Hi,
I wonder if your ldap database is correctly, if openldap server
/etc/openldap/slapd.conf should contain
suffix "dc=ufv,dc=br"
rootdn "cn=admin,dc=ufy,dc=br"
or if ldapd /etc/ldapd.conf
namespace "dc=ufv,dc=br" {
rootdn "cn=admin,dc=ufy,dc=br"
If you included ou=appsrv in the suffix / namespace for example as
ou=appsrv,dc=ufy,dc=br that wouldn't work.
I setup ldapd, and populated the database (with data used with openldap
server before). namespace dc=my,dc=internal,dc=local
ldapsearch -H ldapi://%2fvar%2frun%2fldapi -W -D
cn=admin,dc=my,dc=internal,dc=local -b dc=my,dc=internal,dc=local
185 Entries
ldapsearch -H ldapi://%2fvar%2frun%2fldapi -W -D
cn=admin,dc=my,dc=internal,dc=local -b dc=my,dc=internal,dc=local
'(ObjectClass=posixGroup)'
27 Entries
ldapsearch -H ldapi://%2fvar%2frun%2fldapi -W -D
cn=admin,dc=my,dc=internal,dc=local -b dc=my,dc=internal,dc=local
'(ObjectClass=posixAccount)'
154 Entries
27 Group + 154 Users + 4 ou's = 185
Your search should have worked.
Regards
Nigel Taylor
On 07/04/11 23:38, Friedrich Locke wrote:
I am trying to set my base dn to the dc=ufv,dc=br but i cannot
retrieve group information, here you have it:
Using the full DN, it works ok!
sioux@gustav$ ldapsearch -x -w XYZ -D cn=ypldap,ou=appsrv,dc=ufv,dc=br
-b ou=group,dc=ufv,dc=br '(objectClass=posixGroup)'
But when i take out ou=group:
sioux@gustav$ ldapsearch -x -w XYZ -D cn=ypldap,ou=appsrv,dc=ufv,dc=br
-b dc=ufv,dc=br '(objectClass=posixGroup)'
It does not work.
Any suggestion(s)?
On Mon, Jul 4, 2011 at 7:09 PM, Nigel Taylor
<njtay...@asterisk.demon.co.uk> wrote:
On 07/04/11 21:30, Friedrich Locke wrote:
Hi,
I am trying to get ypldap.conf running and i had a doubt reading
ypldap.conf man page. I configured my ldap server as:
ou=people,dc=ufv,dc=br holding entries for posixAccount, and
ou=groups,dc=ufv,dc=br holding entries for posixGroup.
AFAIK, ypldap.conf has only a single "basedn" directive. Due to my
lack of experience i got confused.
I would be glad to learn from your experience implementing ypdalp if
you would like to chare it.
Thanks once more.
Friedrich.
Hi,
ou organizational unit, is only relevant if you have multiple. So for the
search base you can omit the ou, your find all in ObjectClass posixGroup or
posixAccount. If you had posixAccount in an ou=Sales and ou=Engineering and
wanted to restrict the query to one of those ou's then you give the ou.
Rather than "groups" the ou generally is called "group".
The basedn "dc=ufv,dc=br" is all that is required for more complex you can
put in the filter,
group filter "(&(ObjectClass=PosixGroup)(ou=group))"
as all PosixGroup are in the ou group so ou=group is always true reduces to.
group filter "(ObjectClass=PosixGroup)"
Example extract from my LDIF file...
dn: ou=people,dc=my,dc=internal,dc=local
objectClass: organizationalUnit
ou: people
dn: ou=group,dc=my,dc=internal,dc=local
objectClass: organizationalUnit
ou: group
.....
dn: cn=napops,ou=group,dc=my,dc=internal,dc=local
objectClass: posixGroup
objectClass: top
cn: napops
gidNumber: 5025
memberUid: dmell01
memberUid: npope01
.....
dn: uid=npope01,ou=people,dc=my,dc=internal,dc=local
uid: npope01
cn: Neil Pope
objectClass: account
objectClass: posixAccount
objectClass: top
uidNumber: 5058354
gidNumber: 5069
gecos: Neil Pope
homeDirectory: /home/npres01
loginShell: /bin/ksh
.....
Regards
Nigel Taylor
