Find the answer to your Linux question:
Results 1 to 3 of 3
Hello, I'm trying to configure a very basic ldap server on a LAN to enable a handful of users to identify on two machines with the same credentials, and ideally ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2010
    Posts
    19

    LDAP configuration for shared users on 2 machines


    Hello,
    I'm trying to configure a very basic ldap server on a LAN to enable a handful of users to identify on two machines with the same credentials, and ideally to navigate in a common directory structure.
    I think I'm supposed to use an ldap server, so started to install openldap on my ubuntu 11.04 desktop.
    I followed instructions found here "How-To set up a LDAP server and its clients | Debian/Ubuntu Tips & Tricks" (sorry, I can't post the url yet apparently. It's the top result if you google it), sudoing most of the steps and changing the DNS domain name for mymachine.my-sub-domain.my-domain.de (the publicly accessible address to my machine).
    Then also changing every debuntu.local of their example to mymachine.my-sub-domain.my-domain.de and dc=debuntu,dc=local to dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de everywhere I can.
    but I'm stuck here when trying to import all my users and groups.
    Code:
    ldapadd -x -W -D "cn=admin,dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de" -f ~/people_group.ldif
    when it asks me for a password. I give the one I entered during the dpkg-reconfigure slapd step and it just says:
    Code:
    ldap_bind: Invalid credentials (49)
    did I do something wrong? did I just forget to edit one file somewhere? I tried to edit the ldap.conf file that I find under /etc/ldap/ but anything I did either made the server unresponsive or just didn't change a thing...

    if I ldapsearch as suggested at one point, it gives me this:
    Code:
    # extended LDIF
    #
    # LDAPv3
    # base <dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de> with scope subtree
    # filter: (objectclass=*)
    # requesting: ALL
    #
    
    # search result
    search: 2
    result: 32 No such object
    
    # numResponses: 1
    I know my understanding of the whole thing is a bit scarse, but I would really like to get that to work... any help will be greatly appreciated!

    Thanks a lot!

  2. #2
    Just Joined!
    Join Date
    Jan 2009
    Posts
    30
    Hi, installing LDAP server is a pretty complicated. I have played a long and long hours before I get it work as expected. At first, I have to say, that I was not installing LDAP for identification of users. It was actually for LDAP addressbook in Evolution. Thus I cannot tell you what is your problem. I can just give some hints, but you have to investigate.

    Take a look at /etc/default/slapd (as it is in my debian distro, hopefully it is the same in ubuntu). If the variable SLAPD_CONF is empty, it means that LDAP server is searching for the configuration in /etc/ldap/slapd.d directory and if it does not exists, then in /etc/ldap/slapd.conf file.

    I think that the configuration in /etc/ldap/slapd.d is preferred. It is modified using ldapadd, ldapmodify, ldapdelete commands. You may read the configuration by command:
    Code:
    sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config
    If you take a look at the directory /etc/ldap/slapd.d you can see that the configuration is hierarchically stored in a series of files and directories under /etc/ldap/slapd.d/cn=config, but it is not advised to modified it directly.

    I guess that the basic structure was created during dpkg-reconfigure and also the database where the information about your admin is stored. Try to read it using:
    Code:
    ldapsearch -x -W -D "cn=admin,dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de" -H ldapi:/// -b "dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de"
    ... here you will be probably prompted for the admin password entered during dpkg-reconfigure.

    Hopefully it will help.

    Balda

  3. #3
    Just Joined!
    Join Date
    Mar 2010
    Posts
    19
    Hello all,
    I found out that I didn't need ldap.
    In case like me you are completely ignorant in the domain, look for "network file system" in google. That's all I needed. It's one of these time when you look for something so trivial that you end up doing complicated stuff, when it can actually be simple...
    Cheers,
    Max

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •