begging for help

Kenneth Hawkins kjurkic at yahoo.ca
Fri Mar 6 22:41:07 UTC 2009 

Thanks Andy

I wish I was even this far along (to do queries). I can't even import a basic ldif to populate my LDAP, without running into errors. 

Here's an example:

bmsadmin at LDAP:/root$ sudo slapadd -l init.ldif
/etc/ldap/slapd.conf: line 114: rootdn is always granted unlimited privileges.
/etc/ldap/slapd.conf: line 131: rootdn is always granted unlimited privileges.
Entry (dc=bms,dc=bc,dc=ca): object class 'organizationalUnit' requires attribute 'ou'
slapadd: dn="dc=bms,dc=bc,dc=ca" (line=1): (65) object class 'organizationalUnit' requires attribute 'ou'
                                                                                              (* NOTE: this is corrected now - Ken^^^^^^^^^^^^^)

bmsadmin at LDAP:/root$ sudo rm -rf /var/lib/ldap/*

bmsadmin at LDAP:/root$ sudo slapadd -l init.ldif
/etc/ldap/slapd.conf: line 114: rootdn is always granted unlimited privileges.
/etc/ldap/slapd.conf: line 131: rootdn is always granted unlimited privileges.
str2entry: invalid value for attributeType objectClass #1 (syntax 1.3.6.1.4.1.1466.115.121.1.38)
slapadd: could not parse entry (line=7)

So I opened the source file (ldif):

1:    dn:     dc=bms,dc=bc,dc=ca
2:    objectClass:    dcObject
3:    objectClass:    organizationalUnit
4:    dc:     bms
5:    ou:     Bamfield Marine Science Centre
6:
7:    dn:     cn=admin,dc=bms,dc=bc,dc=ca *****nothing wrong with this line AFAICT
8:    objectClass:    simpleSecurityObject
9:    objectClass:    oganizationalRole
10:    cn:     admin
11:    description:    LDAP Administrator
12:    userPassword:   {SSHA}eyYgSORDGFd2CELlAy1fD3JAY+cc/TmR
13:
14:    dn:     ou=people,dc=bms,dc=bc,dc=ca
15:    objectClass:    organizationalUnit
16:    ou:     people
17:
18:    dn:     ou=groups,dc=bms,dc=bc,dc=ca
19:    objectClass:    organizationalUnit
20:    ou:     groups
21:
22:dn:     uid=lionel,ou=people,dc=bms,dc=bc,dc=ca
-------SNIP---------------------

Other than the domain name, this is an exact copy of:
https://help.ubuntu.com/community/OpenLDAPServer

Ken






________________________________
From: Andy Boersma <andy at boersma.ca>
To: The Canadian Ubuntu Users Community <ubuntu-ca at lists.ubuntu.com>
Sent: Friday, March 6, 2009 1:23:46 PM
Subject: RE: begging for help

 
Hi Ken,
You are totally correct, documentation
sucks huge buckets in LDAP.
I had to spend some time figuring it out,
from bad examples.
Here are working queries, to query active
directories.
 
Hope this helps you.
 
Andy
 
1st Query
select sAMAccountName name from ou=ProdUsers, ou=users, ou=city, 
ou=am, ou=pkg, ou=Prod where objectCategory=user
This query gives me a list of users.
 
2nd Query
select sAMAccountName name from ou=ProdUsers, ou=users, ou=city,
ou=am, ou=pkg, ou=Prod where objectCategory=user and sAMAccountName=?
Using logon-name xmii1admin, lists admin.
 
3rd Query
select name from ou=Groups, ou=xMII-SAP-SFDC,  ou=am,
ou=pkg, ou=Prod 
This query lists the groups. 
 
4th Query
select name from ou=Groups, ou=xMII-SAP-SFDC,  ou=am,
ou=pkg, ou=Prod  where name=?
Given the group xMII_Admin, it finds the group xMII_Admin
and lists it.
 
5th Query
select cn FullName, mail EmailAddress1 from ou=ProdUsers,
ou=users, ou=city,  ou=am, ou=pkg, ou=Prod where sAMAccountName=?
Give the user xMII1Admin, it displays the emailaddress and
full name of user.
 
 
6th Query
select cn FullName, mail EmailAddress1 from ou=Groups,
ou=xMII-SAP-SFDC,  ou=am, ou=pkg, ou=Prod where sAMAccountName=?
Give the role/group xMII_Admin it returns the role name, we
do not have a e-mail address as part of a group
 
7th Query
select distinguishedName from ou=ProdUsers, ou=users, ou=city,
ou=am, ou=pkg, ou=Prod  where objectCategory=user and sAMAccountName=?
Given the user name xMII1Admin, I get the full DN
 
8th Query
select name from ou=ProdUser, ou=users, ou=City, ou=am,
ou=pkg, ou=Prod where objectCategory=group and member=?
 
 
9th Query
select distinguishedName from ou=ProdUsers, ou=users, ou=city,
ou=am, ou=pkg, ou=Prod where objectCategory=group and name=?
 
 
10th Query
select sAMAccountName name from ou=ProdUsers, ou=users, ou=city,
ou=am, ou=pkg, ou=Prod where objectCategory=user and memberOf? 
 
 
 
 
 

________________________________
 
From:ubuntu-ca-bounces at lists.ubuntu.com [mailto:ubuntu-ca-bounces at lists.ubuntu.com] On Behalf Of Kenneth Hawkins
Sent: March-06-09 3:55 PM
To: The Canadian Ubuntu Users Community
Subject: begging for help
 
Howdy all

Anyone here proficient in LDAP? I have been following a tutorial from
help.ubuntu.com, but it is wrong somewhere in the syntax, and I cannot find the
error. When I contacted the person whose name was attached to the article, he
said that all he had done was some minor edit; apparently  the last
contributor gets listed as author. 

I have done many long jobs in linux over the years (net install debian &
built web servers from source, VM's back when QEMU was the only game, etc) but
I have never experienced such a lack of (useful) resources for something which
is supposed to be the killer app for enterprise user management.....I am really
getting sick & tired of LDAP how-to's/tutorials that NEVER work as
described. I have tried at least 6 different versions over the last few months,
and NOT A SINGLE ONE works as the author claims. In a couple of cases, when I
contacted them directly, I was basically told RTFM or man slapd.....is there
some level of arrogance that comes with LDAP proficiency?

I have a very basic ubuntu 8.04 LTS server, with up-to-date openldap from
repos. The sole purpose of this server is going to be Centralized login, and
addressbook. 

Thanks in advance for any pointers, or even a link to an LDAP howto that
actually works......


Ken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-ca/attachments/20090306/72b98ca4/attachment.html>

More information about the ubuntu-ca mailing list