topic Re: Openldap configuration with ldap-ux in Operating System - Linux

Openldap configuration with ldap-ux

Antonio Egea — Wed, 25 Jun 2008 11:39:36 GMT

Hello,

I am having some problem configuring an ldapux (HPUX 11.23) client with openldap (redhat)

I am following the guide for doing this but I am having problems adding the profile schema.

This is the a default ldif profile schema I have to add to the RedHat server:

*********************************************

dn: cn=ldapuxprofile, ou=profiles,ou=ldap-ux,dc=acme,dc=com
objectClass: top
objectClass: duaconfigprofile
cn: ldapuxprofile
preferredserverlist: 192.1.1.1:389 192.1.1.2:444
defaultsearchbase: ou=ldap-ux,dc=acme,dc=com
searchtimelimit: 45
bindtimelimit: 5
authenticationmethod: simple
profilettl: 86400
credentiallevel: proxy anonymous
attributemap: passwd:userpassword=*NULL*
attributemap: shadow:userpassword=*NULL*
servicesearchdescriptor: passwd:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=posixaccount)
servicesearchdescriptor: shadow:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=shadowaccount)
servicesearchdescriptor: group:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=posixgroup)
servicesearchdescriptor: pam:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=posixaccount)
servicesearchdescriptor: rpc:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=oncrpc)
servicesearchdescriptor: protocols:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=ipprotocol)
servicesearchdescriptor: networks:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=ipnetwork)
servicesearchdescriptor: hosts:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=iphost)
servicesearchdescriptor: services:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=ipservice)
servicesearchdescriptor: netgroup:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=nisnetgroup)

********************************************

Could anyone give me a valid suffix at slapd.conf which could work with this profile, with the
dn: cn=ldapuxprofile, ou=profiles,ou=ldap-ux,dc=acme,dc=com?

Thank you in advance

Re: Openldap configuration with ldap-ux

Ivan Ferreira — Wed, 25 Jun 2008 12:56:12 GMT

>> I am having problems adding the profile schema.

So, your problems is extending the schema?

>>> Could anyone give me a valid suffix at slapd.conf which could work with this profile, with the dn: cn=ldapuxprofile, ou=profiles,ou=ldap-ux,dc=acme,dc=com?

I did not understand that question.

Re: Openldap configuration with ldap-ux

Antonio Egea — Thu, 26 Jun 2008 06:29:06 GMT

Yes, sorry Ivan.

The file I posted before was the duaconfig.ldif

I added the schema successfully (duaconfig.schema) with an include at /usr/local/etc/openldap/schema/duaconfig.schema
which works properly when running the /usr/local/libexec/slapd

My slapd.conf file has these relevant lines:

database bdb
suffix "dc=acme,dc=com"
rootdn "cn=Manager,dc=acme,dc=com"
rootpw secret
directory /usr/local/var/openldap-data
index objectClass eq

And I have to do something like:
#ldapadd -x -D "cn=Manager,dc=acme,dc=com" -w secret -f duaconfig.ldif

This returns:
ldap_bind: Invalid credentials(49)

Thank you

Re: Openldap configuration with ldap-ux

Ivan Ferreira — Thu, 26 Jun 2008 13:09:00 GMT

ldap_bind: Invalid credentials(49)

That normally means that the password for the BIND DN is not correct.

Try with a simple ldapsearch specifying the DN and password used, same error should be returned.

Are you sure that your DN is "cn=Manager,dc=acme,dc=com" and your password is secret?

Re: Openldap configuration with ldap-ux

Antonio Egea — Wed, 02 Jul 2008 10:48:41 GMT

Hi,

I discovered the problem. The password in the slapd.conf file MUST BE encrypted, if not it will return an Invalid credentials error.

Thank you.

Re: Openldap configuration with ldap-ux

Antonio Egea — Wed, 02 Jul 2008 10:49:23 GMT

Read previous post