O Plameras wrote:
Howard Lowndes wrote:I am trying to get the rootDSE to work in openldap but phpldapadmin is coming back with:"Could not determine the root of your LDAP tree.It appears that the LDAP server has been configured to not reveal its root.Please specify it in config.php"There are a number of checks to ascertain this. These checks can't be done completely because there are additional info required but you have not supplied them. 1. Show us the output of # cat /etc/openldap/ldap.conf
On the server where ldap service is running and also where the phpldapadmin is running this is a null file
2. #slapcat is used to check a complete 'ldif' only on localhost. As a matter of fact, no need to start 'slapd' to run 'slapcat', and is not affected by 'access list' in your'slapd.conf'.
That's what I thought. I think slapcat is just an extension of the db tools.
3. #ldapsearch is used to check directory address info on any server depending on 'ldap.conf' and on the format of 'ldapsearch' command. A 'slapd' server is required to be running on the server being interrogated. Ldapsearch is affected by 'access list'in your 'slapd.conf'. 4. Also, show us the output of #ldapsearch -x -h localhost -s base -b "" +
# ldapsearch -x -h localhost -s base -b "" + # extended LDIF # # LDAPv3 # base <> with scope base # filter: (objectclass=*) # requesting: + # # search result search: 2 result: 0 Success # numResponses: 1 but # ldapsearch -x -h localhost -s base -b "" -D "XXX" -w "YYY" + provides: # extended LDIF # # LDAPv3 # base <> with scope base # filter: (objectclass=*) # requesting: + # # dn: structuralObjectClass: OpenLDAProotDSE namingContexts: dc=lannet,dc=com,dc=au namingContexts: dc=buller,dc=com,dc=au namingContexts: dc=lannet,dc=com,dc=au namingContexts: dc=buller,dc=com,dc=au supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 1.3.6.1.4.1.4203.1.10.1 supportedControl: 1.2.840.113556.1.4.1413 supportedControl: 1.2.840.113556.1.4.1339 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.826.0.1.334810.2.3 supportedControl: 1.3.6.1.1.13.2 supportedControl: 1.3.6.1.1.13.1 supportedControl: 1.3.6.1.1.12 supportedExtension: 1.3.6.1.4.1.1466.20037 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 1.3.6.1.4.1.4203.1.11.3 supportedFeatures: 1.3.6.1.1.14 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 supportedLDAPVersion: 2 supportedLDAPVersion: 3 supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: DIGEST-MD5 subschemaSubentry: cn=Subschema # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 so has my global access control got something to do with it:
Here is my slapd.conf: ##### Schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/redhat/autofs.schema ##### Allow LDAP v2 allow bind_v2 ##### Some files pidfile /var/run/slapd.pid argsfile /var/run/slapd.args rootDSE /var/lib/ldap/rootdse.ldif ##### Global access control access to attrs=userPassword by self write by * auth ##### Databases ##### LANNet database bdb suffix "dc=lannet,dc=com,dc=au" directory /var/lib/ldap mode 0600 rootdn XXX rootpw YYY index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub access to attrs=telephoneNumber, facsimileTelephoneNumber, mobile, street, l, st, postOfficeBox, postalCode, o by self write by * read ##### Buller database bdb suffix "dc=buller,dc=com,dc=au" directory /var/lib/ldap mode 0600 rootdn XXX rootpw YYY index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub access to attrs=telephoneNumber, facsimileTelephoneNumber, mobile, street, l, st, postOfficeBox, postalCode, o by self write by * read and here is my rootdse.ldif: dn: namingContexts: dc=lannet,dc=com,dc=au namingContexts: dc=buller,dc=com,dc=auWhat I am trying to achieve is to get multiple suffix dn into the directory structure. I can populate the database with slapadd, but when I run slapcat with the -b "<suffix>" option I see all of the entries not just the one for the suffix, but when I run ldapsearch I don't get much even though slapcat produces output:# ldapsearch -x -b "dc=lannet,dc=com,dc=au" # extended LDIF # # LDAPv3 # base <dc=lannet,dc=com,dc=au> with scope sub # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 Should the rootDSE file have more entries - if so, what?Try this command, #ldapsearch -x -h <ldap-server> -s base -b "" + O Plameras
-- Howard. LANNet Computing Associates - Your Linux people <http://lannetlinux.com> -- When you want a computer system that works, just choose Linux; When you want a computer system that works, just, choose Microsoft. -- Flatter government, not fatter government; abolish the Australian states. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
