Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    LDAP configuration for shared users on 2 machines

    I'm trying to configure a very basic ldap server on a LAN to enable a handful of users to identify on two machines with the same credentials, and ideally to navigate in a common directory structure.
    I think I'm supposed to use an ldap server, so started to install openldap on my ubuntu 11.04 desktop.
    I followed instructions found here "How-To set up a LDAP server and its clients | Debian/Ubuntu Tips & Tricks" (sorry, I can't post the url yet apparently. It's the top result if you google it), sudoing most of the steps and changing the DNS domain name for (the publicly accessible address to my machine).
    Then also changing every debuntu.local of their example to and dc=debuntu,dc=local to dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de everywhere I can.
    but I'm stuck here when trying to import all my users and groups.
    ldapadd -x -W -D "cn=admin,dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de" -f ~/people_group.ldif
    when it asks me for a password. I give the one I entered during the dpkg-reconfigure slapd step and it just says:
    ldap_bind: Invalid credentials (49)
    did I do something wrong? did I just forget to edit one file somewhere? I tried to edit the ldap.conf file that I find under /etc/ldap/ but anything I did either made the server unresponsive or just didn't change a thing...

    if I ldapsearch as suggested at one point, it gives me this:
    # extended LDIF
    # LDAPv3
    # base <dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de> with scope subtree
    # filter: (objectclass=*)
    # requesting: ALL
    # search result
    search: 2
    result: 32 No such object
    # numResponses: 1
    I know my understanding of the whole thing is a bit scarse, but I would really like to get that to work... any help will be greatly appreciated!

    Thanks a lot!

  2. #2
    Hi, installing LDAP server is a pretty complicated. I have played a long and long hours before I get it work as expected. At first, I have to say, that I was not installing LDAP for identification of users. It was actually for LDAP addressbook in Evolution. Thus I cannot tell you what is your problem. I can just give some hints, but you have to investigate.

    Take a look at /etc/default/slapd (as it is in my debian distro, hopefully it is the same in ubuntu). If the variable SLAPD_CONF is empty, it means that LDAP server is searching for the configuration in /etc/ldap/slapd.d directory and if it does not exists, then in /etc/ldap/slapd.conf file.

    I think that the configuration in /etc/ldap/slapd.d is preferred. It is modified using ldapadd, ldapmodify, ldapdelete commands. You may read the configuration by command:
    sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config
    If you take a look at the directory /etc/ldap/slapd.d you can see that the configuration is hierarchically stored in a series of files and directories under /etc/ldap/slapd.d/cn=config, but it is not advised to modified it directly.

    I guess that the basic structure was created during dpkg-reconfigure and also the database where the information about your admin is stored. Try to read it using:
    ldapsearch -x -W -D "cn=admin,dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de" -H ldapi:/// -b "dc=mymachine,dc=my-sub-domain,dc=my-domain,dc=de"
    ... here you will be probably prompted for the admin password entered during dpkg-reconfigure.

    Hopefully it will help.


  3. #3
    Hello all,
    I found out that I didn't need ldap.
    In case like me you are completely ignorant in the domain, look for "network file system" in google. That's all I needed. It's one of these time when you look for something so trivial that you end up doing complicated stuff, when it can actually be simple...


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts