On Thu, Dec 15, 2011 at 10:24 AM, Raffael Sahli <[email protected]>wrote:
> On 12/15/2011 09:46 AM, rey sebastien wrote:
>
>> Le jeu. 15 déc. 2011 08:51:29 CET, Raffael Sahli a écrit :
>>
>>>
>>>
>>>> OK, it's work, i have a fonctionnal slapd.d/cn=config folder, but i
>>>> don't understand why i can't access to openldap with
>>>> cn=admin,dc=parisgeo,dc=cnrs,**dc=fr and good password generated by
>>>>
>>>>
>>>> My slapd.conf before conversion contain the SSHA password generated by
>>>> slappasswd for rootDn :
>>>> -----
>>>>
>>>> database bdb
>>>> suffix "dc=parisgeo,dc=cnrs,dc=fr"
>>>> rootdn "cn=admin,dc=parisgeo,dc=cnrs,**dc=fr"
>>>> rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxx
>>>>
>>>> ----
>>>> I try this : root@xxxxx:/usr/local/etc/**openldap/slapd.d# ldapsearch
>>>> -D cn=admin,dc=parisgeo,dc=cnrs,**dc=fr -W -x 'userName=*'
>>>> Enter LDAP Password: ldap_bind: Invalid credentials (49)
>>>>
>>>> Bizarre ...
>>>> Perhaps i can try to redefine the rootdn, because it disapear with
>>>> conversion ?
>>>> Do you have an idea about this ?
>>>>
>>>> Thanks,
>>>> SR.
>>>>
>>>> >Use slapadd. Again, RTFM. Everything you've asked in the past week or
>>> so has been documented in the manpages and the Admin Guide. Read and learn.
>>>
>>> Yes right, @rey rtfm, and ask your question again, if you're sure your
>>> point is not in the OpenLDAP manual.
>>> But i'm sure you will find your answer there.
>>>
>>>
>>>
>>> >Please trim irrelevant text from your emails. Please update your
>>> Subject line to something relevant to the actual discussion topic.
>>> @Howard, please say that to the guy who ask questions, and not me^^
>>>
>>>
>>> Raffael Sahli wrote:
>>>
>>>> On 14.12.2011 16:54, rey sebastien wrote:
>>>>
>>>>> Le 13/12/2011 16:48, Raffael Sahli a écrit :
>>>>>
>>>>
>>> Hi!
>>>>> It's not easy to start with zero configuration with cn=config new
>>>>> openldap administration ..
>>>>> I create my bd.ldif based on the slapd.ldif example in the
>>>>> /usr/local/etc/openldap directory.
>>>>> But how can i insert this ldif with
>>>>>
>>>>> ldapadd -Y EXTERNAL -H ldapi:/// -f myldiffile.ldif
>>>>>
>>>>> if i cannot run slapd without configuration ?
>>>>> How do you start a fresh install of openldap in this case? there is an
>>>>> option to run slapd without zero configuration?
>>>>> Thanks a lot,
>>>>>
>>>>
>>> Use slapadd. Again, RTFM. Everything you've asked in the past week or so
>>> has been documented in the manpages and the Admin Guide. Read and learn.
>>>
>>>
>>>
>> Everything ? really ... Install from sources with specific init script
>> installation on debian ? Also, i find nothing about a fresh install
>> directly with cn=config (without conversion of slapd.conf) into the admin
>> guide ...
>>
>> I'm not a junior system administrator, i make a phd in geography /
>> geomatics, and i have only one week before christmas to create and populate
>> a new ldap in my laboratory. I try to learn the maximum with google/debian
>> tutorial and a lot of false tutorial, but actually, and i'm sorry about
>> that, i have no time to read all the man page, and all the admin guide ...
>>
>> Thanks you again for the time you take to answer to my question Raffael,
>> and others.
>>
>
> First, change the subject, your problem has nothing to do with SSL.
>
> And to your root password problem, if you just convert your offline config
> to online config, you root password will be the same as before.
> Did it worked with the offline configuration?
> Or change the olcRootPW manually in the config ldif of your database.
>
>
Hum i check into my config ldif and olcRootPW doesn't appear.
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 7bbc1dd2
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: slapd.conf.seb
olcConfigDir: /usr/local/etc/openldap/slapd.d/
olcArgsFile: /usr/local/var/run/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcLocalSSF: 71
olcLogLevel: Stats
olcPidFile: /usr/local/var/run/slapd.pid
olcReadOnly: FALSE
olcReverseLookup: FALSE
olcSaslHost: claroline.parisgeo.cnrs.fr
olcSaslSecProps: noplain,noanonymous
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCRLCheck: none
olcTLSVerifyClient: never
olcToolThreads: 1
olcWriteTimeout: 0
structuralObjectClass: olcGlobal
entryUUID: 065b0668-632b-4573-a915-bbe2caf96586
creatorsName: cn=config
createTimestamp: 20111214212046Z
entryCSN: 20111214212046.446261Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20111214212046Z
I try to re-add the pasword with slapmodify :
dn:cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,dc=parisgeo,dc=cnrs,dc=fr
dn: cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}1dWxkkRtyUJt5fDga0Pn4EAyKQ5RPI4+
root@xxxxx:/usr/local/etc/openldap# ldapadd -Y EXTERNAL -H ldapi:/// -f
initSlapd.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
ldap_modify: Insufficient access (50)
Hum, i don't really understand why i have not access,
i change only password, rootsuffix, and rootdn into the slapd.conf before
conversion ..
I try to add manually the attribute olcRootPw, olcSuffix,olcRootDN
olcSuffix: dc=parisgeo,dc=cnrs,dc=fr
olcRootDN: cn=admin,dc=parisgeo,dc=cnrs,dc=fr
olcRootPW: {SSHA}1dWxkkRtyUJt5fDga0Pn4EAyKQ5RPI4+
I have this error at restart :
Dec 15 10:52:04 claroline slapd[11462]: olcSuffix: value #0: suffix
<DC=parisgeo,DC=cnrs,DC=fr> not allowed in frontend database.
Hum i think it's a good idea to remove all config/data file, restart with a
fresh slapd.conf and retry the conversion ..
>
> --
> Raffael Sahli
> [email protected]
> Switzerland
>
>
--
<http://stackoverflow.com/users/385881/reyman64>
