[Samba] Re: Problems with testing Openldapserver telnet localhost 389

Tony Earnshaw tonye at billy.demon.nl
Wed Jun 8 07:34:31 GMT 2005


ons, 08.06.2005 kl. 03.40 skrev Andreas Bauer:

[...]

> amd:/etc/samba # /usr/bin/ldapadd -h 127.0.0.1 -D 
> "cn=admin,dc=samba,dc=junits" -x -W -f /etc/openldap/example.ldif
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
> 
> I took the rootpw secret. I did an account for admin, too with: smbpasswd -w 
> <secret>. I created also an rootpw with slappasswd.
> 
> Have I also to create an admin account in passwd?

No. /etc/passwd has nothing to do with what you're doing with LDAP.

>  After googlen, there must 
> be a syntax error(ldap_bind: Invalid credentials (49))?

Error 49 (invalid credentials) means that the LDAP user and password
combination you gave is wrong.

> I created a simple example.ldif file:

You have to add the first admin user using the rootdn and rootpw in
slapd.conf. You have to give the admin user sufficient rights, using
carefully chosen ACLS, to do anything with anything in the LDAP DIT. You
haven't done any of this. When the admin user has all of these rights,
you can comment out (or delete) the rootdn and rootpw lines in
slapd.conf.

> dn: dc=samba,dc=junits
> objectclass: dcObject
> objectclass: organization
> o: Example Company
> dc: samba
> 
> dn: cn=admin,dc=samba,dc=junits
> objectclass: organizationalRole
> cn: admin
> 
> slapd.conf:
> 
> database        ldbm
> suffix          "dc=samba,dc=junits"
> rootdn          "cn=admin,dc=samba,dc=junits"
> rootpw            secret
> directory       /var/lib/ldap
> cachesize       40000
> dbcache         60000000
> index           cn,sn,uid,displayName           pres,sub,eq
> index           uidNumber,gidNumber             eq
> index           sambaSID                        eq
> index           sambaPrimaryGroupSID            eq
> index           sambaDomainName                 eq
> index           objectClass                     pres,eq
> index           default                         sub
> access to dn.subtree="dc=samba,dc=junits" attrs=cn
>                  by * =cs break

This ACL is *not* going to work. Use the ACL given in
slapd.conf.default. As  a start, but the following is better to begin
with (taken from the OL Admin Guide):

 24.    access to attr=userPassword
 25.            by self write
 26.            by anonymous auth
 27.            by dn.base="cn=Admin,dc=example,dc=com" write
 28.            by * none
 29.    access to *
 30.            by self write
 31.            by dn.base="cn=Admin,dc=example,dc=com" write
 32.            by * read

--Tonni

-- 
mail: tonye at billy.demon.nl
http://www.billy.demon.nl




More information about the samba mailing list