11
08/10
Ubuntu 10.04 Lucid Lynx ldap configuration – the working how-to
Hi there,
Here at work I use Ubuntu 10.04 lts, and I was trying to configure openldap.
Yes, on the internet are many how-to’s but half write-d and not really tested, but the most important is that none of them seems to really work.
I have reed about the argument online (ubuntu doc’s to – not working), and from many how to’s and now here is the final script for the ldap Ubuntu configuration:
First install with :
#apt-get install slapd ldap-utils
Then create a script ie (touch script.sh) and put the following in.
[cc lang="bash"]
#!/bin/sh
passwd=pleaseeditme
dc1=pleaseeditme
dc2=pleaseeditme
hash_pw=`slappasswd -s $passwd`
tmpdir=/tmp
#————————————————————–#
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
#——————————————————————-#
# database.ldif
#——————————————————————-#
cat << EOF > $tmpdir/database.ldif
# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
# Create directory database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=$dc1,dc=$dc2
olcRootDN: cn=admin,dc=$dc1,dc=$dc2
olcRootPW: $hash_pw
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn=”cn=admin,dc=$dc1,dc=$dc2″ write by anonymous auth by self write by * none
olcAccess: {1}to dn.base=”" by * read
olcAccess: {2}to * by dn=”cn=admin,dc=$dc1,dc=$dc2″ write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
################################
# Modifications
################################
dn: cn=config
changetype: modify
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: $hash_pw
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
EOF
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f $tmpdir/database.ldif
####################################
# Mini DIT
####################################
cat << EOF > $tmpdir/dit.ldif
# Tree root
dn: dc=$dc1,dc=$dc2
objectClass: dcObject
objectclass: organization
o: $dc1.$dc2
dc: $dc1
description: Tree root
# Populating
dn: cn=admin,dc=$dc1,dc=$dc2
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: $hash_pw
description: LDAP administrator
dn: cn=aw,dc=$dc1,dc=$dc2
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: aw
userPassword: $hash_pw
description: LDAP aw
dn: ou=people,dc=$dc1,dc=$dc2
ou: people
objectClass: organizationalUnit
objectClass: top
dn: ou=groups,dc=$dc1,dc=$dc2
ou: groups
objectClass: organizationalUnit
objectClass: top
dn: ou=addressbook,dc=$dc1,dc=$dc2
ou: addressbook
objectClass: top
objectClass: organizationalUnit
#Adding user
dn: uid=ldap1,ou=people,dc=$dc1,dc=$dc2
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: ldap1
sn: Asdasd
givenName: ldap1
cn: ldap1 Asdasd
displayName: ldap1 asdasd
uidNumber: 1002
gidNumber: 1000
userPassword: $hash_pw
gecos: ldap1 asdasd
loginShell: /bin/bash
homeDirectory: /home/ldap1
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: aw@$dc1.$dc2
postalCode: 31000
l: Mysity
o: $dc1
mobile: +33 (0)6 22 22 22 22 22
homePhone: +33 (0)5 33 22 33 22
title: System Administrator
postalAddress:
initials: LP
EOF
sudo ldapadd -x -D cn=admin,dc=$dc1,dc=$dc2 -W -f $tmpdir/dit.ldif
[/cc]
Execute the script with $sh script.sh
If you have problems, want to edit etc, use the following script, it will fully remove and reinstall ldap.
[cc lang="bash"]
#!/bin/sh
aptitude purge slapd ldap-utils
cat /dev/null > /var/log/debug
rm /var/lib/ldap/*
rm -rf /etc/ldap
apt-get install slapd ldap-utils
[/cc]
For testing if all is working fine you should try :
ldapsearch -D cn=admin,dc=yourhost,dc=yourdomain -W -x -b dc=yourhost,dc=yourdomain
Last words, for managing you can use phpldapadmin (it is in the repository).
Then visit your localhost :
http://localhost/phpldapadmin and log-in,
WARNING
1) Bee root when running the script, ldap need’s permissions
2) Use the rm script before running the ldap script, I think you used something else before this, so use the rm script first to clean the way for ldap.
3) Enjoy. And save the time to others as the time was saved for you 
, share it.
Cameron Goble
September 4, 2010
12:39 pm
Oh my god, THANK YOU.
I’ve wrestled with this for two days and your script just worked. I’ll pour over it to see where I went wrong, but in the meantime, it’s nice to have my LDAP server up and running at last.
arditi
September 4, 2010
12:48 pm
No problem
Yes in deed configuring ldap it’s really difficult, it’s just complains all the time, me to spended alot of time trying to make this thing work.
Anyway, it’s working and it’s the final script, with phpldapadmin you also need to edit the configuration file to make it work.
JetDog
September 8, 2010
9:48 pm
Many thanks!
Vinu
September 10, 2010
5:56 am
Excellent.
Thanks
arditi
September 10, 2010
10:56 am
Enjoy
frank
September 22, 2010
6:29 pm
thanks
osterhansi
September 22, 2010
8:34 pm
Thanx man, this script is great work!
arditi
September 23, 2010
8:57 am
Thank you , Enjoy
Eddy Vanderlinden
September 29, 2010
9:32 am
Thanks a lot!!!
Also I struggled for more than a day with the setup.
Your scripts (also the remove) helped me out.
zacky
October 6, 2010
11:14 am
Excellent!. Many thanks!!. It’s a nice work.
arditi
October 8, 2010
1:37 pm
Nice to hear that,
enjoy
sergiu
October 20, 2010
3:35 am
Hi there,
man you are the best, after a lot of time , finally, understood how it is working,
Thank you very much !
Alexandr
October 22, 2010
8:48 am
thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks
Madprops
October 28, 2010
6:21 am
Man, you just saved me so much trouble. The stinking server documentation and ubuntu wiki pages do not work, so I kept digging for answers, fortunately finding your blog. You rock sir, you rock!
arditi
October 28, 2010
5:57 pm
Hello Madprops,
I’m pleased that my how to helped you
Nice to know that.
Regards,
Arditi
Jabes
October 31, 2010
1:27 am
I’ve been looking all over the place and though your script gets kudos from everyone it just doesnt work. When the script runs I get to Enter LDAP Password and I enter the password and it returns ldap_bind: Invalid Credentials (49). Fresh install Ubuntu Server 10.04 with all updates and then install slapd and utils. immediately following that run your script and it fails as indicated. Any clue…been on this now for 3 weeks and still no LDAP server.
Junke1990
October 31, 2010
5:06 pm
Same goes for me, many many thanks!
arditi
November 1, 2010
12:39 am
It’s quite unbelivable for me because for so many people (me to) works.
Any way:
a) Use the Remove script to remove and Install
b) Edit the script (password/dc1/dc2)
c) Check if your typing the right password?
d) Copy and paste well all the script as in the example , yous should note that the space have high impact when we are talking about ldap
jabes
November 1, 2010
8:03 pm
Thanks for taking the time to reply to my posting. While using your script I went through it line by line to fit my environment and when the password issue came up I decided to test the idea that I was typing it wrong and entered an unsecure password of asdf1234 just to test it and with that it continued to fail which is why I made my first post. Since someone else is having the same issue I think its safe to say that LDAP just does not work in Ubuntu which is a HUGE DISAPPOINTMENT considering how fast NIS is falling by the wayside. There is a HUGE need for this in the Ubuntu world and no one knows how to make it work correctly. I have literally followed 143 different links with HOWTO’s and NONE of them have worked. Thanks again for your time…I guess I’ll have to abandon Ubuntu – hate to do it but without this working and no way to get it working after 3 weeks – well that just means Ubuntu now blows chunks!!!
arditi
November 1, 2010
8:23 pm
Well, I first started with openSuse when starting to use linux, I don’t know but…, never liked ubuntu.., yes it’s simple (to use) etc but in the same time to much complex for me to modify and to be at peace with it..
I use arch linux and it’s really good.
I’m sorry that I cannot help you more with this issue, I’m thinking to open up a forum and an no-paste service but I have allot of things to do
jabes
November 1, 2010
10:20 pm
No worries and thanks a million for the follow up!! Top notch!!
Wilo
November 4, 2010
10:17 am
Thanks! I didn’t use the script exactly, but the contents taught me what I needed to know to solve the problems I was facing. Everything working perfectly now on Lucid 10.04LTS
bruno
November 10, 2010
5:24 pm
Thank you very much – Finally a complete working script -
Keep on the good work !
jml
November 12, 2010
4:19 pm
Yes, everybody should say thanks for this script, the only one which is working, after hours of attempts!
I wouldn’t like to abuse, but we would be very interested, by your corrected version of the replica configuration, which doesn’t work either when i follow the Ubuntu 10.04 server guide for LDAP. Or if know where i could found a working script; I spent hours on this problem, and i couldn’t find anything reliable !
when following strictly the doc i get this error:
ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry “olcDatabase={1}hdb,cn=config”
ldap_modify: Insufficient access (50)
Thank again
Roal Arji
November 22, 2010
11:24 am
hi
I have a question, if I want to try this just on my computer, I can just use localhost, replacing
dc = localhost
instead of
dc = example, dc = com
thank you in advance if someone can answerme this question, or tell me how to solve it
bye
arditi
November 22, 2010
8:04 pm
Quite a simple question to answer,
I suggest you to try it your self and see if i is working.
You will never learn without trying.
bye
Andy
December 8, 2010
5:10 am
Thank you so much!!!!
Someguy
December 21, 2010
3:36 am
Thanks for this! The guide is superb! It worked perfectly.
Although the database I am using is an SQL. You wouldn’t happen to know how to configure the LDIF for SQL would you? Just asking.
jabes
December 21, 2010
8:52 am
Can’t thank you enough. Had difficulties the first time I used this guide but a second time and everything worked great! Thanks for your time and effort!! Peace!!
arditi
December 23, 2010
11:41 am
not sure what you mean because LDIF is a standard, but this tool may help you:
http://lsc-project.org/wiki/
@jabes
thank you to buddy
Greg
December 27, 2010
7:08 am
After trawling through numerous websites that were simply wrong I found this. Absolute magic! I need more thumbs to hold up to do you justice.
jani
December 29, 2010
10:03 am
Very useful script. Probably saved me a lot of time.
Thank you.
Qingye Jiang (John)
December 29, 2010
1:15 pm
I just want to say a big thank you for the great work. I have tried numerious tutorials and how-to’s before reading yours. I hope Google could do better by putting your blog as the first search result.
arditi
December 30, 2010
1:57 pm
Thank you for commenting , I really enjoyed your paper “Access USB devices from Java applications” published at IBM
Jorge Carlos
January 12, 2011
5:58 pm
Hey guy, you rock! Thanks!
Daniel
January 26, 2011
3:42 pm
man….. got it working !!!!
tried the ubuntu howto and failed.
In the beginning I got the Invalid Credentials (49) error, too. But realised, that I forgot to sudo the commands.
After reinstall all worked fine.
arditi
February 9, 2011
3:11 pm
Thanks for the comments
John
February 9, 2011
10:01 pm
Just thought I’d post that the only problem I had with this script (initially, at least — still pending further review) was the “cat / EOF” syntax used to build the two files in /tmp.
This didn’t work for me until I change the line:
cat < $tmpdir/database.ldif
to read:
cat < $tmpdir/database.ldif
(note I’m not pointing out the obvious issue with the HTML escape of <, but rather the cat / EOF syntax).
Otherwise thanks for the extra HOWTO — I also found the Ubuntu 10.04 one to be lacking in clarity and possibly correctness.
John
February 9, 2011
10:06 pm
Er, that was supposed to read changing:
cat < $tmpdir/database.ldif
to
cat << EOF > $tmpdir/database.ldif
arditi
February 10, 2011
9:17 pm
Hi John,
modification applied
I hate wordpres for the HTML escape errors :/
MSS Lasers Ltd
February 13, 2011
8:10 am
Funny, reading these comments. And it’s quite long. I’ve followed this link from an Ubuntu forum — the one that’s hit page one of goolge, even now. So this is a big deal in ubuntu and other distros.
I managed to install openldap successfully in DEBIAN “Lenny” — why does nobody thought of using Debian — I mean, openLDAP is a server and Debian is by far the most stable distro when it comes to servers (my opinion). Granted a little behind of current versions but I don’t think openLDAP has changed that much. My reference is a book by Carla Schroeder, Linux Networking Cookbook, 2007.
So if you have spare computers or you can run virtual machines. I suggest you try Debian, of which ubuntu is a derivative, for installing and testing servers.
Thanks for the this how to, though. Had to install openldap on an ubuntu computer for testing and this should shave off some time trouble shooting the install process.
Thanks!
sagan
February 13, 2011
8:45 am
Thanks for this script. Just wondering if we can incorporate TLS.
Cheers
arditi
February 15, 2011
5:38 pm
@MSS Lasers
yes I like Debian, it’s great for servers and I like Debian philosophy , but currently I’m using arch linux, it’s just THE operating system.
From time to time you guys can suggest modification etc, I’m happy that my script helped allot of people , most of them afraid to make a comment (joking
).
Thanks all.
WizardFan
March 13, 2011
11:39 am
Hi wizard,
Thanks for the great script! I’ve adapted it some to include the installation step, add some more progress info and avoid the hardcoded password. Please see below:
[cc lang="BASH"]
#!/bin/sh
#Script to install slapd/openldap on Ubuntu/Debian Squeeze
# run as root. No sudo used as this must run on stock Debian, too
# Improvements/changes from Albanian Wizard’s original:
# http://albanianwizard.org/ubuntu-10-0-4-lucid-lynx-ldap-configuration-the-working-how-to.albanianwizard
# – No longer uses sudo so it can run on stock Debians, too
# – This script will try to import duplicate values in schemas and users
# so we use ldapadd -c to continue on errors.
# – Password not hardcoded
# – Some progress messages
# – Password no longer asked when adding DIT
# – No longer insert an aw user in the root of the tree.
# – Test of LDAP contents, thanks Jack:
#passwd=somehardcodedpassword
echo “Give the LDAP Administrator password (for now we use the same for all LDAP users config)”
echo “Warning: the password will be shown on-screen. Also, don’t use spaces in the password”
read passwd
echo “Enter the password again:”
read passwdcheck
if test “$passwd” != “$passwdcheck”
then
echo “Passwords don’t match. Aborting.”
exit 13
fi
#First domain component:
dc1=local
#second dc:
dc2=lan
#If dc1=example, dc2=org, you get example.org
tmpdir=/tmp
#Install ldap first:
aptitude install -y slapd ldap-utils
#Create password hash for use in LDIFs:
hash_pw=`slappasswd -s $passwd`
#————————————————————–#
# Add schemas so we can support various uses. You could add samba, too
#core schema is inserted by default:
echo “Adding schemas:”
#ldapadd -c -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/core.ldif
ldapadd -c -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -c -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -c -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
#ldapadd -c -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
#——————————————————————-#
# database.ldif
#——————————————————————-#
echo “Setting up configuration database:”
cat < $tmpdir/database.ldif
# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
# Create directory database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=$dc1,dc=$dc2
olcRootDN: cn=admin,dc=$dc1,dc=$dc2
olcRootPW: $hash_pw
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn=”cn=admin,dc=$dc1,dc=$dc2″ write by anonymous auth by self write by * none
olcAccess: {1}to dn.base=”" by * read
olcAccess: {2}to * by dn=”cn=admin,dc=$dc1,dc=$dc2″ write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM:
olcDbConfig: {0}set_cachesize 0 2097152 0
# Number of objects that can be locked at the same time.
olcDbConfig: {1}set_lk_max_objects 1500
# Number of locks (both requested and granted)
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
#Indexing on these fields:
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
################################
# Modifications
################################
dn: cn=config
changetype: modify
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: $hash_pw
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
EOF
ldapadd -c -Y EXTERNAL -H ldapi:/// -f $tmpdir/database.ldif
####################################
# Mini DIT
####################################
echo “Setting up a small directory tree:”
cat < $tmpdir/dit.ldif
# Tree root
dn: dc=$dc1,dc=$dc2
objectClass: dcObject
objectclass: organization
o: $dc1.$dc2
dc: $dc1
description: Tree root
# Populating
dn: cn=admin,dc=$dc1,dc=$dc2
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: $hash_pw
description: LDAP administrator
#We DON’T need an Albanian wizard in our LDAP
#dn: cn=aw,dc=$dc1,dc=$dc2
#objectClass: simpleSecurityObject
#objectClass: organizationalRole
#cn: aw
#userPassword: $hash_pw
#description: LDAP aw
dn: ou=people,dc=$dc1,dc=$dc2
ou: people
objectClass: organizationalUnit
objectClass: top
dn: ou=groups,dc=$dc1,dc=$dc2
ou: groups
objectClass: organizationalUnit
objectClass: top
dn: ou=addressbook,dc=$dc1,dc=$dc2
ou: addressbook
objectClass: top
objectClass: organizationalUnit
description: Addressbook for email programs etc
#Adding user
dn: uid=ldap1,ou=people,dc=$dc1,dc=$dc2
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: ldap1
sn: Asdasd
givenName: ldap1
cn: ldap1 Asdasd
displayName: ldap1 asdasd
uidNumber: 1002
gidNumber: 1000
userPassword: $hash_pw
gecos: ldap1 asdasd
loginShell: /bin/bash
homeDirectory: /home/ldap1
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: aw@$dc1.$dc2
postalCode: 31000
l: Mycity
o: $dc1
mobile: +33 (0)6 22 22 22 22 22
homePhone: +33 (0)5 33 22 33 22
title: System Administrator
postalAddress:
initials: LP
EOF
ldapadd -c -x -D cn=admin,dc=$dc1,dc=$dc2 -w $passwd -f $tmpdir/dit.ldif
#test for success:
echo “Testing by listing all objects in the LDAP:”
ldapsearch -x -h localhost -b “dc=$dc1,dc=$dc2″ “(objectClass=*)”
[/cc]
arditi
March 13, 2011
2:08 pm
Hi, putted the script in
tags.
thanks for the improvement, ps - I'm not a wizard, - read the about
Thanks again for the script,
Arditi.
WizardFan
March 15, 2011
8:56 am
Nice about
One thing about the script that bugs me is that you get a Debian configure prompt asking for the LDAP admin password. I’ve looked into debian configure stuff to see if you can assign this in advance but I haven’t seen anything obvious.
Any tips? This would help in creating an unattended install. Of course, I could go crazy and learn to use puppet or chef but what’s the fun in that
arditi
March 16, 2011
3:23 pm
what about:
ldapsearch -y file Read password from file
it will read the password from a file, you can modify your script to create an temporary file to put in the password and than remove it just after the scripts finish running.
let me know
masfia
March 25, 2011
4:54 pm
Hi!
Thanks for this excellent script!
But I have a question for you…
Does exist a GUI to modify the openldap ACL (i.e. olcAccess directive)?
arditi
March 25, 2011
8:22 pm
Hi ,
you’r welcome,
not to bee “to geek” but when it’s about openldap CLI and an editor is prefered, I tried in the past many GUI softwares that did not work. Anyway for more question I suggest to subscribe to openldap mailinglist.
Nobody know more about openldap than his developpers.
arditi
March 25, 2011
8:29 pm
@WizardFan,
I edited the link of ghacks as the guy didn’t mention the author;
line 91 + ; on his pastebin paste:
—
dn: cn=aw,dc=$dc1,dc=$dc2
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: aw
userPassword: $hash_pw
description: LDAP aw
—
Anyway.
Bobuntu
April 11, 2011
6:46 pm
Hi everybody,
thanks for the create script.
It|s nearly working for me.
But, there is one point, where I have to enter the LDAP password. > invalid credentials!
Is there any default password for openldap?
I haven\t set any password yet. Just a password to logon to Ubuntu.
Bob
Bobuntu
April 11, 2011
6:49 pm
Sorry guys,
I got it!
I couldn|t see the forest anymore, because there were so much trees.
Create work. I appreciate it.
I spent hours with problems. With your script it was so easy
Bob
Bob
Bobuntu
April 11, 2011
6:59 pm
I don|t get it.
When I have to enter the LDAP password for the script it works.
But when I have to enter the password for the search, it doesn|t work > invalid credentials?
Please help
arditi
April 11, 2011
9:17 pm
Once you get Ldap UP, use some tool to manage it, it’s better
or learn to use properly LDAP command line.
Bobuntu
April 16, 2011
2:19 pm
I|d like to use a tool to setup and configure OpenLDAP. Do you know one, which is free
Thank you in advance
Bobuntu
April 17, 2011
6:14 am
I got a decent solution for me. It|s called OpenDS. A perfect software which is great for my testing purposes. Since it is Java based I can even use it in my Windows world.
Over and out
arditi
April 17, 2011
8:33 pm
Yes, OpenDS is good to, notice in the first post I suggested phpldapadmin, but there are many tools out there.
shiv saxena
April 21, 2011
4:54 am
sir,
you are a genius. i am pretty amazed and went over the scripts,your tutorial saved mine life. thanks a ton.
Alex
December 14, 2011
3:49 pm
Still no luck after running the scripts. I get stock when running the configuration script , it ask for
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I wrote :
passwd=mypassword
dc1=mydomain
dc2=local
What I’m doing wrong ? Please help SOS !!
Alex
December 14, 2011
4:29 pm
Hi Bobuntu, I’m having the same error of invalid password. Could you please tell me how you sort it out ?
Thanks in advance
Alex
December 14, 2011
4:39 pm
Jabes did you got some luck at any point ? I’m stuck in the same problem. Invalid password !!!!
Alex
December 14, 2011
8:30 pm
Wilo how do you get it working in Ubuntu 10.04 ? coud you share your configuration ?
m0ps
December 27, 2011
7:57 am
2 Alex
Check quotes in script when copy/paste
Help
January 13, 2012
5:46 pm
I’m having the same problem that bobubuntu and the others including Alex are having. I can’t either the original or the “Wizard” script to work. I get the “invalid credentials (49)” or the error 50 invalid credentials….
Bobubuntu said he fixed it on the “second time around”, but never said what he did…
I’m using Ubuntu 10.04.r3
Here is the output from the “WizardFan” script: (Any suggestions?)
root@001:/home/sysmanager# sh script1.sh
script1.sh: 1: [cc: not found
“Warning: the password will be shown on-screen. Also, don’t use spaces in the password”
test
“Enter the password again:”
test
Reading package lists… Done
Building dependency tree
Reading state information… Done
Reading extended state information
Initializing package states… Done
Writing extended state information… Done
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B of archives. After unpacking 0B will be used.
Writing extended state information… Done
Reading package lists… Done
Building dependency tree
Reading state information… Done
Reading extended state information
Initializing package states… Done
“Adding schemas:”
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=cosine,cn=schema,cn=config”
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=inetorgperson,cn=schema,cn=config”
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=nis,cn=schema,cn=config”
“Setting up configuration database:”
# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
# Create directory database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=test,dc=com
olcRootDN: cn=admin,dc=test,dc=com
olcRootPW: {SSHA}vcUy1laKQnb8jKttofXM/4F0x75Of3yB
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn=”cn=admin,dc=test,dc=com″ write by anonymous auth by self write by * none
olcAccess: {1}to dn.base=”” by * read
olcAccess: {2}to * by dn=”cn=admin,dc=test,dc=com″ write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
################################
# Modifications
################################
dn: cn=config
changetype: modify
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}vcUy1laKQnb8jKttofXM/4F0x75Of3yB
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
script1.sh: 55: dn:: not found
script1.sh: 56: objectClass:: not found
script1.sh: 57: cn:: not found
script1.sh: 58: olcModulePath:: not found
script1.sh: 59: olcModuleLoad:: not found
script1.sh: 62: dn:: not found
script1.sh: 63: objectClass:: not found
script1.sh: 64: objectClass:: not found
script1.sh: 65: olcDatabase:: not found
script1.sh: 66: olcDbDirectory:: not found
script1.sh: 67: olcSuffix:: not found
script1.sh: 68: olcRootDN:: not found
script1.sh: 69: olcRootPW:: not found
script1.sh: 70: olcAccess:: not found
script1.sh: 71: olcAccess:: not found
script1.sh: 72: olcAccess:: not found
script1.sh: 73: olcLastMod:: not found
script1.sh: 74: olcDbCheckpoint:: not found
script1.sh: 77: olcDbConfig:: not found
script1.sh: 79: olcDbConfig:: not found
script1.sh: 81: olcDbConfig:: not found
script1.sh: 82: olcDbConfig:: not found
script1.sh: 84: olcDbIndex:: not found
script1.sh: 85: olcDbIndex:: not found
script1.sh: 86: olcDbIndex:: not found
script1.sh: 91: dn:: not found
script1.sh: 92: changetype:: not found
script1.sh: 94: dn:: not found
script1.sh: 95: changetype:: not found
script1.sh: 96: delete:: not found
script1.sh: 98: dn:: not found
script1.sh: 99: changetype:: not found
script1.sh: 100: add:: not found
script1.sh: 101: olcRootDN:: not found
script1.sh: 103: dn:: not found
script1.sh: 104: changetype:: not found
script1.sh: 105: add:: not found
script1.sh: 106: olcRootPW:: not found
script1.sh: 108: dn:: not found
script1.sh: 109: changetype:: not found
script1.sh: 110: delete:: not found
script1.sh: 111: EOF: not found
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=module{0},cn=config”
adding new entry “olcDatabase={1}hdb,cn=config”
ldap_add: Other (e.g., implementation specific) error (80)
additional info: handler exited with 1
modifying entry “cn=config”
modifying entry “olcDatabase={-1}frontend,cn=config”
modifying entry “olcDatabase={0}config,cn=config”
modifying entry “olcDatabase={0}config,cn=config”
modifying entry “olcDatabase={0}config,cn=config”
“Setting up a small directory tree:”
# Tree root
dn: dc=test,dc=com
objectClass: dcObject
objectclass: organization
o: test.com
dc: test
description: Tree root
# Populating
dn: cn=admin,dc=test,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: {SSHA}vcUy1laKQnb8jKttofXM/4F0x75Of3yB
description: LDAP administrator
dn: cn=aw,dc=test,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: aw
userPassword: {SSHA}vcUy1laKQnb8jKttofXM/4F0x75Of3yB
description: LDAP aw
dn: ou=people,dc=test,dc=com
ou: people
objectClass: organizationalUnit
objectClass: top
dn: ou=groups,dc=test,dc=com
ou: groups
objectClass: organizationalUnit
objectClass: top
dn: ou=addressbook,dc=test,dc=com
ou: addressbook
objectClass: top
objectClass: organizationalUnit
#Adding user
dn: uid=ldap1,ou=people,dc=test,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: ldap1
sn: Asdasd
givenName: ldap1
cn: ldap1 Asdasd
displayName: ldap1 asdasd
uidNumber: 1002
gidNumber: 1000
userPassword: {SSHA}vcUy1laKQnb8jKttofXM/4F0x75Of3yB
gecos: ldap1 asdasd
loginShell: /bin/bash
homeDirectory: /home/ldap1
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: aw@test.com
postalCode: 31000
l: Mysity
o: test
mobile: +33 (0)6 22 22 22 22 22
homePhone: +33 (0)5 33 22 33 22
title: System Administrator
postalAddress:
initials: LP
script1.sh: 120: dn:: not found
script1.sh: 121: objectClass:: not found
script1.sh: 122: objectclass:: not found
script1.sh: 123: o:: not found
script1.sh: 124: dc:: not found
script1.sh: 125: description:: not found
script1.sh: 128: dn:: not found
script1.sh: 129: objectClass:: not found
script1.sh: 130: objectClass:: not found
script1.sh: 131: cn:: not found
script1.sh: 132: userPassword:: not found
script1.sh: 133: description:: not found
script1.sh: 143: dn:: not found
script1.sh: 144: ou:: not found
script1.sh: 145: objectClass:: not found
script1.sh: 146: objectClass:: not found
script1.sh: 148: dn:: not found
script1.sh: 149: ou:: not found
script1.sh: 150: objectClass:: not found
script1.sh: 151: objectClass:: not found
script1.sh: 153: dn:: not found
script1.sh: 154: ou:: not found
script1.sh: 155: objectClass:: not found
script1.sh: 156: objectClass:: not found
script1.sh: 157: description:: not found
script1.sh: 160: dn:: not found
script1.sh: 161: objectClass:: not found
script1.sh: 162: objectClass:: not found
script1.sh: 163: objectClass:: not found
script1.sh: 164: uid:: not found
script1.sh: 165: sn:: not found
script1.sh: 166: givenName:: not found
script1.sh: 167: cn:: not found
script1.sh: 168: displayName:: not found
script1.sh: 169: uidNumber:: not found
script1.sh: 170: gidNumber:: not found
script1.sh: 171: userPassword:: not found
script1.sh: 172: gecos:: not found
script1.sh: 173: loginShell:: not found
script1.sh: 174: homeDirectory:: not found
script1.sh: 175: shadowExpire:: not found
script1.sh: 176: shadowFlag:: not found
script1.sh: 177: shadowWarning:: not found
script1.sh: 178: shadowMin:: not found
script1.sh: 179: shadowMax:: not found
script1.sh: 180: shadowLastChange:: not found
script1.sh: 181: mail:: not found
script1.sh: 182: postalCode:: not found
script1.sh: 183: l:: not found
script1.sh: 184: o:: not found
script1.sh: 185: Syntax error: “(” unexpected
root@001:/home/sysmanager#
Help
January 13, 2012
5:50 pm
Also, the script sets up the server right? Anyone know what has to be done to the clients to use the server to authenticate against?
Thanks
“Help”
Help
January 18, 2012
9:46 pm
Is this website still active?
Help
January 18, 2012
11:14 pm
These two lines need to be fixed to get the second script to work:
cat < $tmpdir/database.ldif
to
cat < $tmpdir/database.ldif
and
cat < $tmpdir/dit.ldif
to
cat < $tmpdir/dit.ldif
But I still have the Invalid Credentials (49) from the ldap_bind at the very bottom of the script, followed by and error on this line:
ldapsearch -x -h localhost -b “dc=$dc1,dc=$dc2″ “(objectClass=*)”
which is: Syntax error: “(” unexpected
I tried removing both of the parenthesis, but that didn’t work.
Still needing help….
Help
January 19, 2012
8:26 pm
I got it!!!!!
It’s the “quotes”!!!!!!
The quotes are screwing up everything!!!!!
The only thing that should have the “Curved” quotes around it is the if statement at the beginning to check the password.
Everything else should have the quotes that are parallel to each other and NOT bent!!!!!
It works now!
Smoke_Nguyen
February 21, 2012
8:40 am
Hi Alex!
I have same your error and I modify the line “passwd=mypassword” to “read passwd”. it’s work!
Thanks for great scrip!
Kashif
April 1, 2012
7:37 am
This article is good.
Masfia, there is a GUI available called LdapBrowser (its a java based program)…
Ben
April 11, 2012
2:17 pm
Im getting this error every time i use the script to run slapd configurations:
adding new entry “cn=module{0},cn=config”
ldap_add: Naming violation (64)
I have written the script word by word but i can’t get around this problem.
(i tried other websites having similar howto’s but all in vain)
Its_a_joke
April 13, 2012
6:15 am
This script simply doesn’t work on Ubuntu 10.4 Lucid Lynx, period!!
Like many others, I am consistently getting ldap_bind: Invalid credentials (49) error.
The page header mentions these instructions are for Ubuntu 10.4, then are all these people, including myself, crazy? Or are these instructions a cruel joke. Just like how horrible OpenLDAP is…?
Arditi – Although I appreciate ur effort for putting this page together, but since so many people are seeing the same issue, the explanation works-for-me doesn’t go too far. Sorry, but needless to say, I am a bit disappointed …
someguy
April 19, 2012
3:27 am
cat < $tmpdir/database.ldif
cat < $tmpdir/dit.ldif
someguy
April 19, 2012
3:35 am
The original script worked excellent, but the enhancements made it perfect!
Thanks:
– albanianwizard
– Arditi
– Wizardfan
someguy
April 20, 2012
8:47 am
@Its_a_joke
I have a 10.04 Lucid and it works(perfectly) for me. Don’t copy all of it by the letter, dude. Some of it, you can/must edit. Oh, the quotes (”), as Help said, are formatted(or some other character…?) so you need to replace it with the plain keyboard quote (“) to work as a script.
Arditi
April 21, 2012
10:29 pm
Hi guys,
I do not handle anymore this blog for time issue and for changing direction in life, (a good change
) and the blog is handled by one of my friends (thanks) just to keep the work online, however the template changed and most plugins are not anymore installed so by copying the script you may have some problems, so don’t doubt my job, I tried hard until I make it work (everytime) you just need to copy correctly , to run as root , and to
*****USE****** the remove script before running mine.
Check the comments, for almost all it works, so for a sec, stop complaining and dedicate 2 minutes of reading carefully and try understanding how it works.
Thanks goes to anybody who contributed and it’s contributing to this thread.
Arditi.
Ave
May 3, 2012
5:47 pm
I have adjusted the script (the quotes) and added the read passwd part. The script looks like http://pastebin.com/Fhb2ruFp but still does not work (Ubuntu 12.04 fresh install). I got the following log http://pastebin.com/s6SPK6db especially:
adding new entry “cn=module{0},cn=config”
ldap_add: Naming violation (64)
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I tried both passwords, even used the same in the script and initial slapd install. Could you please pastebin a wokring script, or say what is wrong with this one?
Kind regards,
Ave
Fred
June 30, 2012
4:19 pm
Thanks a lot, it works fine. Using Ubuntu 10.04. For those who think it doesn’t work, do a search replace for the double quotes when you copy/paste. The formatting of this website means that the quotes are not Linux friendly. If you change the quotes for ‘regular’ quotes then you’ll be fine