I am trying to get LDAP working on my mail server for both user authentication and addressbook purposes.
I have tried the tutorials on both
http://www.server-world.info/en/note?os=CentOS_7&p=openldap&f=1
and
http://albanianwizard.org/ubuntu-10-0-4-lucid-lynx-ldap-configuration-the-wo...
(The second one is for Ubuntu, but claimed to be a complete and working demo)
However, when I try to last part of each of these tutorials I get the following.
ldapadd -x -D cn=admin,dc=ringways,dc=com -W -f /tmp/dit.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49)
Note: in the server-world one I tried using "dc=ringways,dc=com" as well as leaving it as "dc=server,dc=world" but it didn't seem to make any difference.
After each attempt I reset everything using the following script.
[root@ollie2 ~]# cat reset_ldap.sh #!/bin/bash -x
systemctl stop slapd rpm -e openldap-servers openldap-clients cd /var/lib rm -Rf ldap cd /etc/openldap/ rm -Rf slapd.d/ yum -y install openldap-servers openldap-clients cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG systemctl start slapd slaptest -F /etc/openldap/slapd.d [root@ollie2 ~]#
Do I need to do anything else, as it would appear that there is something I'm missing.
Since posting my first email I have re-generated both the root and Manager passwords and re-run the setup.
I no longer get the "Invalid credentials" error so presumably the problem must have been a cut/paste issue.
I now get the following error. As I am a total newbie to LDAP and don't really know what's going on, I don't know what I need to do to fix it.
[root@ollie2 ~]# ldapadd -x -D cn=Manager,dc=ringways,dc=com -W -f basedomain.ldif Enter LDAP Password: adding new entry "dc=ringways,dc=com" ldap_add: Naming violation (64) additional info: value of single-valued naming attribute 'dc' conflicts with value present in entry [root@ollie2 ~]# cat basedomain.ldif # replace to your own domain name for "dc=***,dc=***" section
dn: dc=ringways,dc=com objectClass: top objectClass: dcObject objectclass: organization o: Ringways dc: Server
dn: cn=Manager,dc=server,dc=world objectClass: organizationalRole cn: Manager description: Directory Manager
dn: ou=People,dc=ringways,dc=com objectClass: organizationalUnit ou: People
dn: ou=Group,dc=ringways,dc=com objectClass: organizationalUnit ou: Group
[root@ollie2 ~]#
Am 27.11.2015 um 16:53 schrieb Gary Stainburn gary@ringways.co.uk:
Since posting my first email I have re-generated both the root and Manager passwords and re-run the setup.
I no longer get the "Invalid credentials" error so presumably the problem must have been a cut/paste issue.
I now get the following error. As I am a total newbie to LDAP and don't really know what's going on, I don't know what I need to do to fix it.
[root@ollie2 ~]# ldapadd -x -D cn=Manager,dc=ringways,dc=com -W -f basedomain.ldif Enter LDAP Password: adding new entry "dc=ringways,dc=com" ldap_add: Naming violation (64) additional info: value of single-valued naming attribute 'dc' conflicts with value present in entry [root@ollie2 ~]# cat basedomain.ldif # replace to your own domain name for "dc=***,dc=***" section
dn: dc=ringways,dc=com objectClass: top objectClass: dcObject objectclass: organization o: Ringways dc: Server
dn: cn=Manager,dc=server,dc=world objectClass: organizationalRole cn: Manager description: Directory Manager
dn: ou=People,dc=ringways,dc=com objectClass: organizationalUnit ou: People
dn: ou=Group,dc=ringways,dc=com objectClass: organizationalUnit ou: Group
# systemctl stop slapd
# slapadd -v -l this-ldif-file
# cat this-ldif-file dn: dc=ringways,dc=com objectClass: dcObject objectclass: organization o: Ringways dc: ringways
# systemctl start slapd
# ldapadd -x -D cn=Manager,dc=ringways,dc=com -W -f the-rest-of-yourfile
-- LF
On Friday 27 November 2015 16:14:32 Leon Fauster wrote:
# systemctl stop slapd
# slapadd -v -l this-ldif-file
# cat this-ldif-file dn: dc=ringways,dc=com objectClass: dcObject objectclass: organization o: Ringways dc: ringways
# systemctl start slapd
# ldapadd -x -D cn=Manager,dc=ringways,dc=com -W -f the-rest-of-yourfile
(Sorry, but I am doing this parrot fashion as I really don't understand LDAP yet)
All of this is taken from the page
http://www.server-world.info/en/note?os=CentOS_7&p=openldap&f=1
and the bit that is failing is the very last step on that page. All I have done is copy the code and files direct from the web page, replacing the two password fields and replacing dc=server,dc=world with dc=ringways,dc=com where required.
[root@ollie2 ~]# slapadd -v -l basedomain.ldif 56588237 The first database does not allow slapadd; using the first available one (2) slapadd: dn="dc=ringways,dc=com" (line=1): (64) value of single-valued naming attribute 'dc' conflicts with value present in entry _####### 39.95% eta none elapsed none spd 1.5 M/s Closing DB... [root@ollie2 ~]# cat basedomain.ldif # replace to your own domain name for "dc=***,dc=***" section
dn: dc=ringways,dc=com objectClass: top objectClass: dcObject objectclass: organization o: Ringways dc: Server
dn: cn=Manager,dc=ringways,dc=com objectClass: organizationalRole cn: Manager description: Directory Manager
dn: ou=People,dc=ringways,dc=com objectClass: organizationalUnit ou: People
dn: ou=Group,dc=ringways,dc=com objectClass: organizationalUnit ou: Group
[root@ollie2 ~]#
Am 27.11.2015 um 17:22 schrieb Gary Stainburn gary@ringways.co.uk:
On Friday 27 November 2015 16:14:32 Leon Fauster wrote:
# systemctl stop slapd
# slapadd -v -l this-ldif-file
# cat this-ldif-file dn: dc=ringways,dc=com objectClass: dcObject objectclass: organization o: Ringways dc: ringways
# systemctl start slapd
# ldapadd -x -D cn=Manager,dc=ringways,dc=com -W -f the-rest-of-yourfile
(Sorry, but I am doing this parrot fashion as I really don't understand LDAP yet)
All of this is taken from the page
http://www.server-world.info/en/note?os=CentOS_7&p=openldap&f=1
and the bit that is failing is the very last step on that page. All I have done is copy the code and files direct from the web page, replacing the two password fields and replacing dc=server,dc=world with dc=ringways,dc=com where required.
[root@ollie2 ~]# slapadd -v -l basedomain.ldif 56588237 The first database does not allow slapadd; using the first available one (2) slapadd: dn="dc=ringways,dc=com" (line=1): (64) value of single-valued naming attribute 'dc' conflicts with value present in entry _####### 39.95% eta none elapsed none spd 1.5 M/s Closing DB... [root@ollie2 ~]# cat basedomain.ldif # replace to your own domain name for "dc=***,dc=***" section
dn: dc=ringways,dc=com objectClass: top objectClass: dcObject objectclass: organization o: Ringways dc: Server
^^^^^ this must be dc: ringways (like in your dn)!
-- LF
On Friday 27 November 2015 17:10:37 Leon Fauster wrote:
dn: dc=ringways,dc=com objectClass: top objectClass: dcObject objectclass: organization o: Ringways dc: Server
^^^^^ this must be dc: ringways (like in your dn)!
It had to be something that simple.
Thanks
On 11/27/2015 08:22 AM, Gary Stainburn wrote:
(Sorry, but I am doing this parrot fashion as I really don't understand LDAP yet)
OK, then let's start with a simple description of what LDAP is. I'd describe it as a directory server. Like your filesystem (a directory tree), it stores information in a named tree structure. Like your filesystem, every entry needs a parent entry in the path. Unlike your filesystem, the base (root) doesn't need to be the shortest name possible. You can use "dc=ringways,dc=com" as a base for your directory, without providing "dc=com" or an entry at "". Also unlike your filesystem, the data in an LDAP entry is structured; while all of the files in your filesystem are essentially blobs of binary data, data stored in LDAP is stored in named attributes of an entry which have rules describing what data is valid, how it should be sorted, and how it should be compared to search filters, etc.
[root@ollie2 ~]# slapadd -v -l basedomain.ldif 56588237 The first database does not allow slapadd; using the first available one (2) slapadd: dn="dc=ringways,dc=com" (line=1): (64) value of single-valued naming attribute 'dc' conflicts with value present in entry
...
dn: dc=ringways,dc=com objectClass: top objectClass: dcObject objectclass: organization o: Ringways dc: Server
A special rule of LDAP is that every entry has an attribute which is implied by its path. In this case, the entry "dc=ringways,dc=com" has an attribute named "dc" whose value is "ringways". You don't need to specify that attribute, but if you do, then it has to match the implied value.
The error is telling you that there is an attribute named "dc", that the rules describing that attribute specify that it is single-valued (you cannot have multiple "dc" attributes, though some attributes do allow that sort of thing), and that you specified a value that conflicts with a value that was already present.
-
Gary Stainburn -
Gordon Messmer -
Leon Fauster