LDAPD and no Base DN

[Keith]

I am trying to setup LDAPD but keep running into 'Base DN' issues. My 
coluege managed to get OpenLDAP working on a linux server but as LDAPD 
is now available for OBSD I am keen to switch to ldap servers before we 
start to populate our directory.  I've managed to get the ldap web gui 
phpldapadmin to talk to LDAPD but after logging in we get the following.


? dn=example, dn=com
This base entry does not exist. Create it ?  the 'create it' link is a 
javascript link that doesn't do anything!


This page describes the issue with phpLDAPadmin and baseDN but I haven't 
been able to get it to work.

http://phpldapadmin.sourceforge.net/wiki/index.php/FAQ#How_does_PLA_work_out_the_BASE_DN.3F

Our phpLDAPadmin connection is using 'ldapi://%2fvar%2frun%2fldapi/' as 
to avoid ssl, sasl issues.
I was wondering if the issue is related to ldapd acl's and have tried 
putting some entried into the ldapd.conf file but no joy. Running 
ldapsearch I can see that the DN and  Base appear to be empty, My guess 
is that this is where the issue is.


# ldapsearch -LLL -x -h localhost -b '' -s base +
dn:
supportedLDAPVersion: 3
namingContexts: dc=nhsscotland,dc=com
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
subschemaSubentry: cn=schema
supportedSASLMechanisms: PLAIN

# ldapsearch -x -H 'ldapi://%2fvar%2frun%2fldapi/'
# extended LDIF
# LDAPv3
# base  with scope subtree
# filter: (objectclass=*)
# requesting: ALL
# search result
search: 2
result: 32 No such object
# numResponses: 1

Does anyone have any ideas what the problem might be ?

Thanks
Keith

Re: LDAPD and no Base DN

[Martin Hedenfalk]

2 dec 2010 kl. 00.36 skrev Keith:

 I am trying to setup LDAPD but keep running into 'Base DN' issues. My
coluege managed to get OpenLDAP working on a linux server but as LDAPD is now
available for OBSD I am keen to switch to ldap servers before we start to
populate our directory.  I've managed to get the ldap web gui phpldapadmin to
talk to LDAPD but after logging in we get the following.

 ? dn=example, dn=com

Have you defined a 'dn' attribute in the schema? Otherwise this is a weird
DN.
Although ldapd might not currently check for valid attribute types allowed in
a RDN, you should stick to defined attributes with an EQUALITY matching rule.

 This base entry does not exist. Create it ?  the 'create it' link is a
javascript link that doesn't do anything!

I don't know about phpldapadmin, but ldapd won't let you create base DNs over
LDAP. You create base DNs in the ldapd.conf file, where they're called
namespaces.


 This page describes the issue with phpLDAPadmin and baseDN but I haven't
been able to get it to work.

http://phpldapadmin.sourceforge.net/wiki/index.php/FAQ#How_does_PLA_work_out_
the_BASE_DN.3F

 Our phpLDAPadmin connection is using 'ldapi://%2fvar%2frun%2fldapi/' as to
avoid ssl, sasl issues.
 I was wondering if the issue is related to ldapd acl's and have tried
putting some entried into the ldapd.conf file but no joy. Running ldapsearch I
can see that the DN and  Base appear to be empty, My guess is that this is
where the issue is.

Unless you've defined deny rules, the root DSE is readable by anyone.


 # ldapsearch -LLL -x -h localhost -b '' -s base +
 dn:
 supportedLDAPVersion: 3
 namingContexts: dc=nhsscotland,dc=com
 supportedExtension: 1.3.6.1.4.1.1466.20037
 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
 subschemaSubentry: cn=schema
 supportedSASLMechanisms: PLAIN

Here you have a base DN of dc=nhsscotland,dc=com.


 # ldapsearch -x -H 'ldapi://%2fvar%2frun%2fldapi/'
 # extended LDIF
 # LDAPv3
 # base  with scope subtree
 # filter: (objectclass=*)
 # requesting: ALL
 # search result
 search: 2
 result: 32 No such object
 # numResponses: 1

If you want to search the root DSE, you must use a base scope (-s base).

-martin

 Does anyone have any ideas what the problem might be ?

 Thanks
 Keith