Comments on: Setting up OpenLDAP on Ubuntu 10.04 Alpha 2 (Lucid) http://www.opinsys.fi/en/setting-up-openldap-on-ubuntu-10-04-alpha2 Supporting learning in schools with Linux Mon, 19 Jul 2010 06:55:08 +0000 hourly 1 By: Fahad http://www.opinsys.fi/en/setting-up-openldap-on-ubuntu-10-04-alpha2#comment-220 Fahad Thu, 15 Jul 2010 11:37:40 +0000 http://www.opinsys.fi/?p=870#comment-220 Hi, every thing is working fine but the problem is i am unable to add users or groups as it is giving me the following error when I try to give command of ldapaddgroup testgroup. However, these commands are already installed on my server and I am trying to add user or group on server side. you must have Openldap client commands installed before running these scripts Hi,

every thing is working fine but the problem is i am unable to add users or groups as it is giving me the following error when I try to give command of ldapaddgroup testgroup. However, these commands are already installed on my server and I am trying to add user or group on server side.

you must have Openldap client commands installed before running these scripts

]]> By: Difference between /etc/ldap.conf vs. /etc/ldap/ldap.conf http://www.opinsys.fi/en/setting-up-openldap-on-ubuntu-10-04-alpha2#comment-219 Difference between /etc/ldap.conf vs. /etc/ldap/ldap.conf Wed, 14 Jul 2010 08:51:08 +0000 http://www.opinsys.fi/?p=870#comment-219 [...] Blue Ice, I have used the following link to configure the ldap server on Ubuntu 10.04 LTS. http://www.opinsys.fi/setting-up-ope...u-10-04-alpha2 and what I did is I created a ldif file of database from old server and copy its contents in [...] [...] Blue Ice, I have used the following link to configure the ldap server on Ubuntu 10.04 LTS. http://www.opinsys.fi/setting-up-ope…u-10-04-alpha2 and what I did is I created a ldif file of database from old server and copy its contents in [...]

]]> By: ^_^ http://www.opinsys.fi/en/setting-up-openldap-on-ubuntu-10-04-alpha2#comment-216 ^_^ Tue, 15 Jun 2010 13:36:35 +0000 http://www.opinsys.fi/?p=870#comment-216 Same problem I think, set my binddn in /etc/nslcd.conf then nslcd -d. Debug when I try to login: nslcd: [7b23c6] DEBUG: ldap_simple_bind_s("uid=read-only,dc=bidcactus,dc=com","*****") (uri="ldaps://ldap1.server.com/") nslcd: [7b23c6] connected to LDAP server ldaps://ldap1.server.com/ nslcd: [7b23c6] ldap_result() failed: No such object nslcd: [7b23c6] "testuser": user not found Strange, because when I use libnss-ldap instead, it binds and can find users with no problem. Same problem I think, set my binddn in /etc/nslcd.conf then nslcd -d.

Debug when I try to login:

nslcd: [7b23c6] DEBUG: ldap_simple_bind_s(“uid=read-only,dc=bidcactus,dc=com”,”*****”) (uri=”ldaps://ldap1.server.com/”)
nslcd: [7b23c6] connected to LDAP server ldaps://ldap1.server.com/
nslcd: [7b23c6] ldap_result() failed: No such object
nslcd: [7b23c6] “testuser”: user not found

Strange, because when I use libnss-ldap instead, it binds and can find users with no problem.

]]> By: zeratul http://www.opinsys.fi/en/setting-up-openldap-on-ubuntu-10-04-alpha2#comment-215 zeratul Fri, 11 Jun 2010 16:24:30 +0000 http://www.opinsys.fi/?p=870#comment-215 Hey, you should add "apt-get install ldapscripts" to you tut! And do i have to use ldapadduser/group on the server to add users? I get error with ldapaddgroup bla Error adding group bla to LDAP on server it says: Unable to read password file, exiting... so i am not able to add groups or users with ldapscripts :( pls help. thx Hey, you should add “apt-get install ldapscripts” to you tut!
And do i have to use ldapadduser/group on the server to add users? I get error with ldapaddgroup bla
Error adding group bla to LDAP
on server it says:
Unable to read password file, exiting…
so i am not able to add groups or users with ldapscripts :(
pls help.
thx

]]> By: Lomik http://www.opinsys.fi/en/setting-up-openldap-on-ubuntu-10-04-alpha2#comment-214 Lomik Sun, 02 May 2010 20:14:21 +0000 http://www.opinsys.fi/?p=870#comment-214 Hello, It seems that i have a similar problem to Marcos and Giorgios. After running 'nslcd -d' and doing 'getent passwd' i get: 'nslcd: [8b4567] DEBUG: connection from pid=27329 uid=1000 gid=1000 nslcd: [8b4567] DEBUG: nslcd_passwd_all() nslcd: [8b4567] DEBUG: myldap_search(base="dc=edu,dc=example,dc=org/", filter="(objectClass=posixAccount)") nslcd: [8b4567] DEBUG: ldap_initialize(ldap://127.0.0.1/) nslcd: [8b4567] DEBUG: ldap_set_rebind_proc() nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [8b4567] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://127.0.0.1/") nslcd: [8b4567] connected to LDAP server ldap://127.0.0.1/ nslcd: [8b4567] ldap_result() failed: No such object' Tried using 'ldapsearch -D uid=testuser,ou=People,dc=edu,dc=example,dc=org -W -x -b dc=edu,dc=example,dc=org' with 'example' as passwd but get: 'ldap_bind: Invalid credentials (49)' And 'ldapsearch -x' gives: '# extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object # numResponses: 1' thx Hello,
It seems that i have a similar problem to Marcos and Giorgios.

After running ‘nslcd -d’ and doing ‘getent passwd’ i get:
‘nslcd: [8b4567] DEBUG: connection from pid=27329 uid=1000 gid=1000
nslcd: [8b4567] DEBUG: nslcd_passwd_all()
nslcd: [8b4567] DEBUG: myldap_search(base=”dc=edu,dc=example,dc=org/”, filter=”(objectClass=posixAccount)”)
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri=”ldap://127.0.0.1/”)
nslcd: [8b4567] connected to LDAP server ldap://127.0.0.1/
nslcd: [8b4567] ldap_result() failed: No such object’

Tried using ‘ldapsearch -D uid=testuser,ou=People,dc=edu,dc=example,dc=org -W -x -b dc=edu,dc=example,dc=org’ with ‘example’ as passwd but get: ‘ldap_bind: Invalid credentials (49)’

And ‘ldapsearch -x’ gives:
‘# extended LDIF
#
# LDAPv3
# base (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1′

thx

]]> By: Giorgio http://www.opinsys.fi/en/setting-up-openldap-on-ubuntu-10-04-alpha2#comment-213 Giorgio Wed, 28 Apr 2010 11:21:56 +0000 http://www.opinsys.fi/?p=870#comment-213 Hello M@rco. I still have problem with this setup. nscd still running. sudo getent passwd works showing the user i created but if i try to ssh with this users i have an auth error. Another problem is that the user creation does not create the home dir. Hello M@rco.
I still have problem with this setup.
nscd still running.
sudo getent passwd works showing the user i created but if i try to ssh with this users i have an auth error.
Another problem is that the user creation does not create the home dir.

]]> By: M@rco http://www.opinsys.fi/en/setting-up-openldap-on-ubuntu-10-04-alpha2#comment-212 M@rco Sun, 25 Apr 2010 00:12:06 +0000 http://www.opinsys.fi/?p=870#comment-212 Hello Giorgio, I think that i have the same problem ! can you give me the complete line you entered in the # The DN to bind with for normal lookups. binddn line ? Thx, Marco Hello Giorgio,
I think that i have the same problem ! can you give me the complete line you entered in the

# The DN to bind with for normal lookups.
binddn

line ?

Thx,
Marco

]]> By: giorgio http://www.opinsys.fi/en/setting-up-openldap-on-ubuntu-10-04-alpha2#comment-211 giorgio Wed, 21 Apr 2010 16:11:27 +0000 http://www.opinsys.fi/?p=870#comment-211 Ok. finally seems to work. I started nslcd with the -d parameter to debug. I had an error in the binddn parameter. I put there the admin dn and password. At next reboot it's seems to work. Should i use anonymous bind ? or is correct to use admin dn? Thanks!!! Giorgio Ok. finally seems to work.
I started nslcd with the -d parameter to debug. I had an error in the binddn parameter.
I put there the admin dn and password.
At next reboot it’s seems to work.
Should i use anonymous bind ? or is correct to use admin dn?
Thanks!!!

Giorgio

]]> By: giorgio http://www.opinsys.fi/en/setting-up-openldap-on-ubuntu-10-04-alpha2#comment-210 giorgio Wed, 21 Apr 2010 15:41:00 +0000 http://www.opinsys.fi/?p=870#comment-210 Hi, Thank you for the response. I can see user in ldap directory. ps -ax return : 2272 ? Ssl 0:00 /usr/sbin/nscd so it's still up and running. my nsswich.conf is : passwd: files ldap group: files ldap shadow: files in nslcd.conf the uri andthebase are correct. I have to stop nscd ? Giorgio Hi,
Thank you for the response.
I can see user in ldap directory.

ps -ax return : 2272 ? Ssl 0:00 /usr/sbin/nscd
so it’s still up and running.

my nsswich.conf is :
passwd: files ldap
group: files ldap
shadow: files

in nslcd.conf the uri andthebase are correct.

I have to stop nscd ?

Giorgio

]]> By: Veli-Matti Lintu http://www.opinsys.fi/en/setting-up-openldap-on-ubuntu-10-04-alpha2#comment-209 Veli-Matti Lintu Wed, 21 Apr 2010 13:22:01 +0000 http://www.opinsys.fi/?p=870#comment-209 First make sure that the user is in the ldap directory. Running "ldapsearch -x" should return it. After that make sure that nscd is not running (ps -ex should not list it). If it's still not working, check the nss settings in /etc/nsswitch.conf and the settings for nslcd that is used by nss-ldapd in /etc/nslcd.conf. The settings to look for are uri and base and they should match your ldap server. I hope that helps! First make sure that the user is in the ldap directory. Running “ldapsearch -x” should return it. After that make sure that nscd is not running (ps -ex should not list it). If it’s still not working, check the nss settings in /etc/nsswitch.conf and the settings for nslcd that is used by nss-ldapd in /etc/nslcd.conf. The settings to look for are uri and base and they should match your ldap server.

I hope that helps!

]]>