1 |
Paul Kölle wrote: |
2 |
|
3 |
>Again, this is NOT a successful search, there are no results. |
4 |
> |
5 |
> |
6 |
> |
7 |
Interesting, I thought it was successful because it didnt fail, and |
8 |
naturally there *is* nothing in my database because I can't even create |
9 |
the base dn.. |
10 |
|
11 |
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
12 |
> |
13 |
> |
14 |
>>From your ldapadd line, I assume you have in slapd.conf: |
15 |
> |
16 |
>database bdb |
17 |
>suffix dc=domain,dc=net,dc=au |
18 |
> |
19 |
> |
20 |
yes, exactly |
21 |
|
22 |
>The thing you probably missed: You don't need to and you are not allowed |
23 |
>to add entries *below* the "suffix" from slapd.conf as it could be |
24 |
>another suffix. If you try to add something like: "dn: dc=net,dc=au" |
25 |
>slapd searches for *immediate parents* (here: dc=au) to that entry, |
26 |
>either in the directory or for a "suffix" line in slapd.conf (remember, |
27 |
>its a tree). If it couldn't find one you get the "no global superior |
28 |
>knowledge" error or an "already exists" if the enty is already there. |
29 |
> |
30 |
> |
31 |
ok |
32 |
|
33 |
>Solution: |
34 |
> |
35 |
>ldif |
36 |
> |
37 |
>dn: dc=domain,dc=net,dc=au |
38 |
>dc=domain |
39 |
>objectClass: top |
40 |
>objectClass: dcObject |
41 |
>objectClass: domain |
42 |
>objectClass: domainRelatedObject |
43 |
>associatedDomain: domain.net.au |
44 |
> |
45 |
>dn: ou=users,dc=domain,dc=net,dc=au |
46 |
>ou: users |
47 |
>objectClass: top |
48 |
>objectClass: organizationalUnit |
49 |
>objectClass: domainRelatedObject |
50 |
>associatedDomain: domain.net.au |
51 |
> |
52 |
>end ldif |
53 |
> |
54 |
> |
55 |
this gives me: |
56 |
|
57 |
cephas ~ # ldapadd -D "cn=manager,dc=domain,dc=net,dc=au" -W -f base.ldif -x |
58 |
Enter LDAP Password: |
59 |
ldapadd: invalid format (line 2) entry: "dc=domain,dc=net,dc=au" |
60 |
|
61 |
>slapd.conf |
62 |
> |
63 |
>database bdb |
64 |
>suffix dc=domain,dc=net,dc=au |
65 |
>rootdn cn=manager,dc=domain,dc=net,dc=au |
66 |
>rootpw not24get |
67 |
> |
68 |
>directory /var/lib/openldap-data |
69 |
>index objectClass eq |
70 |
> |
71 |
>end slapd.conf |
72 |
> |
73 |
> |
74 |
I copied what you suggested and started slapd. see error above. |
75 |
|
76 |
>of course this is just the configuration for that backend, you'll need |
77 |
>more info in slapd.conf for your server to run properly. |
78 |
> |
79 |
> |
80 |
>cheers |
81 |
> Paul |
82 |
> |
83 |
> |
84 |
any ideas? I don't want to make this a huge email, but here are my |
85 |
relavant configs: |
86 |
|
87 |
*cephas ~ # sed -e 's/#.*//;/^\s*$/d' "$@" /etc/openldap/slapd.conf* |
88 |
include /etc/openldap/schema/core.schema |
89 |
include /etc/openldap/schema/cosine.schema |
90 |
include /etc/openldap/schema/inetorgperson.schema |
91 |
include /etc/openldap/schema/nis.schema |
92 |
TLSCertificateFile /etc/ssl/ldap.pem |
93 |
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem |
94 |
TLSCACertificateFile /etc/ssl/ldap.pem |
95 |
pidfile /var/run/openldap/slapd.pid |
96 |
argsfile /var/run/openldap/slapd.args |
97 |
database bdb |
98 |
suffix dc=domain,dc=net,dc=au |
99 |
rootdn cn=manager,dc=domain,dc=net,dc=au |
100 |
rootpw not24get |
101 |
directory /var/lib/openldap-data |
102 |
index objectClass eq |
103 |
|
104 |
*cephas ~ # sed -e 's/#.*//;/^\s*$/d' "$@" /etc/openldap/ldap.conf* |
105 |
BASE dc=domain, dc=net, dc=au |
106 |
URI ldaps://localhost:636/ |
107 |
TLS_REQCERT allow |
108 |
|
109 |
*cephas ~ # cat base.ldif* |
110 |
dn: dc=domain,dc=net,dc=au |
111 |
dc=domain |
112 |
objectClass: top |
113 |
objectClass: dcObject |
114 |
objectClass: domain |
115 |
objectClass: domainRelatedObject |
116 |
associatedDomain: domain.net.au |
117 |
|
118 |
dn: ou=users,dc=domain,dc=net,dc=au |
119 |
ou: users |
120 |
objectClass: top |
121 |
objectClass: organizationalUnit |
122 |
objectClass: domainRelatedObject |
123 |
associatedDomain: domain.net.au |
124 |
|
125 |
|
126 |
Thank you for your time. |
127 |
|
128 |
> |
129 |
> |
130 |
> |
131 |
> |
132 |
-- |
133 |
gentoo-server@g.o mailing list |