| View previous topic :: View next topic |
| Author |
Message |
MadOtis
Apprentice
Joined: 14 Dec 2002
Posts: 163
Location: Georgia
|
 Posted: Fri Dec 10, 2004 8:31 pm Post subject: LDAP Tool problems with OpenLDAP |
 |
|
Hello all...
I have an odd problem. LDAP won't let me insert or update any users. I have followed both the Official Gentoo LDAP documentation and the one posted at Monkeybox.org. Everything seems to work fine, as in, I can import all of the ldif files, I can query specific users, etc. But, I can't insert new users or edit existing users already in the database. I haven't tried from the command line, because this server will be maintained by an NT system administrator, so I need either Webmin or some other graphical (web-based preferably) tool to allow him to maintain the user repository.
I've tried 2 different tools and get two different errors with each. I've tried directory_administrator with which I can add groups successfully, and when adding a user, I get an "Object class violation" error. If I try to edit a user, directory_administrator segfaults and dies. The other tool I tried was Webmin's LDAP-useradmin tool. I got it configured properly and it lists all the groups and users correctly, but if I try to add a new user (again, I can add groups all day long), I get this error: 'Failed to save user : Failed to add user to LDAP database : no structural object class provided'.
Since I am an LDAP newbie, I am at a loss as to what to do next. Any help woud be GREATLY appreciated!
Oh, I've included my slapd.conf, /etc/ldap.conf, and openldap/ldap.conf for perusal, should it offer any help.
slapd.conf
| Code: |
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
#include /etc/openldap/schema/samba.schema
schemacheck on
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
LogLevel 0
password-hash {crypt}
TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
TLSCACertificateFile /etc/ssl/ldap.pem
access to dn="" by * read
access to *
by self write
by anonymous auth
database ldbm
suffix "dc=company,dc=com"
rootdn "cn=Manager,dc=adp,dc=com"
rootpw {MD5}[password]==
directory /var/lib/openldap-ldbm
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index default sub
lastmod on
access to attribute=userPassword
by dn="cn=root,dc=adp,dc=com" write
by anonymous auth
by self write
by * none
access to *
by dn="cn=root,dc=adp,dc=com" write
by * read
|
/etc/ldap.conf
| Code: |
host 127.0.0.1
base dc=company,dc=com
scope one
pam_filter objectclass=posixaccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd ou=People,dc=company,dc=com?one
nss_base_shadow ou=Prople,dc=company,dc=com?one
nss_base_group ou=Group,dc=company,dc=com?one
ndd_hosts ou=Hosts,dc=company,dc=com?one
pam_password exop
|
/etc/openldap/ldap.conf
| Code: |
BASE dc=company, dc=com
URI ldaps://server:636/
TLS_REQCERT allow
|
Thanks in advance!
Cheers,
Randy |
|
| Back to top |
|
 |
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6837
Location: Blighty
|
| Posted: Fri Dec 10, 2004 9:00 pm Post subject: |
|
|
I had a similar error.
I use phpldapadmin myself, and have to add a new user like so
1) Add a child entry to my users group
2) Select the user template
3) Fill in the blanks!
4) smbpasswd -a foobar at a command prompt to easily apply samba schema |
|
| Back to top |
|
|
MadOtis
Apprentice
Joined: 14 Dec 2002
Posts: 163
Location: Georgia
|
| Posted: Mon Dec 13, 2004 11:08 pm Post subject: |
|
|
Ok, I'm at a loss now... I tried phpldapadmin... it loads fine, but I get one of two error messages:
If I turn TLS off, I get a
| Code: | | "Can't connect to LDAP repository" |
error come up in the left-hand (tree-view) pane. If I turn TLS on, I get this: | Code: | | "Could not start TLS. Please check your LDAP server configuration." |
I'm fairly confident that TLS is configured properly, because, I can connect and see the entries in the repository using directory_administrator.
Any more clues?
Thanks in advance!
Randy |
|
| Back to top |
|
|
tecknojunky
Veteran
Joined: 19 Oct 2002
Posts: 1937
Location: Montréal
|
| Posted: Tue Dec 21, 2004 10:53 pm Post subject: |
|
|
| MadOtis wrote: | If I turn TLS on, I get this: | Code: | | "Could not start TLS. Please check your LDAP server configuration." |
I'm fairly confident that TLS is configured properly, because, I can connect and see the entries in the repository using directory_administrator. |
Same here. tls works fine when using ldap tools (ie ldapsearch, ldapadd, ...), but not with phpldapadmin. I get the same message and I bumped on this thread while looking for a fix.
_________________
(7 of 9) Installing star-trek/species-8.4.7.2::talax. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
