[Samba] Re: Problems with testing Openldapserver telnet
localhost 389
Tony Earnshaw
tonye at billy.demon.nl
Wed Jun 8 07:34:31 GMT 2005
ons, 08.06.2005 kl. 03.40 skrev Andreas Bauer:
[...]
> amd:/etc/samba # /usr/bin/ldapadd -h 127.0.0.1 -D
> "cn=admin,dc=samba,dc=junits" -x -W -f /etc/openldap/example.ldif
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> I took the rootpw secret. I did an account for admin, too with: smbpasswd -w
> <secret>. I created also an rootpw with slappasswd.
>
> Have I also to create an admin account in passwd?
No. /etc/passwd has nothing to do with what you're doing with LDAP.
> After googlen, there must
> be a syntax error(ldap_bind: Invalid credentials (49))?
Error 49 (invalid credentials) means that the LDAP user and password
combination you gave is wrong.
> I created a simple example.ldif file:
You have to add the first admin user using the rootdn and rootpw in
slapd.conf. You have to give the admin user sufficient rights, using
carefully chosen ACLS, to do anything with anything in the LDAP DIT. You
haven't done any of this. When the admin user has all of these rights,
you can comment out (or delete) the rootdn and rootpw lines in
slapd.conf.
> dn: dc=samba,dc=junits
> objectclass: dcObject
> objectclass: organization
> o: Example Company
> dc: samba
>
> dn: cn=admin,dc=samba,dc=junits
> objectclass: organizationalRole
> cn: admin
>
> slapd.conf:
>
> database ldbm
> suffix "dc=samba,dc=junits"
> rootdn "cn=admin,dc=samba,dc=junits"
> rootpw secret
> directory /var/lib/ldap
> cachesize 40000
> dbcache 60000000
> index cn,sn,uid,displayName pres,sub,eq
> index uidNumber,gidNumber eq
> index sambaSID eq
> index sambaPrimaryGroupSID eq
> index sambaDomainName eq
> index objectClass pres,eq
> index default sub
> access to dn.subtree="dc=samba,dc=junits" attrs=cn
> by * =cs break
This ACL is *not* going to work. Use the ACL given in
slapd.conf.default. As a start, but the following is better to begin
with (taken from the OL Admin Guide):
24. access to attr=userPassword
25. by self write
26. by anonymous auth
27. by dn.base="cn=Admin,dc=example,dc=com" write
28. by * none
29. access to *
30. by self write
31. by dn.base="cn=Admin,dc=example,dc=com" write
32. by * read
--Tonni
--
mail: tonye at billy.demon.nl
http://www.billy.demon.nl
More information about the samba
mailing list