ons, 08.06.2005 kl. 03.40 skrev Andreas Bauer: [...]
> amd:/etc/samba # /usr/bin/ldapadd -h 127.0.0.1 -D > "cn=admin,dc=samba,dc=junits" -x -W -f /etc/openldap/example.ldif > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > > I took the rootpw secret. I did an account for admin, too with: smbpasswd -w > <secret>. I created also an rootpw with slappasswd. > > Have I also to create an admin account in passwd? No. /etc/passwd has nothing to do with what you're doing with LDAP. > After googlen, there must > be a syntax error(ldap_bind: Invalid credentials (49))? Error 49 (invalid credentials) means that the LDAP user and password combination you gave is wrong. > I created a simple example.ldif file: You have to add the first admin user using the rootdn and rootpw in slapd.conf. You have to give the admin user sufficient rights, using carefully chosen ACLS, to do anything with anything in the LDAP DIT. You haven't done any of this. When the admin user has all of these rights, you can comment out (or delete) the rootdn and rootpw lines in slapd.conf. > dn: dc=samba,dc=junits > objectclass: dcObject > objectclass: organization > o: Example Company > dc: samba > > dn: cn=admin,dc=samba,dc=junits > objectclass: organizationalRole > cn: admin > > slapd.conf: > > database ldbm > suffix "dc=samba,dc=junits" > rootdn "cn=admin,dc=samba,dc=junits" > rootpw secret > directory /var/lib/ldap > cachesize 40000 > dbcache 60000000 > index cn,sn,uid,displayName pres,sub,eq > index uidNumber,gidNumber eq > index sambaSID eq > index sambaPrimaryGroupSID eq > index sambaDomainName eq > index objectClass pres,eq > index default sub > access to dn.subtree="dc=samba,dc=junits" attrs=cn > by * =cs break This ACL is *not* going to work. Use the ACL given in slapd.conf.default. As a start, but the following is better to begin with (taken from the OL Admin Guide): 24. access to attr=userPassword 25. by self write 26. by anonymous auth 27. by dn.base="cn=Admin,dc=example,dc=com" write 28. by * none 29. access to * 30. by self write 31. by dn.base="cn=Admin,dc=example,dc=com" write 32. by * read --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba