System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Openldap configuration with ldap-ux

Antonio Egea
Advisor

Openldap configuration with ldap-ux


Hello,

I am having some problem configuring an ldapux (HPUX 11.23) client with openldap (redhat)

I am following the guide for doing this but I am having problems adding the profile schema.

This is the a default ldif profile schema I have to add to the RedHat server:

*********************************************

dn: cn=ldapuxprofile, ou=profiles,ou=ldap-ux,dc=acme,dc=com
objectClass: top
objectClass: duaconfigprofile
cn: ldapuxprofile
preferredserverlist: 192.1.1.1:389 192.1.1.2:444
defaultsearchbase: ou=ldap-ux,dc=acme,dc=com
searchtimelimit: 45
bindtimelimit: 5
authenticationmethod: simple
profilettl: 86400
credentiallevel: proxy anonymous
attributemap: passwd:userpassword=*NULL*
attributemap: shadow:userpassword=*NULL*
servicesearchdescriptor: passwd:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=posixaccount)
servicesearchdescriptor: shadow:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=shadowaccount)
servicesearchdescriptor: group:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=posixgroup)
servicesearchdescriptor: pam:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=posixaccount)
servicesearchdescriptor: rpc:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=oncrpc)
servicesearchdescriptor: protocols:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=ipprotocol)
servicesearchdescriptor: networks:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=ipnetwork)
servicesearchdescriptor: hosts:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=iphost)
servicesearchdescriptor: services:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=ipservice)
servicesearchdescriptor: netgroup:ou=ldap-ux,dc=acme,dc=com?sub?(objectclass=nisnetgroup)

********************************************

Could anyone give me a valid suffix at slapd.conf which could work with this profile, with the
dn: cn=ldapuxprofile, ou=profiles,ou=ldap-ux,dc=acme,dc=com?

Thank you in advance
5 REPLIES
Ivan Ferreira
Honored Contributor

Re: Openldap configuration with ldap-ux

>> I am having problems adding the profile schema.

So, your problems is extending the schema?

>>> Could anyone give me a valid suffix at slapd.conf which could work with this profile, with the dn: cn=ldapuxprofile, ou=profiles,ou=ldap-ux,dc=acme,dc=com?

I did not understand that question.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Antonio Egea
Advisor

Re: Openldap configuration with ldap-ux


Yes, sorry Ivan.

The file I posted before was the duaconfig.ldif

I added the schema successfully (duaconfig.schema) with an include at /usr/local/etc/openldap/schema/duaconfig.schema
which works properly when running the /usr/local/libexec/slapd

My slapd.conf file has these relevant lines:

database bdb
suffix "dc=acme,dc=com"
rootdn "cn=Manager,dc=acme,dc=com"
rootpw secret
directory /usr/local/var/openldap-data
index objectClass eq


And I have to do something like:
#ldapadd -x -D "cn=Manager,dc=acme,dc=com" -w secret -f duaconfig.ldif

This returns:
ldap_bind: Invalid credentials(49)

Thank you
Ivan Ferreira
Honored Contributor

Re: Openldap configuration with ldap-ux

ldap_bind: Invalid credentials(49)

That normally means that the password for the BIND DN is not correct.

Try with a simple ldapsearch specifying the DN and password used, same error should be returned.

Are you sure that your DN is "cn=Manager,dc=acme,dc=com" and your password is secret?

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Antonio Egea
Advisor

Re: Openldap configuration with ldap-ux

Hi,

I discovered the problem. The password in the slapd.conf file MUST BE encrypted, if not it will return an Invalid credentials error.

Thank you.
Antonio Egea
Advisor

Re: Openldap configuration with ldap-ux

Read previous post