Solved

LDAP server setup and operation

Posted on 2001-07-20
7
451 Views
Last Modified: 2013-12-15
I am an absolute, total, ignorant newbie when it comes to LDAP, but I'd like to set up a server for my address books.  I am running RH 7.1, and openldap is installed.  I went to openldap.org and tried to follow the "easy" instructions to set up a simple-minded, proof-that-it-is-working database. Unfortunately, I can't get past square one.  When I follow their instructions to run ldapadd and create a simple database, I get what appears to be an authentication error:

#
ldapadd -x -D "cn=Manager,dc=localhost,dc=localdomain" -W
-f /home/harlow/tmp/test.ldif
Enter LDAP Password: <here I entered the password "secret">
ldap_bind: Invalid credentials
#

Here is my slapd.conf file, which is just a bare-bones edit of the default:

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/redhat/rfc822-MailMember.schema
include         /etc/openldap/schema/redhat/autofs.schema
include         /etc/openldap/schema/redhat/kerberosobject.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

#pidfile        /var/run/slapd.pid
#argsfile       /var/run/slapd.args

# Load dynamic backend modules:
# modulepath    /usr/sbin/openldap
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la

# To allow TLS-enabled connections, create /usr/share/ssl/certs/slapd.pem
# and uncomment the following lines.
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
 
#######################################################################
# ldbm database definitions
#######################################################################
 
database        ldbm
suffix          "dc=localhost,  dc=localdomain"
#suffix         "o=My Organization Name, c=US"
rootdn          "cn=Manager, dc=localhost,  dc=localdomain"
#rootdn         "cn=Manager, o=My Organization Name, c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw                secret
# rootpw                {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory       /var/lib/ldap
# Indices to maintain
#index  objectClass                             eq
index   objectClass,uid,uidNumber,gidNumber     eq
index   cn,mail,surname,givenname               eq,subinitial

As I understand the setup here, it creates a default superuser account called Manager, with a cleartext password "secret".  However as you can see above, it doesn't recognize this.

None of the FAQs seem to provide any insight on troubleshooting, and they are all written for those who already understand.  Any help would be much appreciated.

JEH
0
Comment
Question by:harlow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 100 total points
ID: 6303447
the  rootpw  is commented out in your slapd.conf, so openldap probably runs without a password for the Manager
0
 

Author Comment

by:harlow
ID: 6303840
Oh man, do I feel dumb.... Anyway, I fixed it and restarted slapd, but still get the same result.  How about some of that other stuff that is commented out, like pidfile and argsfile?  Do I need to uncomment those?  Anything else you can see that I missed?

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6304477
I'm off from my openldap-on-linux-box, so can only give unprooved hints, sorry.

AFAIK, openldap assign a default passwd to rootdn if not specified elsewhere. Probably it's best to remove the installtion and install it again (or read the docs).

BTW, can you perform a ldapsearch, a) anonymous search without specifying a db, b) a search as specified dn ?
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:harlow
ID: 6308476
I reinstalled openldap and things seem to work better.  I read all the HOWTOs and FAQs, but man, this stuff is opaque! I am very accustomed to Linux/Unix documentation challenges, but this is the worst ever.  The examples in some of the openldap docs conflict with each other and many of them seem to have been written for earlier versions of the clients, with syntax that is no longer valid.  If I ever figure all this out, I may try to write a new HOWTO myself!

Thanks

JEH
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6308554
> I may try to write a new HOWTO myself!

Great, the whole (LDAP)world (me too:) is waiting for a usable doc.
LDAP (even Netscape's NDS) is poorly documented, it simply works if setup properly :-|
0
 

Expert Comment

by:iTeamIndia
ID: 13650015
I have same configuration and I un-comment the rootpw entry, I having the same error ldap_bind: Invalid credentials
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13650233
should work after restart
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux Hosting 16 81
Linux Desktop suggestion for Dell Inspiron 3043 13 67
Intel fortran compiler (ifort) 5 62
WordPress: Debugging from my Windows 10 Desktop 6 67
I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question