• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2609
  • Last Modified:

Problem adding users to openldap with phpldapadmin


Iv only been working with linux for a few weeks so bare with me ;)
I'm trying to add groups and users to my openldap using phpldapadmin.
I have openldap up and running.
I can surf to phpldapadmin and login with the data i have configured in olcDatabase={1}bdb.ldif
But when i'm logged in it asks me "This base entry does not exist.Create it?" phpldapadminWhen i click "Create it?" nothing happens
 cn=config directory
this is olcDatabase={1}bdb.ldif

dn: olcDatabase={1}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {1}bdb
olcSuffix: dc=groep3,dc=project1
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,dc=groep3,dc=project1
olcRootPW: {SSHA}l3o+OIcjM26/ns1mVG21Y1EsujzH9+OO
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap
olcDbCacheSize: 1000
olcDbCheckpoint: 1024 15
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidNumber pres,eq
olcDbIndex: gidNumber pres,eq
olcDbIndex: ou pres,eq,sub
olcDbIndex: loginShell pres,eq
olcDbIndex: mail pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: memberUid pres,eq,sub
olcDbIndex: nisMapName pres,eq,sub
olcDbIndex: nisMapEntry pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: bc857dd0-e910-102f-8288-21d3cf423330
creatorsName: cn=config
createTimestamp: 20110322204307Z
entryCSN: 20110322204307.180437Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20110322204307Z

Open in new window

  • 3
  • 2
1 Solution
First the name sounded funny but it appears that dc=groep3,dc=project is the valid base entry.  Go ahead and create it.  It should have already been there, unless you changed names or something.  At worst, you will have to delete it, not a big deal.  But looking at your LDIF, it looks valid.

olcSuffix: dc=groep3,dc=project1
nociSoftware EngineerCommented:
The login succeeds as that uses a  hardcoded name.
The base it is looking for is an OpenLDAProotDSE class record.

please follow the howto here: http://www.linuxmail.info/openldap-setup-howto/
It should also work for fedora. The howto assumes the machine is in the acme.local domain.
I also take it that you have a DNS setup with a TLD .project1 (in stead of .local)? as you are using the domain construction.
with groep3 as a subdomain in the .project1 domain?

Otherwise it might be wise append your own xxx.yyy domain in the form of ,dc=xxx,dc=yyy to the LDAP names.
Th0RAuthor Commented:
I got it working, as i said i'm new to linux and ldap and i just didn't add a base.ldif file

after creating/adding the base.ldif file to ldap i was finally able to add groups.

However iv got a problem when adding users in phpLdapadmin
when entering the details for the user account it asks for a gidnumber
But the list is empty and i cannot fill in anything

how do i get past this ?
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

nociSoftware EngineerCommented:
the gid number is a number from a group list....

Some history,  since earliest unix there was an /etc/group file and an /etc/passwd file.

The group file holds groupname, groupid, possibly a password and a list of members.
The password file holds a username, password, user id, primary group id, some comment (GCOS) info, default directory, default shell.

The primary group id should a a group from the /etc/group file (or list). And it can be any aggreed upon number.
On a unix system they may have a special meaning (see /etc/group file)

if the uid = 0 (and in most cases gid=0 too) then the user is the root (or superuser). Unless you have RBAC / SElinux the uid=0 user can do ANYTHING without any restriction.

So check for a valid number the various /etc/group files. (and try to synchronise them..., be carefull though, if a group xyz has a gid of 10 on one system and 11 on another they may give access to the wrong group).
You can insert a group table in ldap too, seen /etc/ldap.conf for the details about that.
Th0RAuthor Commented:
i finally got it to work.

following this tutorial:


skipping the migration steps ofcours, i did not need to transfer any data.
Th0RAuthor Commented:
still some fine tuning needed

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now