| |
| |
| |
|
Page: 1 2
<Deedubb> Hello... HELLO; anyway; I'm following this guide http://www.gentoo.org/doc/en/ldap-howto.xml and I seem to have a problem... In response to the ldapsearch I got a result: 32 No such object
<Aaron> Deedubb, where were you at?
<Deedubb> Pardon?
<Deedubb> I was at the ldapsearch part
<Deedubb> just before section 3
<Deedubb> I thought it was working, cause it says "# numResponses: 1"
<Aaron> mm
<Aaron> the ldap server itself is working
<Deedubb> but then later it generates an error when I tried to import my '/tmp/base.ldif'
<Aaron> ok
<Deedubb> it says "adding new entry "dc=ath,dc=cx"" then that its unwilling to perform (53) and additional info: no global superior knowledge
<Aaron> hehe
<Deedubb> my domain is dwatson.ath.cx; so dc=dwatson,dc=ath,dc=cx
<Aaron> what's your suffix?
<Deedubb> I tried to tell it that I'm the global superior but it wouldn't listen
<Deedubb> suffix?
<Aaron> that's not neccesarily what it means
<Deedubb> I know
<Aaron> from slapd.conf, what do you have as a suffix
<Deedubb> suffix "dc=dwatson,dc=ath,dc=cx"
<Aaron> you can add an object called dc=dwatson,dc=ath,dc=cx
<Aaron> but not one called dc=ath,dc=cx
<Aaron> because you've told the server that your concern starts with dc=dwatson,dc=ath,dc=cx
<Deedubb> ... so maybe its a glitch in this base.ldif?
<Aaron> I dunno
<Aaron> I dont know how good gentoo's docs are on this
<Aaron> but i trust the openldap manual more.
<Deedubb> haha! I crashed putty, I'm all skillz
<Aaron> .. sounds like it.
<Aaron> at any rate
<Aaron> you can't define an object beyond the base you set in slapd.conf
<Deedubb> I roger that... it seems this migration tools is dumb... it defined two 'top level domain'
<Aaron> most people define an ldap server to handle something like ath.cx
<Deedubb> ya, thats for people who have a real domainname
<Aaron> you will be defining yours a bit differently, and will have to adjust the docs as you go through them
<Deedubb> you're good
<Aaron> not that good, but i try :p
<Deedubb> humm, this isn't as much fun as I expected
<Aaron> Deedubb, here are the generic openldap docs.
<Aaron> http://www.openldap.org/doc/admin23/quickstart.html
<Deedubb> You dont happen to know about postfix w/ ldap for virtual doamins and sorts do ya?
<Aaron> once you get to do section 10 & 11
<Aaron> er
<Aaron> do sections 10&11
<Aaron> then revert to the gentoo docs
<Aaron> at section .. looks like section 3
<Deedubb> its working now
<Aaron> Deedubb, sorry, I know nearly nothing about postfix
<Aaron> I've never had to use it
<Aaron> at least not extensively
<Deedubb> ... oh well; it just looks like qmail has a schema file that would have made life easy -- I might switch
<Aaron> :)
<mh_le> hi all
<Aaron> hullo mh_le
<mh_le> whats up?
<apeiron> My CPU load.
<Deedubb> The ldap server has root's account in it, but when I do getent like the howto shows I get only 1 response... and from the list of other users I'm guessing its /etc/p***wd...
<Deedubb> woot, now it works
<Aaron> Deedubb, good luck there, I've never used LDAP as a pam source
<Deedubb> rebooting... lets see if I can login
<lucca> you probably do not want root in LDAP
<lucca> nor should it be your only pam/nss datastore
<SimonRaven> indeed
<Deedubb> everyones a critic... ya, upon reboot its borked
<Deedubb> getent isn't showing 2 entries, dunno why
<SimonRaven> it's not criticism, it's advice, from experience
<Deedubb> Is there a command line tool like useradd for ldap?
<SimonRaven> several. google for 'em
<Deedubb> you're the best, thanks
<SimonRaven> try for adduser instead, you'll get more hits
<pfn> eh? cn=config doesn't just allow rootdn access anymore?
<SimonRaven> version?
<SimonRaven> i knew there were issues with OL under 2.3.9 or something
<duncanmv> hello guys, what would be the right sytax for ldapsearch so I can see the entire schema and/or tree?
<lucca> the schema is in the RootDSE
<lucca> and the "tree" with interesting data will be in some other base
<lucca> (rootdse is the tree with base "")
<lucca> they must be accessed by separate searches
<_ranger_> well, actually the location of the schema can be found in the rootdse ...
<duncanmv> i get a dn= (empty) when using -s base "" or "mytree"
<duncanmv> any ideas?
<_ranger_> duncanmv, that dn *is* empty
<_ranger_> what are you expecting to see?
<duncanmv> well, I have a ldap tree, I dont know the schema nor I have ldap experience. basically I want to see how are those people list stored there
<duncanmv> and try to authenticate against it
<_ranger_> duncanmv, ldapsearch -x -h ldapserver -b '' -s base namingContexts
<_ranger_> what do you get from that?
<duncanmv> cn=DirXmlDrivers,o=servers
<duncanmv> uhm
<duncanmv> fiound something using -b 'o=servers'
<duncanmv> :-)
<duncanmv> how can I list all objects there?
<_ranger_> duncanmv, ldapsearch -x -b o=servers
<_ranger_> but, you might be subject to access controls
<duncanmv> _ranger_: thanks I got what I need, last question, I have lot of entries, identified by cn=,ou=,o= how can get the lists of ou= ?
<matt_> hello, i got a problem with openldap, i'm tring to use back-sql n everything seems fine but when i try to start slapd it hangs on ==>backsql_open_db_conn(4294967295)
<matt_> anybody know whats wrong
<satsonic> hello
<bov> samba+ldap question, anyone know what algorithms are used to create "sambaLMP***word" and "sambaNTP***word" for the samba user ldifs?
<bov> satsonic: hey
<satsonic> i get an error when i run a php file, Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /usr/local/apache2/htdocs/mail/src/register/register_complete.php on line 30
<bov> satsonic: check username/p***word
<satsonic> actually line 30 is, $r=ldap_bind($ds,"cn=postmaster,jvd=$jvd,o=hosting,dc=myhosting,dc=example","12345");
<bov> jvd?
<satsonic> this p***word is wrong but from long time its working
<satsonic> yeah jvd is for to maintain many domains on same server, virtual user setup is there for mail registration
<satsonic> jvd contains domain list
<satsonic> same file with same code works on another mail server
<bov> pointing to the same ldap server?
<satsonic> so i thought its a ldap issue but i could login to mail accounts so i guess ldap is working
<satsonic> no on another server ldap is different both server has same setup only both are physically different
<bov> satsonic: connect to the ldap via a command line tool and see if you can bind using the username/p***word
<satsonic> bov: very strange since this was working from past 1 year just now something went wrong
<satsonic> let me see
<satsonic> ldapsearch -x -b "dc=myhosting,dc=example"
<satsonic> i can bind with this
<satsonic> without username p***word
<satsonic> how do i bind with username p***word
<asyd> you should read man ldapsearch.
<bov> satsonic: -D -w/-W and what asyd said...
<satsonic> asyd: yeah i am checking man page for that
<satsonic> ldapsearch -W -D cn=postmaster,jvd=ls.com,o=hosting,dc=myhosting,dc=example?
<asyd> yes
<satsonic> Enter LDAP P***word:
<satsonic> SASL/DIGEST-MD5 authentication started
<satsonic> ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
<satsonic> additional info: SASL(-13): user not found: no secret in database
<satsonic> thrown above error asyd
<asyd> -x
<asyd> add -x
<satsonic> ldap_bind: Server is unwilling to perform (53)
<satsonic> additional info: unauthenticated bind (DN with no p***word) disallowed
<satsonic> above with -x
<bov> satsonic: read the man about the difference between -w and -W
<bov> can't say helping newbs isn't entertaining :)
<satsonic> bov: difference is only specifying on command line or prompt right?
<satsonic> ldapsearch -x -D cn=postmaster,jvd=losgatos.com,o=hosting,dc=myhosting,dc=example right?
<bov> I would but your dn in quotes '' and you need either -w p***word or -W and wait for prompt
<satsonic> i put it in quotes and used -W but same error
<satsonic> even providing the right p***word
<satsonic> but this kind of error i am getting from long back
<satsonic> may be ldap isnt setup to check like this from command line
<satsonic> even i cannot bind to ldap from command line like this but i could from phpldapadmin and ldap is working fine only the line i mentioned from .php code is giving some problem
<bov> satsonic: did you try -h ip or -h hostname?
<satsonic> bov: no, let me try
<satsonic> bov: same error with -h
<bov> satsonic: run the ldap server with debugging and check the logs
<satsonic> bov: ok
<satsonic> bov: debug level 256 is ok?
<_ranger_> duncanmv, search with a filter of "(objectcl***=organizationalunit)" or similar
<satsonic> i have that on in slapd.conf so will check log directly, ok
Return to ldap
or
Go to some related
logs:
football
java
rock
|
|