Problem adding users to openldap with phpldapadmin

Posted on 2011-04-19
Last Modified: 2012-05-11

Iv only been working with linux for a few weeks so bare with me ;)
I'm trying to add groups and users to my openldap using phpldapadmin.
I have openldap up and running.
I can surf to phpldapadmin and login with the data i have configured in olcDatabase={1}bdb.ldif
But when i'm logged in it asks me "This base entry does not exist.Create it?" phpldapadminWhen i click "Create it?" nothing happens
 cn=config directory
this is olcDatabase={1}bdb.ldif

dn: olcDatabase={1}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {1}bdb
olcSuffix: dc=groep3,dc=project1
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,dc=groep3,dc=project1
olcRootPW: {SSHA}l3o+OIcjM26/ns1mVG21Y1EsujzH9+OO
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap
olcDbCacheSize: 1000
olcDbCheckpoint: 1024 15
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidNumber pres,eq
olcDbIndex: gidNumber pres,eq
olcDbIndex: ou pres,eq,sub
olcDbIndex: loginShell pres,eq
olcDbIndex: mail pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: memberUid pres,eq,sub
olcDbIndex: nisMapName pres,eq,sub
olcDbIndex: nisMapEntry pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: bc857dd0-e910-102f-8288-21d3cf423330
creatorsName: cn=config
createTimestamp: 20110322204307Z
entryCSN: 20110322204307.180437Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20110322204307Z

Open in new window

Question by:Th0R
    LVL 31

    Expert Comment

    First the name sounded funny but it appears that dc=groep3,dc=project is the valid base entry.  Go ahead and create it.  It should have already been there, unless you changed names or something.  At worst, you will have to delete it, not a big deal.  But looking at your LDIF, it looks valid.

    olcSuffix: dc=groep3,dc=project1
    LVL 39

    Expert Comment

    The login succeeds as that uses a  hardcoded name.
    The base it is looking for is an OpenLDAProotDSE class record.

    please follow the howto here:
    It should also work for fedora. The howto assumes the machine is in the acme.local domain.
    I also take it that you have a DNS setup with a TLD .project1 (in stead of .local)? as you are using the domain construction.
    with groep3 as a subdomain in the .project1 domain?

    Otherwise it might be wise append your own xxx.yyy domain in the form of ,dc=xxx,dc=yyy to the LDAP names.

    Author Comment

    I got it working, as i said i'm new to linux and ldap and i just didn't add a base.ldif file

    after creating/adding the base.ldif file to ldap i was finally able to add groups.

    However iv got a problem when adding users in phpLdapadmin
    when entering the details for the user account it asks for a gidnumber
    But the list is empty and i cannot fill in anything

    how do i get past this ?
    LVL 39

    Expert Comment

    the gid number is a number from a group list....

    Some history,  since earliest unix there was an /etc/group file and an /etc/passwd file.

    The group file holds groupname, groupid, possibly a password and a list of members.
    The password file holds a username, password, user id, primary group id, some comment (GCOS) info, default directory, default shell.

    The primary group id should a a group from the /etc/group file (or list). And it can be any aggreed upon number.
    On a unix system they may have a special meaning (see /etc/group file)

    if the uid = 0 (and in most cases gid=0 too) then the user is the root (or superuser). Unless you have RBAC / SElinux the uid=0 user can do ANYTHING without any restriction.

    So check for a valid number the various /etc/group files. (and try to synchronise them..., be carefull though, if a group xyz has a gid of 10 on one system and 11 on another they may give access to the wrong group).
    You can insert a group table in ldap too, seen /etc/ldap.conf for the details about that.

    Accepted Solution

    i finally got it to work.

    following this tutorial:

    skipping the migration steps ofcours, i did not need to transfer any data.

    Author Closing Comment

    still some fine tuning needed

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now