Selim Jahangir wrote:
Hi Guys
Here is my config details
1. /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
rootpw {SSHA}airnU5gtmX+okEfQzseQsdXEx1QWpJ7/
directory /var/lib/ldap/example.com
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
Your slapd.conf is OK.
I'd tend to use
rootpw secret # For testing, so I'd know
visually my password is right.
By default, rootdn which is "cn=Manager, dc=example,dc=com" in your
slapd.conf has superuser ACLs or access rights, even when it is not
expressly
defined. Anonymous is by default has read privileges.
2. /etc/openldap/example.com.ldif
dn: dc=example,dc=com
dc: example
description: ROOT LDAP Entry
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
This Entry above as a whole is ERRONEOUS.
Your DN says,
dn: dc=example,dc=com # This Entry is your ROOT in IETF format.
# So, you must have two
objectClasses for ROOT entry, namely:
objectClass: dcObject # domain declaration item.
objectClass: organization # NOT objectClass: organizationalUnit
as you have in yours
#
dc: example # correct item which corresponds
to objectClass: dcObject
o: example # missing item in yours,
corresponding item to objectClass: organization
#
description: ROOT LDAP Entry # this is optional item, you may or
may not have this item
#
ou: rootobject # this item should be dropped
and NOT included
# if you include this
you will have an error in your
# ldapadd etc...........
dn: ou=People, dc=example, dc=com
ou=People
description: All people on organisation
objectClass: organizationalUnit
The above Entry as a whole is also wrong:
Your DN is
dn:ou=People,dc=example,dc=com # This item is correct
ou: People # This is the
correct item, instead of ou=People
objectClass: organizationalUnit # This item is correct
description: All people on organization # This item is optional
*I have used the following command*
[EMAIL PROTECTED] openldap]# ldapadd -x -D "cn=Manager,dc=example,dc=com"
-W -f /etc/openldap/example.com.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
[EMAIL PROTECTED] openldap]#
The password and dn both are correct.
Wish a solution please.
So, even when your password is correct and you've corrected the DNS
problem your
#ldapadd -x ..... etc .....
will not work still.
You may confirm this. Before doing an "ldapadd -x -D ....."
do an
#ldapsearch -x
This should return success. After this you do
#ldapadd -x -D "....." etc.
Hope this helps.
O Plameras
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
