrypting connections using a > # dummy test certificate which you can generate by changing to > # /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on > # slapd.pem so that the ldap user or group can read it. Your client > software > # may balk at self-signed certificates, however. > # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt > # TLSCertificateFile /etc/pki/tls/certs/slapd.pem > # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem > > # Sample security restrictions > # Require integrity protection (prevent hijacking) > # Require 112-bit (3DES or better) encryption for updates > # Require 63-bit encryption for simple bind > # security ssf=1 update_ssf=112 simple_bind=64 > > # Sample access control policy: > # Root DSE: allow anyone to read it > # Subschema (sub)entry DSE: allow anyone to read it > # Other DSEs: > # Allow self write access > # Allow authenticated users read access > # Allow anonymous users to authenticate > # Directives needed to implement policy: > # access to dn.base="" by * read > # access to dn.base="cn=Subschema" by * read > # access to * > # by self write > # by users read > # by anonymous auth > # > # if no access controls are present, the default policy > # allows anyone and everyone to read anything but restricts > # updates to rootdn. (e.g., "access to * by * read") > # > # rootdn can always read and write EVERYTHING! > > ####################################################################### > # ldbm and/or bdb database definitions > ####################################################################### > > database bdb > suffix "dc=naruto,dc=sasuke,dc=internal" > rootdn "cn=Manager,dc=naruto,dc=sasuke,dc=internal" > # Cleartext passwords, especially for the rootdn, should > # be avoided. See slappasswd(8) and slapd.conf(5) for details. > # Use of strong authentication encouraged. > # rootpw secret > rootpw {SSHA}id/U29hna3vNXYmdtjJy6znotreal > > # The database directory MUST exist prior to running slapd AND > # should only be accessible by the slapd and slap tools. > # Mode 700 recommended. > directory /var/lib/ldap > > # Indices to maintain for this database > index objectClass eq,pres > index ou,cn,mail,surname,givenname eq,pres,sub > index uidNumber,gidNumber,loginShell eq,pres > index uid,memberUid eq,pres,sub > index nisMapName,nisMapEntry eq,pres,sub > > # Replicas of this database > #replogfile /var/lib/ldap/openldap-master-replog > #replica host=ldap-1.example.com:389 starttls=critical > # bindmethod=sasl saslmech=GSSAPI > # authcId=host/ldap-master.example....@example.com > =================================================================== > my sample ldif file. > > root@naruto openldap]# vim ldap-init.ldif > 1 dn: dc=naruto,dc=sasuke,dc=internal > 2 objectclass: dcObject > 3 objectclass: organization > 4 o: Servidor LDAP naruto > 5 dc: naruto > 6 dn: cn=Manager,dc=naruto,dc=sasuke,dc=internal > 7 objectclass: organizationalRole > 8 cn: Manager > ~ > ============================================================================== > using ldapsearch reveals this output: > [root@naruto openldap]# ldapsearch -x -b > 'dc=naruto,dc=sasuke,dc=internal' '(objectclass=*)' > # extended LDIF > # > # LDAPv3 > # base <dc=naruto,dc=sasuke,dc=internal> with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # search result > search: 2 > result: 32 No such object > > # numResponses: 1 > ============================================================== > Another sample of my internal dns using bind > > [root@naruto openldap]# dig naruto.sasuke.internal > > ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> naruto.sasuke.internal > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63652 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;naruto.sasuke.internal. IN A > > ;; ANSWER SECTION: > naruto.sasuke.internal. 38400 IN A 192.168.0.199 > > ;; AUTHORITY SECTION: > sasuke.internal. 38400 IN NS naruto.sasuke.internal. > > ;; Query time: 200 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Wed Mar 16 02:43:47 2011 > ;; MSG SIZE rcvd: 70 > =========================================================== > my internal domain seems resolving to my private ip, i tried searching > google to no avail. There might be some people who have the same problem as > mine using openldap. > > Lastly my ldap apps. > > [root@naruto openldap]# rpm -qa | grep ldap > openldap-2.3.43-12.el5_5.3 > nss_ldap-253-25.el5 > openldap-servers-2.3.43-12.el5_5.3 > php-ldap-5.1.6-20.el5 > openldap-clients-2.3.43-12.el5_5.3 > openldap-devel-2.3.43-12.el5_5.3 > ldapjdk-4.18-2jpp.3.el5 > python-ldap-2.2.0-2.1 > > Best regards, > > Bong > > > > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
