[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

LDAP Server Setup Help

Posted on 2009-02-13
44
Medium Priority
?
869 Views
Last Modified: 2013-12-24
Dear Experts,

I am trying to setup an OpenLDAP server in my network.  Following this guide:

http://techpubs.spinlocksolutions.com/dklar/ldap.html

I am trying the "Initial configuration" of this guide and am stuck.  In this guide they are using the 1 PC as the client and the server.  I have separate machines as the client as the server and wanted to know if anyone can help me follow this guide.

In the guide it says too edit the file /etc/ldap/ldap.conf in the client machine by entering in:

BASE  dc=spinlock, dc=hr
URI ldap://192.168.7.12/

It then says to enter in the following on the server machine:

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema

but it does not tell me which file on the server this should be added to

HELP
0
Comment
Question by:narmi2
  • 20
  • 20
40 Comments
 
LVL 29

Expert Comment

by:fosiul01
ID: 23637947
Hi have you install ldap server ??

as this one saying

go to /etc/ldap/
then vi ldap.conf


you will see
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema


you just have to enabled it thats all
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23637965
have a look to this one aswell
http://www.debianhelp.co.uk/ldap.htm
http://www.debuntu.org/ldap-server-and-linux-ldap-clients

you need to install ldap server first to get those files
0
 
LVL 1

Author Comment

by:narmi2
ID: 23640373
I am not following the guide:

http://www.debuntu.org/ldap-server-and-linux-ldap-clients

I install all the packages and tried searching the ldap server using

ldapsearch -x -b dc=home

But I get a message saying

Can't contact LDAP server (-1)

So I restarted the server

/etc/init.d/slapd restart

It starts fine, but I still get the message

Can't contact LDAP server (-1)

when I type

ldapsearch -x -b dc=home

Please help.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 29

Expert Comment

by:fosiul01
ID: 23640391
have you setup ldap server with all the informaiton in ldap.conf file ??
0
 
LVL 1

Author Comment

by:narmi2
ID: 23640404
In the guide below

http://www.debuntu.org/ldap-server-and-linux-ldap-clients

It does not tell me to do anything to the ldap.conf file
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23640415
thats why i said to look at this one about how to setup ldap server
http://www.debianhelp.co.uk/ldap.htm
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23640419
or for this site

http://www.debuntu.org/ldap-server-and-linux-ldap-clients

have you done this section  

#dpkg-reconfigure slapd  ??

0
 
LVL 1

Author Comment

by:narmi2
ID: 23640432
Yes I did this

apt-get install slapd ldap-utils migrationtools

then this

dpkg-reconfigure slapd

then set the settings to this

Omit OpenLDAP server configuration? ... No
DNS domain name: ... home
Name of your organization: ... home
Admin Password: XXXXX
Confirm Password: XXXXX
OK
BDB
Do you want your database to be removed when slapd is purged? ... No
Move old database? ... Yes
Allow LDAPv2 Protocol? ... No

Then I tried this

ldapsearch -x -b dc=home

but it said this

ldap_bind: Can't contact LDAP server (-1)

I then did this

/etc/init.d/slapd restart

then this

ldapsearch -x -b dc=home

but it is still saying this

ldap_bind: Can't contact LDAP server (-1)
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23640463
Ok allow me couple of hours,will have to go out then i will be able to check your files

unless if other EE fix the problem

other wise talk to you soon
0
 
LVL 1

Author Comment

by:narmi2
ID: 23640956
Looking forward to your reply.
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23647870
sorry i said couple of hours and its become more then 24 hrS due to weakend!!

anyway, will be avilable for next 5 days!!

when you are free let me know will speak again
0
 
LVL 1

Author Comment

by:narmi2
ID: 23663970
I am free for about 1 hour now.  Can you help?
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23668091
sorry due to night i was not available

how far you tryed to install with ldap??
0
 
LVL 1

Author Comment

by:narmi2
ID: 23668618
I have installed it but it will not search

ldapsearch -x -b dc=home

it still says

ldap_bind: Can't contact LDAP server (-1)
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23670069
Ok can i see your slapd.conf  which should be on  /etc/ldap/slapd.conf

0
 
LVL 1

Author Comment

by:narmi2
ID: 23694008
How can I paste the text from that file here?  There is too much text in that file for me to type it up here.  I used ssh to log into the server from my desktop pc.
0
 
LVL 1

Author Comment

by:narmi2
ID: 23694829
I installed sshfs to get the file you wanted to see:

# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

#######################################################################
# Global Directives:

# Features to permit
#allow bind_v2

# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile         /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile        /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel        256

# Where the dynamically loaded modules are stored
modulepath      /usr/lib/ldap
moduleload      back_bdb

# The maximum number of entries that is returned for a search operation
sizelimit 500

# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1

#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend            bdb
checkpoint 512 30

#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend            <other>

#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database        bdb

# The base of your directory in database #1
suffix          "dc=home"

# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
# rootdn          "cn=admin,dc=home"

# Where the database file are physically stored for database #1
directory       "/var/lib/ldap"

# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0

# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057
# for more information.

# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500

# Indexing options for database #1
index           objectClass eq
index            uid eq

# Save the time that the entry gets modified, for database #1
lastmod         on

# Where to store the replica logs for database #1
# replogfile      /var/lib/ldap/replog

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=home" write
        by anonymous auth
        by self write
        by * none

# Ensure read access to the base for things like
# supportedSASLMechanisms.  Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
access to *
        by dn="cn=admin,dc=home" write
        by * read

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
#        by dn="cn=admin,dc=home" write
#        by dnattr=owner write

#######################################################################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database        <other>

# The base of your directory for database #2
#suffix            "dc=debian,dc=org"
0
 
LVL 1

Author Comment

by:narmi2
ID: 23699971
I found this guide:
http://boilinglinux.blogspot.com/2008/04/ldap-step-by-step-installation-in.html

After completing it, I can no longer login to client pcs.

Help
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23727185
hi narmi2

no luck yet ??

have you configured client pc to authenticate to your ldap server ??

problem is your time and my time is too much difference..

let see if you are awake!!
0
 
LVL 1

Author Comment

by:narmi2
ID: 23727730
I'm still awake, but am I too late?
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23727794
hahaha, no would be able to awake atleast 30 minutes

ok so have you done your ldap server setup without any problem ??
0
 
LVL 1

Author Comment

by:narmi2
ID: 23727853
I think so.  If I do the following on the ldap server:

ldapsearch -x -b dc=home

It gives me results.

But when I start a client PC, it will not start properly.
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23727861

ok have you change the authentication options in client pc ??

0
 
LVL 1

Author Comment

by:narmi2
ID: 23727876
0
 
LVL 1

Author Comment

by:narmi2
ID: 23727906
Here is a screenshot of what happens when I boot up the client pc.
Screenshot.png
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23727907
omm this tutorial is little bit of hard

i have done this easy way in Centos

what OS i client pc ??
0
 
LVL 1

Author Comment

by:narmi2
ID: 23727922
Both server and client PC use the same OS.  The OS is Debian Etch.
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23727944
Ok wait , let me check in my debain,
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23728024
Ok from client pc  can you do telnet to ldap server

telnet ldap-server-ip 389

see if it can telnet

0
 
LVL 1

Author Comment

by:narmi2
ID: 23728047
I get the follow message:
Screenshot-1.png
0
 
LVL 1

Author Comment

by:narmi2
ID: 23728068
Maybe we can do this tomorrow?  I should be available all day tomorrow.  My current time is 23:27.  What is your current time?
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23728086
do you have any iptables setup in your ldap server ??

0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23728095
yes, its better to do that tomorrow

its 23.30 so night 11.30 Pm

are you from Uk ??
0
 
LVL 1

Author Comment

by:narmi2
ID: 23728099
Not that I know of, I only set up an iptable on the gateway server and the ldap server is a separate server.
0
 
LVL 1

Author Comment

by:narmi2
ID: 23728117
Yep, I am in the UK.

What time will be best for you tomorrow?
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23728150
i will be at work at 8.30

give me 2 hoours i will try setup ldap in debain, so it will give me clear idea

arround 11 am, i will try to speak with you on this issue
0
 
LVL 1

Author Comment

by:narmi2
ID: 23728210
11am sounds good to me.  Speak to you then.
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23732997
Hi please give me littel bit of time, due to some project didnto able to see ldap in debain

i will come back to you soon
0
 
LVL 29

Accepted Solution

by:
fosiul01 earned 2000 total points
ID: 23733267
Ok i have installed in ldap server but my vmware debain as client does not work

but one thing i will have to say

from any client if i do

telnet ldapserverip 389

it does work

but for your case it does

can i see the iptables -L output here
0
 
LVL 1

Author Comment

by:narmi2
ID: 23956283
Hello

Sorry for not being very active here as I have had a family emergency.  I will continue this as soon as possible.

Thanks
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes has been used since a very long time as an e-mail client and is very popular because of it's unmatched security. In this article we are going to learn about  RRV Bucket corruption and understand various methods to Fix "RRV Bucket Corrupt…
How much do you know about the future of data centers? If you're like 50% of organizations, then it's probably not enough. Read on to get up to speed on this emerging field.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question