Comments on Install And Configure OpenLDAP On Ubuntu Karmic Koala

Hello

Thanks a lot for this Tutorial

I don't succeed  to add the db Conf into openldap on Karmic

I have this error 

adding new entry "cn=module{0},cn=config"
ldap_add: Naming violation (64)

 First, i thought that it is a problem whith defining objectclass, so i add all the .ldif file located under /etc/ldap/schema

this doesn't work to

do you have an idea about that? 

Thanks a lot 

I just did the tutorial on a fresh install and succeeded while using copy and past from the tutorials without any errors.

Recheck what you are doing /did and please open a forum topic for questions and problems instead of the comment function.

You guys probably forgot to change 'example' to YOURNAME and 'com' to YOURTLD somewhere

My ldif is given below:::::

dn: dc=gmc,dc=com
objectClass: top
objectClass: domain
dc: gmc
 
dn: ou=groups,dc=gmc,dc=com
objectClass: top
objectClass: organizationalUnit
ou: groups
 
dn: ou=people,dc=gmc,dc=com
objectClass: top
objectClass: organizationalUnit
ou: people
 
dn: uid=admin,ou=people,dc=gmc,dc=com
objectClass: top
objectClass: uidObject
objectClass: person
uid: admin
cn: admin
sn: admin
userPassword: secret
 
dn: uid=user1,ou=people,dc=gmc,dc=com
objectClass: top
objectClass: uidObject
objectClass: person
uid: user1
cn: user1
sn: user1
userPassword: 1111
 
dn: uid=user2,ou=people,dc=gmc,dc=com
objectClass: top
objectClass: uidObject
objectClass: person
uid: user2
cn: user2
sn: user2
userPassword: 1234
 
dn: cn=admin,ou=groups,dc=gmc,dc=com
objectClass: top
objectClass: groupOfNames
cn: admin
member: uid=admin,ou=people,dc=gmc,dc=com
 
dn: cn=user,ou=groups,dc=gmc,dc=com
objectClass: top
objectClass: groupOfNames
cn: user
member: uid=admin,ou=people,dc=gmc,dc=com
member: uid=user1,ou=people,dc=gmc,dc=com
member: uid=user2,ou=people,dc=gmc,dc=com
 
dn: cn=billmanager,ou=groups,dc=gmc,dc=com
objectClass: top
objectClass: groupOfNames
cn: billmanager
member: uid=user2,ou=people,dc=gmc,dc=com

like this way which are given for "dc=example dc=com"  is working properly but i want to add above ldif file.If any one Knows How i can do this then please suggest me on here or my mail-id:

[email protected]

please tell me what changes step by step that i have to be made in this example so that my ldif(which are posted above) is added.

Same with me! I have tried the "old" installation tutorial from the ubuntu user wiki. Any idea?

--Guido 

Same problem here (Naming violation)

Why put problem/fixes on a separate/unrelated forum?

Keep the howto and problems and solutions on the same page.

Passware's Windows Key is an easy-to-use tool to gain access into any Windows system if a login password is lost. The software allows you to reset passwords in a matter of minutes - no need to reinstall the system.

Thanks very much for this !
I had the naming error but a :

stop server
aptitude --purge-unused slapd (and all..)
rm /var/lib/ldap/*

and reinstall, solves everything.

Great tutorial. Tried every step but the last one on adding acls fails with the following:

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

It asks for the ldap password and then this error. Can't figure it out and will be grateful for help

Regards

Great Howto ! Excellent. Thank's a lot.

My question is very simple ;o) I do your Howto, all is correct. But, Now i want to do it again with an other DIT, etc. How can do it properly ? I don't want to re-install LDAP!

Before 9.10, we erased /var/lib/ldap, et rewrite slapd.conf but now ? What's the method? Please ;o)

Congratulations for your great tutorial

I have a problem in the last step. When i try to execute ldapmodify, it asks for an LDAP Password.

What is that password

I've been struggling for days trying to get OpenLDAP configured in Karmic, and all the other how-tos are seriously flawed; they never resulted in a working system.  Yours worked, however, and after ldapadding my user ldif, the system functions like it should.  Thanks a million!  You should do something to move this one to the top of the google rankings!

Hi everyone, I am a new to LDAP and I followed everything and when I tried to run : ldapadd -Y EXTERNAL -H ldapi:/// -f db.ldif I ran to this issue: SASL/EXTERNAL authentication started SASL username: gidNumber=1000+uidNumber=1000,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=module{0},cn=config" ldap_add: Insufficient access (50) does anyone know why I am getting this error? I can't proceed cause I get the same error on every step after that I do and at the end I get credential error as well. Thanks

try this

   ldap -x -D cn=config -W -f db.ldif

Would be sweet... even sweeter would be a .deb that you'd just have to install. Yes, I'm lazy. One of the virtues of a programmer/admin ;-)

Thanks! Worked perfectly :) I've been looking for working solution for quite a while - and yours just worked without any tweaking!

If you see:

# ldapmodify -x -D'cn=admin,cn=config' -W -f acl.ldif
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

as requested in #7, it's because you need to specify the LDAP server host. Add the argument "-H ldap://localhost:389" to the ldapmodify line.

Thank you so much for this tutorial! Now if we can get this information on the Ubuntu server guide. It will be great! https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html

 I tried to install slapd before, but slapd has been corrupted. I tried running the above procedure twice. The first time I just "removed" slapd corrupted with synaptic and failed. The second time I "completely removed" and it worked.

The "completely remove" delete the old settings of slapd. It is important in case of reinstall slapd procedure.

Thanks

Finally someone who understands this better than I.  Why cannot we have a simple sql backed directory service is beyond me.

I can't get this to fly on lucid, so I scripted it to facilitate removal && reinstallation.  The script generates the files above with substitution for dc=... and the password, normal and hashed.

Perhaps I missed the obvious somewhere?

I have 2 problems  During the add of config.ldif:

ksmith:/etc/ldap# ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/config.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
ldap_modify: No such attribute (16)
    additional info: modify/delete: olcAuthzRegexp: no such attribute

And during the modify of acl.ldif I get a password request which is evidently not the one I just put in.

Here's the script:

#!/bin/sh
passwd=example
dc1=example
dc2=com
hash_pw=`slappasswd -h "{MD5}" -s $passwd`
tmpdir=/tmp

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif

#
# db.ldif
#
cat <<EOF > $tmpdir/db.ldif
# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: {0}back_hdb

# Create the database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=$dc1,dc=$dc2
olcRootDN: cn=admin,dc=$dc1,dc=$dc2
olcRootPW: $passwd
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
EOF

#
# base.ldif
#
cat <<EOF > $tmpdir/base.ldif
dn: dc=$dc1,dc=$dc2
objectClass: dcObject
objectclass: organization
o: $dc1.$dc2
dc: $dc1
description: My LDAP Root

dn: cn=admin,dc=$dc1,dc=$dc2
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: $hash_pw
description: LDAP administrator
EOF

#
# config.ldif
#
cat <<EOF > $tmpdir/config.ldif
dn: cn=config
changetype: modify
delete: olcAuthzRegexp

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess

dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcRootDN

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: $hash_pw

dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
EOF

#
# acl.ldif
#
cat <<EOF > $tmpdir/acl.ldif
dn: olcDatabase={1}hdb,cn=config
add: olcAccess
olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=$dc1,dc=$dc2" write by anonymous auth by self write by * none
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=$dc1,dc=$dc2" write by * read
EOF

ldapadd -Y EXTERNAL -H ldapi:/// -f $tmpdir/db.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f $tmpdir/base.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f $tmpdir/config.ldif
ldapmodify -x -D cn=admin,cn=config -W -f $tmpdir/acl.ldif

I removed the two deletes that were causing problems from the config.ldif file, so it looks like this:

dn: cn=config
changetype: modify

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {MD5}4GeApBZa2y/PRNbR3x9BHw== 

dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess

I know have slapd up and running and was able to add users and groups.  You can probably do away with those first two lines, but I haven't tested that yet.

Thanks,

This is such a nice tutorial and it worked perfectly for me..

I did fresh Install.

 I included all the schemas in Step 3,  snd completed the db.ldif file, but  when I try to do 'ldapadd -Y EXTERNAL -H idapi:/// -f db.ldif', I get the following  error message:

SASL/EXTERNAL authentication started

SASL username: gidNumber=1000+uidNumber=1000, cn=peercred, cnexternal, cn=auth

SASL SSF: 0

adding new  entry "cn=module{0},cn=config"

ldap_add: Protocol error (2)

            additional info: no attributes provided

 I have rechecked the db.ldif file, and have not noticed an error.  What am I doing wrong? I get the error every time I isuue the command.  What should I do?

Please, help

Run the command as root. External as is defined by AutZRegexp works only for root.

i run the step 3 as root and i get the same error 

Having trouble with LDAP too?  Take an asprin and read this article.  Thankyou so much.  I was having no joy anywhere else.

Did you solve this issue?
I'm having exactly the same problem - reproduced on 2 different fresh installations :(

When I'm executing the last step: "ldapmodify -x -D cn=admin,cn=config -W -f acl.ldif"
it ask's for the LDAP Password. Entering the given password results in
"ldap_bind: Invalid credentials (49)"

Hello I'm Manish from New Delhi

I have installed ubuntu server 11.04 in vmware. I have two user "root" and "manish" having same password 123456.

I have install and configured OpenLDAP in ubuntu server 11.04, (apt-get install slapd openldap-utils)

I entered some entries as followed by tutorials on internet...

I'm getting the search result using following command:-

ldapsearch -W -D cn=admin,dc=tamkor,dc=net -b dc=tamkor,dc=net

Result:-

# extended LDIF
#
# LDAPv3
# base <dc=tamkor,dc=net> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# tamkor.net
dn: dc=tamkor,dc=net
objectClass: top
objectClass: dcObject
objectClass: organization
o: tamkor.net
dc: tamkor

# admin, tamkor.net
dn: cn=admin,dc=tamkor,dc=net
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9SklrMmVmeHlDczVZUDRxZnp4Uk13NW9uV25mVld6WUs=

# people, tamkor.net
dn: ou=people,dc=tamkor,dc=net
objectClass: organizationalUnit
ou: people

# groups, tamkor.net
dn: ou=groups,dc=tamkor,dc=net
objectClass: organizationalUnit
ou: groups
 

# rahul, people, tamkor.net
dn: uid=rahul,ou=people,dc=tamkor,dc=net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: rahul
sn: Sharma
givenName: Rahul
cn: Rahul Sharma
displayName: Rahul Sharma
uidNumber: 2000
gidNumber: 2000
userPassword:: MTIzNDU2Nzg=
gecos: Rahul Sharma
loginShell: /bin/bash
homeDirectory: /home/rahul
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: [email protected]
mobile: 9999999999
title: System User
initials: RS

# hackers, groups, tamkor.net
dn: cn=hackers,ou=groups,dc=tamkor,dc=net
objectClass: posixGroup
cn: hackers
gidNumber: 2000

# search result
search: 2
result: 0 Success

# numResponses: 7
# numEntries: 6

I added a user named Rahul Sharma with a password as 12345678

Now I have some questions regarding to used this ldap server in real world applications

 1. How I configure this openldap server so that I can retrive entries in windows address book. please direct how to configure addressbook as well.

 2. In above configuration i have created a person entry as Rahul Sharma, so is it neccesory to have a local user account of Rahul Sharma in ubuntu in order to login through ssh to this ubuntu server using ldap authentication?...Means is it neccesory that we should have same account of ldap person in our ubuntu linux.?

3.  I know that a uidNumber should be unique for every entry but what about the gid number?

4. I want to configure samba authentications with this openldap server. please instruct the best way to do it.

Thank you.