Setting up LDAP
Dustin Breese
dustin.breese at gmail.com
Thu Sep 11 14:01:55 UTC 2008
Not an ubuntu issue here, but the issue is the way you're using ldapsearch.
You need to specify the BIND dn as well as tell it to use simple authentication.
Example:
$ ldapsearch -H ldap://localhost:389/ -b dc=sdk,dc=bt,dc=com
objectclass=* -D cn=manager,ou=people,dc=sdk,dc=bt,dc=com -W -x
Look at your slapd.conf for the rootdn/pwd.
-Dustin
On Thu, Sep 11, 2008 at 7:28 AM, Michael S. Peek <peek at tiem.utk.edu> wrote:
> Hi guys,
>
> I posted a few days ago w/ a problem re/ LDAP. And I think the root of
> the problem is that I don't know what I'm doing, but I'm trying to
> figure it out.
>
> I installed ldap-auth-config, entering a password when debconf prompted.
>
> I installed slapd, entering the same password when debconf prompted.
>
> I edited /etc/default/slapd thusly:
>> SLAPD_SERVICES="ldap://127.0.0.1:389/ ldap://ldap.my-domain.org:389/
>> ldaps://ldap.my-domain.org:636/ ldapi:///"
>
> I edited /etc/ldap/slapd.conf and set rootdn and rootpw, using
> 'slappasswd -h {md5}' and the same password I entered for the debconf
> prompts above.
>
> I started slapd.
>
> I can run the command:
>> $ ldapsearch -x -b 'dc=my-domain,dc=org' 'objectClass=*' # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=my-domain,dc=org> with scope subtree
>> # filter: objectClass=*
>> # requesting: ALL
>> #
>>
>> # my-domain.org
>> dn: dc=my-domain,dc=org
>> objectClass: top
>> objectClass: dcObject
>> objectClass: organization
>> o: my-domain.org
>> dc: my-domain
>>
>> # admin, my-domain.org
>> dn: cn=admin,dc=my-domain,dc=org
>> objectClass: simpleSecurityObject
>> objectClass: organizationalRole
>> cn: admin
>> description: LDAP administrator
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 3
>> # numEntries: 2
>
> But I get an error when trying to run the command:
>> $ ldapsearch -H ldap://ldap.my-domain.org:389/ -b
>> 'dc=my-domain,dc=org' 'objectClass=*'
>> SASL/DIGEST-MD5 authentication started
>> Please enter your password:
>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
> And entering my password.
>
> I also tried:
>> $ ldapsearch -H ldap://ldap.my-domain.org:389/ -b
>> 'cn=admin,dc=my-domain,dc=org' 'objectClass=*'
>> SASL/DIGEST-MD5 authentication started
>> Please enter your password:
>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>
> In the log files, I see the following:
>> slapd[17861]: conn=2 op=2 BIND dn="" method=163
>> slapd[17861]: SASL [conn=2] Error: unable to open Berkeley db
>> /etc/sasldb2: No such file or directory
>> slapd[17861]: SASL [conn=2] Failure: no secret in database
>> slapd[17861]: conn=2 op=2 RESULT tag=97 err=49 text=SASL(-13): user
>> not found: no secret in database
>
> Why am I seeing this error? Why is ldap trying to verify my password
> against /etc/sasldb2 when I set rootpw in the /etc/ldap/slapd.conf?
>
> Thanks for any help you can give,
>
> Michael
>
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
More information about the ubuntu-users
mailing list