Gentoo Archives: gentoo-server

From:	Chris S <taskara@××××××××××××.net>
To:	gentoo-server@l.g.o
Subject:	Re: [gentoo-server] ldap multiple dc rootdn?
Date:	Fri, 27 May 2005 10:15:13
Message-Id:	`4296F32D.5070901@internode.on.net`
In Reply to:	Re: [gentoo-server] ldap multiple dc rootdn? by "Paul Kölle"

1	Paul Kölle wrote:
2
3	>Again, this is NOT a successful search, there are no results.
4	>
5	>
6	>
7	Interesting, I thought it was successful because it didnt fail, and
8	naturally there is nothing in my database because I can't even create
9	the base dn..
10
11	> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
12	>
13	>
14	>>From your ldapadd line, I assume you have in slapd.conf:
15	>
16	>database bdb
17	>suffix dc=domain,dc=net,dc=au
18	>
19	>
20	yes, exactly
21
22	>The thing you probably missed: You don't need to and you are not allowed
23	>to add entries below the "suffix" from slapd.conf as it could be
24	>another suffix. If you try to add something like: "dn: dc=net,dc=au"
25	>slapd searches for immediate parents (here: dc=au) to that entry,
26	>either in the directory or for a "suffix" line in slapd.conf (remember,
27	>its a tree). If it couldn't find one you get the "no global superior
28	>knowledge" error or an "already exists" if the enty is already there.
29	>
30	>
31	ok
32
33	>Solution:
34	>
35	>ldif
36	>
37	>dn: dc=domain,dc=net,dc=au
38	>dc=domain
39	>objectClass: top
40	>objectClass: dcObject
41	>objectClass: domain
42	>objectClass: domainRelatedObject
43	>associatedDomain: domain.net.au
44	>
45	>dn: ou=users,dc=domain,dc=net,dc=au
46	>ou: users
47	>objectClass: top
48	>objectClass: organizationalUnit
49	>objectClass: domainRelatedObject
50	>associatedDomain: domain.net.au
51	>
52	>end ldif
53	>
54	>
55	this gives me:
56
57	cephas ~ # ldapadd -D "cn=manager,dc=domain,dc=net,dc=au" -W -f base.ldif -x
58	Enter LDAP Password:
59	ldapadd: invalid format (line 2) entry: "dc=domain,dc=net,dc=au"
60
61	>slapd.conf
62	>
63	>database bdb
64	>suffix dc=domain,dc=net,dc=au
65	>rootdn cn=manager,dc=domain,dc=net,dc=au
66	>rootpw not24get
67	>
68	>directory /var/lib/openldap-data
69	>index objectClass eq
70	>
71	>end slapd.conf
72	>
73	>
74	I copied what you suggested and started slapd. see error above.
75
76	>of course this is just the configuration for that backend, you'll need
77	>more info in slapd.conf for your server to run properly.
78	>
79	>
80	>cheers
81	> Paul
82	>
83	>
84	any ideas? I don't want to make this a huge email, but here are my
85	relavant configs:
86
87	cephas ~ # sed -e 's/#.//;/^\s$/d' "$@" /etc/openldap/slapd.conf
88	include /etc/openldap/schema/core.schema
89	include /etc/openldap/schema/cosine.schema
90	include /etc/openldap/schema/inetorgperson.schema
91	include /etc/openldap/schema/nis.schema
92	TLSCertificateFile /etc/ssl/ldap.pem
93	TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
94	TLSCACertificateFile /etc/ssl/ldap.pem
95	pidfile /var/run/openldap/slapd.pid
96	argsfile /var/run/openldap/slapd.args
97	database bdb
98	suffix dc=domain,dc=net,dc=au
99	rootdn cn=manager,dc=domain,dc=net,dc=au
100	rootpw not24get
101	directory /var/lib/openldap-data
102	index objectClass eq
103
104	cephas ~ # sed -e 's/#.//;/^\s$/d' "$@" /etc/openldap/ldap.conf
105	BASE dc=domain, dc=net, dc=au
106	URI ldaps://localhost:636/
107	TLS_REQCERT allow
108
109	cephas ~ # cat base.ldif
110	dn: dc=domain,dc=net,dc=au
111	dc=domain
112	objectClass: top
113	objectClass: dcObject
114	objectClass: domain
115	objectClass: domainRelatedObject
116	associatedDomain: domain.net.au
117
118	dn: ou=users,dc=domain,dc=net,dc=au
119	ou: users
120	objectClass: top
121	objectClass: organizationalUnit
122	objectClass: domainRelatedObject
123	associatedDomain: domain.net.au
124
125
126	Thank you for your time.
127
128	>
129	>
130	>
131	>
132	--
133	gentoo-server@g.o mailing list

Replies

Subject	Author
Re: [gentoo-server] ldap multiple dc rootdn?	"Paul Kölle" <pkoelle@×××××.com>

Report Message

Find on MARC Find on Google Groups