LDAP configuration for shared users on 2 machines

[dnacombo]

Hello,
I'm trying to configure a very basic ldap server on a LAN to enable a handful of users to identify on two machines with the same credentials, and ideally to navigate in a common directory structure.
I think I'm supposed to use an ldap server, so started to install openldap on my ubuntu 11.04 desktop.
I followed instructions found here "How-To set up a LDAP server and its clients | Debian/Ubuntu Tips & Tricks" (sorry, I can't post the url yet apparently. It's the top result if you google it), sudoing most of the steps and changing the DNS domain name for mymachine.my-sub-domain.my-domain.de (the publicly accessible address to my machine).
Then also changing every debuntu.local of their example to mymachine.my-sub-domain.my-domain.de and dc=debuntu,dc=local to dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de everywhere I can.
but I'm stuck here when trying to import all my users and groups.

Code:

ldapadd -x -W -D "cn=admin,dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de" -f ~/people_group.ldif

when it asks me for a password. I give the one I entered during the dpkg-reconfigure slapd step and it just says:

Code:

ldap_bind: Invalid credentials (49)

did I do something wrong? did I just forget to edit one file somewhere? I tried to edit the ldap.conf file that I find under /etc/ldap/ but anything I did either made the server unresponsive or just didn't change a thing...

if I ldapsearch as suggested at one point, it gives me this:

Code:

# extended LDIF
#
# LDAPv3
# base <dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

I know my understanding of the whole thing is a bit scarse, but I would really like to get that to work... any help will be greatly appreciated!

Thanks a lot!

[Balda]

Hi, installing LDAP server is a pretty complicated. I have played a long and long hours before I get it work as expected. At first, I have to say, that I was not installing LDAP for identification of users. It was actually for LDAP addressbook in Evolution. Thus I cannot tell you what is your problem. I can just give some hints, but you have to investigate.

Take a look at /etc/default/slapd (as it is in my debian distro, hopefully it is the same in ubuntu). If the variable SLAPD_CONF is empty, it means that LDAP server is searching for the configuration in /etc/ldap/slapd.d directory and if it does not exists, then in /etc/ldap/slapd.conf file.

I think that the configuration in /etc/ldap/slapd.d is preferred. It is modified using ldapadd, ldapmodify, ldapdelete commands. You may read the configuration by command:

Code:

sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config

If you take a look at the directory /etc/ldap/slapd.d you can see that the configuration is hierarchically stored in a series of files and directories under /etc/ldap/slapd.d/cn=config, but it is not advised to modified it directly.

I guess that the basic structure was created during dpkg-reconfigure and also the database where the information about your admin is stored. Try to read it using:

Code:

ldapsearch -x -W -D "cn=admin,dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de" -H ldapi:/// -b "dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de"

... here you will be probably prompted for the admin password entered during dpkg-reconfigure.

Hopefully it will help.

Balda

[dnacombo]

Hello all,
I found out that I didn't need ldap.
In case like me you are completely ignorant in the domain, look for "network file system" in google. That's all I needed. It's one of these time when you look for something so trivial that you end up doing complicated stuff, when it can actually be simple...
Cheers,
Max