HPE Community
Operating System - HP-UX
1827458 Members
5774 Online
109965 Solutions
New Discussion

I have a problem: ldapux and openldap

 
SOLVED
Go to solution
Dm_4
Occasional Advisor

‎11-27-2005 02:23 PM

‎11-27-2005 02:23 PM

I have a problem: ldapux and openldap

I've got two servers:
1. HP-UX B.11.11
J4269AA B.04.00.02 LDAP-UX Integration (ldapclient)
2. Linux RedHat 3.0 AS
openldap-servers-2.0.27-17

ldapux.scheme on ldap server directory was included by my colleague (Linux server administrator). It's file 4016.txt by Bob Neal-Joslin from this forum. When I try executing on hp-ux:
/opt/ldapux/config/setup
After input server name and port number I've got error:
"PFMERR 23: Can't locate the schema definition in Directory Server!"

Could somebody help me please? Do you have any idea?
0 Kudos
Reply
9 REPLIES 9
Bob Neal-Joslin
Trusted Contributor

‎11-28-2005 04:54 AM

‎11-28-2005 04:54 AM

Solution

Re: I have a problem: ldapux and openldap

Hi DM,

The setup tool issues that message when it can't find the subschemasubentry attribute in the rootDSE. LDAP-UX uses the subschemasubentry to find the shcema, and thus determine if the profile schema has been installed.

LDAP-UX uses the following ldapsearch operation to discover the subschemasubentry...

/opt/ldapux/bin/ldapsearch -T -s base -b "" -h \
-p "(objectclass=*)" \
subschemaSubentry supportedldapversion

If you're able to issue the above command and it works (displays the subschemasubentry attribute) then there might be some other possiblities...

1) Did you request to use TLS/SSL in setup? If so, is the /etc/opt/ldapux/cert8.db file set up properly? You can verify by adding the "-Z" and "-P /etc/opt/ldapux" option to the above ldapsearch command.

2) Did you specify ADS or Netscape when identifiying the directory server type when running the setup tool? If you used ADS, try again using Netscape.

3) Double check that the host name and port number specified are correct when running the setup tool.

Hope that helps!

Bob
Reply
Dm_4
Occasional Advisor

‎11-28-2005 05:02 PM

‎11-28-2005 05:02 PM

Re: I have a problem: ldapux and openldap

Thank you Bob!
I report to you:

1) We aren't using SSL on ldap server
2) My choice was Netscape DS. Exactly :)
3) I was checking it

It's my be sound a stupid question, but i'd like to know subschemaSubentry it's parameters of command or...may be the name of subtree ldap directory e.g. my_server1 ?

I executed this command
/opt/ldapux/bin/ldapsearch -T -s base "" -h\ webdevold.vaz.ru -p 3060 "(objectclass=*)"\ subschemaSubentry supportedldapversion

and return code was 0 but nothing could be seen on the screen.

What's next?

P.S. Sorry, I don't want to be boring at all.
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎11-28-2005 06:04 PM

‎11-28-2005 06:04 PM

Re: I have a problem: ldapux and openldap

Can you run the server in debug mode and see the error message in console and post it here ?
You can use # slapd -d

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Dm_4
Occasional Advisor

‎11-28-2005 10:42 PM

‎11-28-2005 10:42 PM

Re: I have a problem: ldapux and openldap

2Arunvijai:
Hello!
As far as I see there there is:

--cut begin--
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=9 active_threads=1 tvp=NULL
do_unbind
--cut end--

What's up?
I attached all output. I hope that you will see more.

Thank you for help me!
0 Kudos
Reply
Bob Neal-Joslin
Trusted Contributor

‎11-29-2005 05:06 AM

‎11-29-2005 05:06 AM

Re: I have a problem: ldapux and openldap

Hi DM,

I apologize for not being an expert on OpenLDAP. I don't recognize those debug messages. Hopefully someone else can reply that knows more. But if not, Here's a couple of things you could try. First, see if it's an ACL problem. Try the search using a directory administrator's ID:

/opt/ldapux/bin/ldapsearch -b "" -s base -h webdevold.vaz.ru -p 3060 -D " -w ""(objectclass=*)" subschemasubentry supportedldapversion

If that doesn't work, just try doing a rootDSE search without the request for the subschema subentry attribute.

/opt/ldapux/bin/ldapsearch -b "" -s base -h webdevold.vaz.ru -p 3060 -D " -w ""(objectclass=*)"
Reply
Dm_4
Occasional Advisor

‎11-30-2005 11:45 PM

‎11-30-2005 11:45 PM

Re: I have a problem: ldapux and openldap

In my view - you are expert :)
Therefore if it possible and you I go on asking.
I executed this command and I got result:
-------begin
ldapsearch: started Thu Dec 1 15:50:29 2005

ldap_init( webdevold.vaz.ru, 3060 )
filter pattern: (objectclass=*)
returning: subschemasubentry supportedldapversion
filter is: (objectclass=*)
version: 1
dn:
supportedLDAPVersion: 2
supportedLDAPVersion: 3
subschemaSubentry: cn=Subschema
1 matches

--------end

But on openldap DS(debug mode) with error:
-------begin
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
....
....
ber_scanf fmt ({aiiiib) ber:
ldap_read: want=1 error=Resource temporarily unavailable
--------end

Also /opt/ldapux/config/setup working not correctly i.e. partly

What's next?

Yours faithfully,
Dm
0 Kudos
Reply
Bob Neal-Joslin
Trusted Contributor

‎12-02-2005 09:28 AM

‎12-02-2005 09:28 AM

Re: I have a problem: ldapux and openldap

Hi DM,

Sorry for a delayed reply. So it sounds like that if you use the administrator DN and password, the ldapsearch command works, and if you don't it doesn't work. I think that would explain the problem, as LDAP-UX assumes that the subschema subentry is not protected by access control instructions.

Just to check, I installed a copy of OpenLDAP 2.2.13 on one of my systems and tested it against LDAP-UX 4.0. I didn't encounter the same problem, in that it was able to verify that the schema was installed.

I don't know anythink about OpenLDAP ACLs, but as a test, you should see if you can modify them so that you can access the root DSE without needing to specify the administrator's DN and password.

Just to confirm, did you see this message when you ran the ldap-ux setup tool, or did it not even get this far...

The LDAP-UX configuration profile schema does not exist in the directory
server at:

webdevold.vaz.ru:3060 = xx.xx.xx.xx:3060

Would you like to extend the schema in this directory server? [Yes]:
Reply
Massimiliano Adamo
Occasional Advisor

‎12-11-2005 02:35 PM

‎12-11-2005 02:35 PM

Re: I have a problem: ldapux and openldap

Hi DM.
I can't help you on the issue with openldap, but may I suggest you using Netscape Directory server?
Openldap doesn't have many function that you'll have on netscape.
First of all, on openldap you cannot setup multimaster replication on openldap and this can be unsafe in many environments.
Netscape has no fee for the license, like openldap.
Secondary the schema, as you probably know, it created automatically by using netscape DS.
One thing more: if you don't have an hp-ux to install netscape, bear in mind that the new Netscape is called RedHat Directory Server.
You can ask you reseller to know if the version for RedHat is free of charge like the one for hp-ux.
hope it helps.
--
Massimiliano.
0 Kudos
Reply
Annie THIBAULT
New Member

‎01-03-2006 09:34 PM

‎01-03-2006 09:34 PM

Re: I have a problem: ldapux and openldap


I have a similar problem with the ldapux client. I work with :

1 - workstation HP client

J4269AA B.04.00.02 LDAP-UX Integration

2 - server openldap 2.3.11 on Rehdat 4.0

When I want to initialise ldapux with ./setup, I have the same message "PFMERR 43: Can't extend LDAP-UX"

And on my server 'slapd' I have the following message :

"slap_global_control: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1 "

Could somebody help me please ?

Thanks
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.