Re: smbldap-populate error
tis 2012-01-03 klockan 19:59 +0100 skrev Adrián Arévalo Tirado: First of all. Thanks for the response. I'm totally new to LDAP (so, excuse me if I ask for nonsenses) and, to be honest, I don't know which method uses my distro (Debian 6) for configuration. On every documentation I see, they use /etc/slapd/slapd.conf, but in my case that file doesn't exist. Therefore, I'm using /usr/share/slapd/slapd.conf (The only slapd.conf I find). However, this is the /etc/ldap structure, so, it might be /etc/ldap/slapd.d method: Current debian (from squeeze and on) uses slapd.conf when bootstraping slapd for the first time (debconf asks you about domain-name and root-passwd when installing slapd.) Afterwards it is slapd.d/cn=config/ forever. That little schema_convert.conf is a somewhat specialized version of slapd.conf and only intended for generating .ldif from .schema. # # verktyg för att konvertera schema till ldif # # # slaptest -f ~/Skrivbord/Sysadm/ldap/dump_schema_som_ldif/schema_convert.conf -F ~/Skrivbord/Sysadm/ldap/dump_schema_som_ldif/dump-databas/ # slapcat -F ~/Skrivbord/Sysadm/ldap/dump_schema_som_ldif/dump-databas/ -n0 -s cn=schema,cn=config # include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/autofs.schema # Where the pid file is put. The init.d script # will not stop the server if you change this. # pidfile /var/run/slapd/slapd.pid # # List of arguments that were passed to the server # argsfile/var/run/slapd/slapd.args # # Read slapd.conf(5) for possible values # loglevelnone # # Where the dynamically loaded modules are stored # modulepath/usr/lib/ldap # moduleloadback_@BACKEND@ # # The maximum number of entries that is returned for a search operation # sizelimit 500 # # The tool-threads parameter sets the actual amount of cpu's that is used # # for indexing. # tool-threads 1 # ### # # Specific Backend Directives for @BACKEND@: # # Backend specific directives apply to this backend until another # # 'backend' directive occurs # backend @BACKEND@ # ### # # Specific Backend Directives for 'other': # # Backend specific directives apply to this backend until another # # 'backend' directive occurs # #backend other # ### # # Specific Directives for database #1, of type @BACKEND@: # # Database specific directives apply to this databasse until another # # 'database' directive occurs # database@BACKEND@ # # The base of your directory in database #1 # suffix @SUFFIX@ # # rootdn directive for specifying a superuser on the database. This is needed # # for syncrepl. # # rootdn cn=admin,@SUFFIX@ # # Where the database file are physically stored for database #1 # directory /var/lib/ldap # # The dbconfig settings are used to generate a DB_CONFIG file the first # # time slapd starts. They do NOT override existing an existing DB_CONFIG # # file. You should therefore change these settings in DB_CONFIG directly # # or remove DB_CONFIG and restart slapd for changes to take effect. # # For the Debian package we use 2MB as default but be sure to update this # # value if you have plenty of RAM # dbconfig set_cachesize 0 2097152 0 # # Sven Hartge reported that he had to set this value incredibly high # # to get slapd running at all. See http://bugs.debian.org/303057 for more # # information. # # Number of objects that can be locked at the same time. # dbconfig set_lk_max_objects 1500 # # Number of locks (both requested and granted) # dbconfig set_lk_max_locks 1500 # # Number of lockers # dbconfig set_lk_max_lockers 1500 # # Indexing options for database #1 # index objectClass eq # # Save the time that the entry gets modified, for database #1 # lastmod on # # Checkpoint the BerkeleyDB database periodically in case of system # # failure and to speed slapd shutdown. # checkpoint 512 30 # # The userPassword by default can be changed # # by the entry owning it if they are authenticated. # # Others should not be able to see it, except the # # admin entry below # # These access lines apply to database #1 only # access to attrs=userPassword,shadowLastChange # by dn=@ADMIN@ write # by anonymous auth # by self write # by * none # # Ensure read access to the base for things like # # supportedSASLMechanisms. Without this you may # # have problems with SASL not knowing what # # mechanisms are available and the like. # # Note that this is covered by the 'access to *' # # ACL below too but if you change that as people # # are wont to do you'll still need this if you # #
Re: smbldap-populate error
Il 03/01/2012 19:59, Adrián Arévalo Tirado ha scritto: First of all. Thanks for the response. I'm totally new to LDAP (so, excuse me if I ask for nonsenses) and, to be honest, I don't know which method uses my distro (Debian 6) for configuration. On every documentation I see, they use /etc/slapd/slapd.conf, but in my case that file doesn't exist. Therefore, I'm using /usr/share/slapd/slapd.conf (The only slapd.conf I find). Recent Debian use the cn=config by default on new installation. You have to add the samba schema (should be inside the samba-doc package), but I don't remember if there is an .ldif version or just the old samba.schema file. Having a working traditional slapd.conf configuration it's just matter to add an include for the samba.schema file. Simone
Re: smbldap-populate error
I have converted the new configuration into the old one (/etc/slap/slapd.conf). I saw in a forum that it was possible, so I deleted slap.d directory and placed slapd.conf instead. Anyway, I had to change the example slapd.conf (/usr/share/slapd/slapd.conf) in order to match the old configuration, which took me quite a while. There are lots of errors (or warnings maybe), but I can follow the tutorials (the output of my commands is the same as those on the tutorial), so I suppose that everything is OK At least the LDAP part is well configured, Now I have to move on to the Windows authentication. 2012/1/4 Simone Piccardi picca...@truelite.it Il 03/01/2012 19:59, Adrián Arévalo Tirado ha scritto: First of all. Thanks for the response. I'm totally new to LDAP (so, excuse me if I ask for nonsenses) and, to be honest, I don't know which method uses my distro (Debian 6) for configuration. On every documentation I see, they use /etc/slapd/slapd.conf, but in my case that file doesn't exist. Therefore, I'm using /usr/share/slapd/slapd.conf (The only slapd.conf I find). Recent Debian use the cn=config by default on new installation. You have to add the samba schema (should be inside the samba-doc package), but I don't remember if there is an .ldif version or just the old samba.schema file. Having a working traditional slapd.conf configuration it's just matter to add an include for the samba.schema file. Simone
Re: smbldap-populate error
On Monday, 2 January 2012 12:23:57 Adrián Arévalo Tirado wrote: OpenLDAP version: 2.4.23-7.2 Samba Version: 2:3.5.6 Operating SystemDebian 6.0 Squeeze Hello everybody. I'm trying to install a Samba + LDAP PDC but when I try to create the database with smbldap-populate I get this error: --- - Populating LDAP directory for domain empresa (S-1-5-21-802753395-3202467916-1484007712) (using builtin directory structure) entry dc=empresa,dc=com already exist. entry ou=Users,dc=empresa,dc=com already exist. entry ou=Groups,dc=empresa,dc=com already exist. entry ou=Computers,dc=empresa,dc=com already exist. entry ou=Idmap,dc=empresa,dc=com already exist. adding new entry: uid=root,ou=Users,dc=empresa,dc=com failed to add entry: objectClass: value #4 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 58. Around line 199 of my version of smbldap-populate (which may be different), I have stuff like this: $entries.=\ndn: uid=$adminName,$config{usersdn} cn: $adminName sn: $adminName objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount objectClass: shadowAccount [...] Value 4 would be: objectClass: sambaSAMAccount adding new entry: cn=Domain Admins,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 101. And at line 287 I have: dn: cn=Domain Admins,$config{groupsdn} objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins Value 2 would be: objectClass: sambaGroupMapping So, this really looks like a very basic error, either in whatever documentation you are following, or your following of it. You cannot store Samba users in LDAP without having loaded the samba schema. Please provide a password for the domain root: /usr/sbin/smbldap-passwd: user root doesn't exist --- --- In the log file I get this other error: --- --- slapd[1369]: conn=1005 op=28 do_search: invalid dn: sambaDomainName=empresa,dc=empresa,dc=com slapd[1369]: conn=1005 op=29 do_add: invalid dn (sambaDomainName=empresa,dc=empresa,dc=com) --- This is a better hint ... --- I included in slapd.conf the samba.schema. Does your system use slapd.conf for configuration, or the back-config / cn=config / /etc/ldap/slapd.d method? Because, your LDAP server definitely doesn't have the schema definitions it should have. You could of course verify that yourself by searching under cn=Subschema ... Any ideas? I've been looking for any solution for 4 days and nobody seems to know anything. Well, it shouldn't have been too difficult to: 1)Find what data it is trying to add 2)Checking that you have the relevant schema to support the use of the attributes, and objectclass values, that are failing. Regards, Buchan
Re: smbldap-populate error
First of all. Thanks for the response. I'm totally new to LDAP (so, excuse me if I ask for nonsenses) and, to be honest, I don't know which method uses my distro (Debian 6) for configuration. On every documentation I see, they use /etc/slapd/slapd.conf, but in my case that file doesn't exist. Therefore, I'm using /usr/share/slapd/slapd.conf (The only slapd.conf I find). However, this is the /etc/ldap structure, so, it might be /etc/ldap/slapd.d method: ├── ldap.conf ├── sasl2 ├── schema │ ├── collective.schema │ ├── corba.schema │ ├── core.ldif │ ├── core.schema │ ├── cosine.ldif │ ├── cosine.schema │ ├── duaconf.schema │ ├── dyngroup.schema │ ├── inetorgperson.ldif │ ├── inetorgperson.schema │ ├── java.schema │ ├── misc.schema │ ├── nis.ldif │ ├── nis.schema │ ├── openldap.ldif │ ├── openldap.schema │ ├── pmi.schema │ ├── ppolicy.schema │ └── README └── slapd.d ├── cn=config │ ├── cn=module{0}.ldif │ ├── cn=schema │ │ ├── cn={0}core.ldif │ │ ├── cn={1}cosine.ldif │ │ ├── cn={2}nis.ldif │ │ └── cn={3}inetorgperson.ldif │ ├── cn=schema.ldif │ ├── olcBackend={0}hdb.ldif │ ├── olcDatabase={0}config.ldif │ ├── olcDatabase={-1}frontend.ldif │ └── olcDatabase={1}hdb.ldif └── cn=config.ldif 2012/1/3, Buchan Milne bgmi...@staff.telkomsa.net: On Monday, 2 January 2012 12:23:57 Adrián Arévalo Tirado wrote: OpenLDAP version: 2.4.23-7.2 Samba Version: 2:3.5.6 Operating SystemDebian 6.0 Squeeze Hello everybody. I'm trying to install a Samba + LDAP PDC but when I try to create the database with smbldap-populate I get this error: --- - Populating LDAP directory for domain empresa (S-1-5-21-802753395-3202467916-1484007712) (using builtin directory structure) entry dc=empresa,dc=com already exist. entry ou=Users,dc=empresa,dc=com already exist. entry ou=Groups,dc=empresa,dc=com already exist. entry ou=Computers,dc=empresa,dc=com already exist. entry ou=Idmap,dc=empresa,dc=com already exist. adding new entry: uid=root,ou=Users,dc=empresa,dc=com failed to add entry: objectClass: value #4 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 58. Around line 199 of my version of smbldap-populate (which may be different), I have stuff like this: $entries.=\ndn: uid=$adminName,$config{usersdn} cn: $adminName sn: $adminName objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount objectClass: shadowAccount [...] Value 4 would be: objectClass: sambaSAMAccount adding new entry: cn=Domain Admins,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 101. And at line 287 I have: dn: cn=Domain Admins,$config{groupsdn} objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins Value 2 would be: objectClass: sambaGroupMapping So, this really looks like a very basic error, either in whatever documentation you are following, or your following of it. You cannot store Samba users in LDAP without having loaded the samba schema. Please provide a password for the domain root: /usr/sbin/smbldap-passwd: user root doesn't exist --- --- In the log file I get this other error: --- --- slapd[1369]: conn=1005 op=28 do_search: invalid dn: sambaDomainName=empresa,dc=empresa,dc=com slapd[1369]: conn=1005 op=29 do_add: invalid dn (sambaDomainName=empresa,dc=empresa,dc=com) --- This is a better hint ... --- I included in slapd.conf the samba.schema. Does your system use slapd.conf for configuration, or the back-config / cn=config / /etc/ldap/slapd.d method? Because, your LDAP server definitely doesn't have the schema definitions it should have. You could of course verify that yourself by searching under cn=Subschema ... Any ideas? I've been looking for any solution for 4 days and nobody seems to know anything. Well, it shouldn't have been too difficult to: 1)Find what data it is trying to add 2)Checking that you have the relevant schema to support the use of the attributes, and objectclass values, that are failing. Regards, Buchan
smbldap-populate error
OpenLDAP version: 2.4.23-7.2 Samba Version: 2:3.5.6 Operating SystemDebian 6.0 Squeeze Hello everybody. I'm trying to install a Samba + LDAP PDC but when I try to create the database with smbldap-populate I get this error: Populating LDAP directory for domain empresa (S-1-5-21-802753395-3202467916-1484007712) (using builtin directory structure) entry dc=empresa,dc=com already exist. entry ou=Users,dc=empresa,dc=com already exist. entry ou=Groups,dc=empresa,dc=com already exist. entry ou=Computers,dc=empresa,dc=com already exist. entry ou=Idmap,dc=empresa,dc=com already exist. adding new entry: uid=root,ou=Users,dc=empresa,dc=com failed to add entry: objectClass: value #4 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 58. adding new entry: uid=nobody,ou=Users,dc=empresa,dc=com failed to add entry: objectClass: value #4 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 89. adding new entry: cn=Domain Admins,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 101. adding new entry: cn=Domain Users,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 112. adding new entry: cn=Domain Guests,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 123. adding new entry: cn=Domain Computers,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 134. adding new entry: cn=Administrators,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 179. adding new entry: cn=Account Operators,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 201. adding new entry: cn=Print Operators,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 212. adding new entry: cn=Backup Operators,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 223. adding new entry: cn=Replicators,ou=Groups,dc=empresa,dc=com failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 498, GEN1 line 234. adding new entry: sambaDomainName=empresa,dc=empresa,dc=com failed to add entry: invalid DN at /usr/sbin/smbldap-populate line 498, GEN1 line 242. Please provide a password for the domain root: /usr/sbin/smbldap-passwd: user root doesn't exist -- In the log file I get this other error: -- slapd[1369]: conn=1005 op=28 do_search: invalid dn: sambaDomainName=empresa,dc=empresa,dc=com slapd[1369]: conn=1005 op=29 do_add: invalid dn (sambaDomainName=empresa,dc=empresa,dc=com) -- I included in slapd.conf the samba.schema. Any ideas? I've been looking for any solution for 4 days and nobody seems to know anything. Thanks in advance for the responses. -- Adrian adr...@gmail.com