<html><head><style type="text/css"></style></head><body><div style="font-family:arial,helvetica,sans-serif;font-size:14pt"><div>Thanks Andy I wish I was even this far along (to do queries). I can't even import a basic ldif to populate my LDAP, without running into errors. Here's an example: bmsadmin@LDAP:/root$ sudo slapadd -l init.ldif /etc/ldap/slapd.conf: line 114: rootdn is always granted unlimited privileges. /etc/ldap/slapd.conf: line 131: rootdn is always granted unlimited privileges. Entry (dc=bms,dc=bc,dc=ca): object class 'organizationalUnit' requires attribute 'ou' slapadd: dn="dc=bms,dc=bc,dc=ca" (line=1): (65) object class 'organizationalUnit' requires attribute 'ou' (* NOTE: this is corrected now - Ken^^^^^^^^^^^^^) bmsadmin@LDAP:/root$ sudo rm -rf /var/lib/ldap/* bmsadmin@LDAP:/root$ sudo slapadd -l init.ldif /etc/ldap/slapd.conf: line 114: rootdn is always granted unlimited privileges. /etc/ldap/slapd.conf: line 131: rootdn is always granted unlimited privileges. str2entry: invalid value for attributeType objectClass #1 (syntax 1.3.6.1.4.1.1466.115.121.1.38) slapadd: could not parse entry (line=7) So I opened the source file (ldif): 1: dn: dc=bms,dc=bc,dc=ca 2: objectClass: dcObject 3: objectClass: organizationalUnit 4: dc: bms 5: ou: Bamfield Marine Science Centre 6: 7: dn: cn=admin,dc=bms,dc=bc,dc=ca *****nothing wrong with this line AFAICT 8: objectClass: simpleSecurityObject 9: objectClass: oganizationalRole 10: cn: admin 11: description: LDAP Administrator 12: userPassword: {SSHA}eyYgSORDGFd2CELlAy1fD3JAY+cc/TmR 13: 14: dn: ou=people,dc=bms,dc=bc,dc=ca 15: objectClass: organizationalUnit 16: ou: people 17: 18: dn: ou=groups,dc=bms,dc=bc,dc=ca 19: objectClass: organizationalUnit 20: ou: groups 21: 22:dn: uid=lionel,ou=people,dc=bms,dc=bc,dc=ca -------SNIP--------------------- Other than the domain name, this is an exact copy of: https://help.ubuntu.com/community/OpenLDAPServer Ken </div><div style="font-family: arial,helvetica,sans-serif; font-size: 14pt;"> <div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><hr size="1">From: Andy Boersma <andy@boersma.ca> To: The Canadian Ubuntu Users Community <ubuntu-ca@lists.ubuntu.com> Sent: Friday, March 6, 2009 1:23:46 PM Subject: RE: begging for help <style>  </style> <div class="Section1"> Hi Ken, You are totally correct, documentation sucks huge buckets in LDAP. I had to spend some time figuring it out, from bad examples. Here are working queries, to query active directories. Hope this helps you. Andy 1st Query select sAMAccountName name from ou=ProdUsers, ou=users, ou=city, ou=am, ou=pkg, ou=Prod where objectCategory=user This query gives me a list of users. 2nd Query select sAMAccountName name from ou=ProdUsers, ou=users, ou=city, ou=am, ou=pkg, ou=Prod where objectCategory=user and sAMAccountName=? Using logon-name xmii1admin, lists admin. 3rd Query select name from ou=Groups, ou=xMII-SAP-SFDC, ou=am, ou=pkg, ou=Prod This query lists the groups. 4th Query select name from ou=Groups, ou=xMII-SAP-SFDC, ou=am, ou=pkg, ou=Prod where name=? Given the group xMII_Admin, it finds the group xMII_Admin and lists it. 5th Query select cn FullName, mail EmailAddress1 from ou=ProdUsers, ou=users, ou=city, ou=am, ou=pkg, ou=Prod where sAMAccountName=? Give the user xMII1Admin, it displays the emailaddress and full name of user. 6th Query select cn FullName, mail EmailAddress1 from ou=Groups, ou=xMII-SAP-SFDC, ou=am, ou=pkg, ou=Prod where sAMAccountName=? Give the role/group xMII_Admin it returns the role name, we do not have a e-mail address as part of a group 7th Query select distinguishedName from ou=ProdUsers, ou=users, ou=city, ou=am, ou=pkg, ou=Prod where objectCategory=user and sAMAccountName=? Given the user name xMII1Admin, I get the full DN 8th Query select name from ou=ProdUser, ou=users, ou=City, ou=am, ou=pkg, ou=Prod where objectCategory=group and member=? 9th Query select distinguishedName from ou=ProdUsers, ou=users, ou=city, ou=am, ou=pkg, ou=Prod where objectCategory=group and name=? 10th Query select sAMAccountName name from ou=ProdUsers, ou=users, ou=city, ou=am, ou=pkg, ou=Prod where objectCategory=user and memberOf? <div> <div class="MsoNormal" style="text-align: center;" align="center"> <hr tabindex="-1" align="center" size="2" width="100%"> </div> From: ubuntu-ca-bounces@lists.ubuntu.com [mailto:ubuntu-ca-bounces@lists.ubuntu.com] On Behalf Of Kenneth Hawkins Sent: March-06-09 3:55 PM To: The Canadian Ubuntu Users Community Subject: begging for help </div> <div> <div> Howdy all Anyone here proficient in LDAP? I have been following a tutorial from help.ubuntu.com, but it is wrong somewhere in the syntax, and I cannot find the error. When I contacted the person whose name was attached to the article, he said that all he had done was some minor edit; apparently the last contributor gets listed as author. I have done many long jobs in linux over the years (net install debian & built web servers from source, VM's back when QEMU was the only game, etc) but I have never experienced such a lack of (useful) resources for something which is supposed to be the killer app for enterprise user management.....I am really getting sick & tired of LDAP how-to's/tutorials that NEVER work as described. I have tried at least 6 different versions over the last few months, and NOT A SINGLE ONE works as the author claims. In a couple of cases, when I contacted them directly, I was basically told RTFM or man slapd.....is there some level of arrogance that comes with LDAP proficiency? I have a very basic ubuntu 8.04 LTS server, with up-to-date openldap from repos. The sole purpose of this server is going to be Centralized login, and addressbook. Thanks in advance for any pointers, or even a link to an LDAP howto that actually works...... Ken </div> </div> </div> </div></div></div></body></html>