Hi there,
Here at work I use Ubuntu 10.04 lts, and I was trying to configure openldap.
Yes, on the internet are many how-to’s but half write-d and not really tested, but the most important is that none of them seems to really work.
I have reed about the argument online (ubuntu doc’s to – not working), and from many how to’s and now here is the final script for the ldap Ubuntu configuration:
First install with :
#apt-get install slapd ldap-utils
Then create a script ie (touch script.sh) and put the following in.
[cc lang="bash"]
#!/bin/sh
passwd=pleaseeditme
dc1=pleaseeditme
dc2=pleaseeditme
hash_pw=`slappasswd -s $passwd`
tmpdir=/tmp
#————————————————————–#
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
#——————————————————————-#
# database.ldif
#——————————————————————-#
cat << EOF > $tmpdir/database.ldif
# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
# Create directory database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=$dc1,dc=$dc2
olcRootDN: cn=admin,dc=$dc1,dc=$dc2
olcRootPW: $hash_pw
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn=”cn=admin,dc=$dc1,dc=$dc2″ write by anonymous auth by self write by * none
olcAccess: {1}to dn.base=”" by * read
olcAccess: {2}to * by dn=”cn=admin,dc=$dc1,dc=$dc2″ write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
################################
# Modifications
################################
dn: cn=config
changetype: modify
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: $hash_pw
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
EOF
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f $tmpdir/database.ldif
####################################
# Mini DIT
####################################
cat << EOF > $tmpdir/dit.ldif
# Tree root
dn: dc=$dc1,dc=$dc2
objectClass: dcObject
objectclass: organization
o: $dc1.$dc2
dc: $dc1
description: Tree root
# Populating
dn: cn=admin,dc=$dc1,dc=$dc2
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: $hash_pw
description: LDAP administrator
dn: cn=aw,dc=$dc1,dc=$dc2
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: aw
userPassword: $hash_pw
description: LDAP aw
dn: ou=people,dc=$dc1,dc=$dc2
ou: people
objectClass: organizationalUnit
objectClass: top
dn: ou=groups,dc=$dc1,dc=$dc2
ou: groups
objectClass: organizationalUnit
objectClass: top
dn: ou=addressbook,dc=$dc1,dc=$dc2
ou: addressbook
objectClass: top
objectClass: organizationalUnit
#Adding user
dn: uid=ldap1,ou=people,dc=$dc1,dc=$dc2
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: ldap1
sn: Asdasd
givenName: ldap1
cn: ldap1 Asdasd
displayName: ldap1 asdasd
uidNumber: 1002
gidNumber: 1000
userPassword: $hash_pw
gecos: ldap1 asdasd
loginShell: /bin/bash
homeDirectory: /home/ldap1
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: aw@$dc1.$dc2
postalCode: 31000
l: Mysity
o: $dc1
mobile: +33 (0)6 22 22 22 22 22
homePhone: +33 (0)5 33 22 33 22
title: System Administrator
postalAddress:
initials: LP
EOF
sudo ldapadd -x -D cn=admin,dc=$dc1,dc=$dc2 -W -f $tmpdir/dit.ldif
[/cc]
Execute the script with $sh script.sh
If you have problems, want to edit etc, use the following script, it will fully remove and reinstall ldap.
[cc lang="bash"]
#!/bin/sh
aptitude purge slapd ldap-utils
cat /dev/null > /var/log/debug
rm /var/lib/ldap/*
rm -rf /etc/ldap
apt-get install slapd ldap-utils
[/cc]
For testing if all is working fine you should try :
ldapsearch -D cn=admin,dc=yourhost,dc=yourdomain -W -x -b dc=yourhost,dc=yourdomain
Last words, for managing you can use phpldapadmin (it is in the repository).
Then visit your localhost :
http://localhost/phpldapadmin and log-in,
WARNING
1) Bee root when running the script, ldap need’s permissions
2) Use the rm script before running the ldap script, I think you used something else before this, so use the rm script first to clean the way for ldap.
3) Enjoy. And save the time to others as the time was saved for you 
, share it.
Revisions
- 10 February, 2011 @ 21:15 [Current Revision] by Admir
- 14 December, 2011 @ 18:17 [Autosave] by Admir
- 9 February, 2011 @ 15:09 by Admir
- 11 August, 2010 @ 16:19 by Admir
- 11 August, 2010 @ 16:16 by Admir
- 11 August, 2010 @ 12:05 by Admir
- 11 August, 2010 @ 12:04 by Admir
- 11 August, 2010 @ 12:01 by Admir
Oh my god, THANK YOU.
I’ve wrestled with this for two days and your script just worked. I’ll pour over it to see where I went wrong, but in the meantime, it’s nice to have my LDAP server up and running at last.
No problem
Yes in deed configuring ldap it’s really difficult, it’s just complains all the time, me to spended alot of time trying to make this thing work.
Anyway, it’s working and it’s the final script, with phpldapadmin you also need to edit the configuration file to make it work.
Many thanks!
Excellent.
Thanks
Enjoy
thanks
Thanx man, this script is great work!
Thank you , Enjoy
Thanks a lot!!!
Also I struggled for more than a day with the setup.
Your scripts (also the remove) helped me out.
Excellent!. Many thanks!!. It’s a nice work.
Nice to hear that,
enjoy
Hi there,
man you are the best, after a lot of time , finally, understood how it is working,
Thank you very much !
thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks thanks
Man, you just saved me so much trouble. The stinking server documentation and ubuntu wiki pages do not work, so I kept digging for answers, fortunately finding your blog. You rock sir, you rock!
Hello Madprops,
I’m pleased that my how to helped you
Nice to know that.
Regards,
Arditi
I’ve been looking all over the place and though your script gets kudos from everyone it just doesnt work. When the script runs I get to Enter LDAP Password and I enter the password and it returns ldap_bind: Invalid Credentials (49). Fresh install Ubuntu Server 10.04 with all updates and then install slapd and utils. immediately following that run your script and it fails as indicated. Any clue…been on this now for 3 weeks and still no LDAP server.
Same goes for me, many many thanks!
It’s quite unbelivable for me because for so many people (me to) works.
Any way:
a) Use the Remove script to remove and Install
b) Edit the script (password/dc1/dc2)
c) Check if your typing the right password?
d) Copy and paste well all the script as in the example , yous should note that the space have high impact when we are talking about ldap
Thanks for taking the time to reply to my posting. While using your script I went through it line by line to fit my environment and when the password issue came up I decided to test the idea that I was typing it wrong and entered an unsecure password of asdf1234 just to test it and with that it continued to fail which is why I made my first post. Since someone else is having the same issue I think its safe to say that LDAP just does not work in Ubuntu which is a HUGE DISAPPOINTMENT considering how fast NIS is falling by the wayside. There is a HUGE need for this in the Ubuntu world and no one knows how to make it work correctly. I have literally followed 143 different links with HOWTO’s and NONE of them have worked. Thanks again for your time…I guess I’ll have to abandon Ubuntu – hate to do it but without this working and no way to get it working after 3 weeks – well that just means Ubuntu now blows chunks!!!
Jabes did you got some luck at any point ? I’m stuck in the same problem. Invalid password !!!!
Well, I first started with openSuse when starting to use linux, I don’t know but…, never liked ubuntu.., yes it’s simple (to use) etc but in the same time to much complex for me to modify and to be at peace with it..
I use arch linux and it’s really good.
I’m sorry that I cannot help you more with this issue, I’m thinking to open up a forum and an no-paste service but I have allot of things to do
No worries and thanks a million for the follow up!! Top notch!!
Thanks! I didn’t use the script exactly, but the contents taught me what I needed to know to solve the problems I was facing. Everything working perfectly now on Lucid 10.04LTS
Wilo how do you get it working in Ubuntu 10.04 ? coud you share your configuration ?
Thank you very much – Finally a complete working script -
Keep on the good work !
Yes, everybody should say thanks for this script, the only one which is working, after hours of attempts!
I wouldn’t like to abuse, but we would be very interested, by your corrected version of the replica configuration, which doesn’t work either when i follow the Ubuntu 10.04 server guide for LDAP. Or if know where i could found a working script; I spent hours on this problem, and i couldn’t find anything reliable !
when following strictly the doc i get this error:
ldapadd -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry “olcDatabase={1}hdb,cn=config”
ldap_modify: Insufficient access (50)
Thank again
hi
I have a question, if I want to try this just on my computer, I can just use localhost, replacing
dc = localhost
instead of
dc = example, dc = com
thank you in advance if someone can answerme this question, or tell me how to solve it
bye
Quite a simple question to answer,
I suggest you to try it your self and see if i is working.
You will never learn without trying.
bye
Thank you so much!!!!
Thanks for this! The guide is superb! It worked perfectly.
Although the database I am using is an SQL. You wouldn’t happen to know how to configure the LDIF for SQL would you? Just asking.
Can’t thank you enough. Had difficulties the first time I used this guide but a second time and everything worked great! Thanks for your time and effort!! Peace!!
not sure what you mean because LDIF is a standard, but this tool may help you:
http://lsc-project.org/wiki/
@jabes
thank you to buddy
After trawling through numerous websites that were simply wrong I found this. Absolute magic! I need more thumbs to hold up to do you justice.
Very useful script. Probably saved me a lot of time.
Thank you.
I just want to say a big thank you for the great work. I have tried numerious tutorials and how-to’s before reading yours. I hope Google could do better by putting your blog as the first search result.
Thank you for commenting , I really enjoyed your paper “Access USB devices from Java applications” published at IBM
Hey guy, you rock! Thanks!
man….. got it working !!!!
tried the ubuntu howto and failed.
In the beginning I got the Invalid Credentials (49) error, too. But realised, that I forgot to sudo the commands.
After reinstall all worked fine.
Thanks for the comments
Just thought I’d post that the only problem I had with this script (initially, at least — still pending further review) was the “cat / EOF” syntax used to build the two files in /tmp.
This didn’t work for me until I change the line:
cat < $tmpdir/database.ldif
to read:
cat < $tmpdir/database.ldif
(note I’m not pointing out the obvious issue with the HTML escape of <, but rather the cat / EOF syntax).
Otherwise thanks for the extra HOWTO — I also found the Ubuntu 10.04 one to be lacking in clarity and possibly correctness.
Er, that was supposed to read changing:
cat < $tmpdir/database.ldif
to
cat << EOF > $tmpdir/database.ldif
Hi John,
modification applied
I hate wordpres for the HTML escape errors :/
Funny, reading these comments. And it’s quite long. I’ve followed this link from an Ubuntu forum — the one that’s hit page one of goolge, even now. So this is a big deal in ubuntu and other distros.
I managed to install openldap successfully in DEBIAN “Lenny” — why does nobody thought of using Debian — I mean, openLDAP is a server and Debian is by far the most stable distro when it comes to servers (my opinion). Granted a little behind of current versions but I don’t think openLDAP has changed that much. My reference is a book by Carla Schroeder, Linux Networking Cookbook, 2007.
So if you have spare computers or you can run virtual machines. I suggest you try Debian, of which ubuntu is a derivative, for installing and testing servers.
Thanks for the this how to, though. Had to install openldap on an ubuntu computer for testing and this should shave off some time trouble shooting the install process.
Thanks!
Thanks for this script. Just wondering if we can incorporate TLS.
Cheers
@MSS Lasers
yes I like Debian, it’s great for servers and I like Debian philosophy , but currently I’m using arch linux, it’s just THE operating system.
From time to time you guys can suggest modification etc, I’m happy that my script helped allot of people , most of them afraid to make a comment (joking
).
Thanks all.
Hi wizard,
Thanks for the great script! I’ve adapted it some to include the installation step, add some more progress info and avoid the hardcoded password. Please see below:
[cc lang="BASH"]
#!/bin/sh
#Script to install slapd/openldap on Ubuntu/Debian Squeeze
# run as root. No sudo used as this must run on stock Debian, too
# Improvements/changes from Albanian Wizard’s original:
# http://albanianwizard.org/ubuntu-10-0-4-lucid-lynx-ldap-configuration-the-working-how-to.albanianwizard
# – No longer uses sudo so it can run on stock Debians, too
# – This script will try to import duplicate values in schemas and users
# so we use ldapadd -c to continue on errors.
# – Password not hardcoded
# – Some progress messages
# – Password no longer asked when adding DIT
# – No longer insert an aw user in the root of the tree.
# – Test of LDAP contents, thanks Jack:
#passwd=somehardcodedpassword
echo “Give the LDAP Administrator password (for now we use the same for all LDAP users config)”
echo “Warning: the password will be shown on-screen. Also, don’t use spaces in the password”
read passwd
echo “Enter the password again:”
read passwdcheck
if test “$passwd” != “$passwdcheck”
then
echo “Passwords don’t match. Aborting.”
exit 13
fi
#First domain component:
dc1=local
#second dc:
dc2=lan
#If dc1=example, dc2=org, you get example.org
tmpdir=/tmp
#Install ldap first:
aptitude install -y slapd ldap-utils
#Create password hash for use in LDIFs:
hash_pw=`slappasswd -s $passwd`
#————————————————————–#
# Add schemas so we can support various uses. You could add samba, too
#core schema is inserted by default:
echo “Adding schemas:”
#ldapadd -c -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/core.ldif
ldapadd -c -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -c -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -c -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
#ldapadd -c -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
#——————————————————————-#
# database.ldif
#——————————————————————-#
echo “Setting up configuration database:”
cat < $tmpdir/database.ldif
# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
# Create directory database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=$dc1,dc=$dc2
olcRootDN: cn=admin,dc=$dc1,dc=$dc2
olcRootPW: $hash_pw
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn=”cn=admin,dc=$dc1,dc=$dc2″ write by anonymous auth by self write by * none
olcAccess: {1}to dn.base=”" by * read
olcAccess: {2}to * by dn=”cn=admin,dc=$dc1,dc=$dc2″ write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM:
olcDbConfig: {0}set_cachesize 0 2097152 0
# Number of objects that can be locked at the same time.
olcDbConfig: {1}set_lk_max_objects 1500
# Number of locks (both requested and granted)
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
#Indexing on these fields:
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
################################
# Modifications
################################
dn: cn=config
changetype: modify
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: $hash_pw
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
EOF
ldapadd -c -Y EXTERNAL -H ldapi:/// -f $tmpdir/database.ldif
####################################
# Mini DIT
####################################
echo “Setting up a small directory tree:”
cat < $tmpdir/dit.ldif
# Tree root
dn: dc=$dc1,dc=$dc2
objectClass: dcObject
objectclass: organization
o: $dc1.$dc2
dc: $dc1
description: Tree root
# Populating
dn: cn=admin,dc=$dc1,dc=$dc2
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: $hash_pw
description: LDAP administrator
#We DON’T need an Albanian wizard in our LDAP
#dn: cn=aw,dc=$dc1,dc=$dc2
#objectClass: simpleSecurityObject
#objectClass: organizationalRole
#cn: aw
#userPassword: $hash_pw
#description: LDAP aw
dn: ou=people,dc=$dc1,dc=$dc2
ou: people
objectClass: organizationalUnit
objectClass: top
dn: ou=groups,dc=$dc1,dc=$dc2
ou: groups
objectClass: organizationalUnit
objectClass: top
dn: ou=addressbook,dc=$dc1,dc=$dc2
ou: addressbook
objectClass: top
objectClass: organizationalUnit
description: Addressbook for email programs etc
#Adding user
dn: uid=ldap1,ou=people,dc=$dc1,dc=$dc2
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: ldap1
sn: Asdasd
givenName: ldap1
cn: ldap1 Asdasd
displayName: ldap1 asdasd
uidNumber: 1002
gidNumber: 1000
userPassword: $hash_pw
gecos: ldap1 asdasd
loginShell: /bin/bash
homeDirectory: /home/ldap1
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: aw@$dc1.$dc2
postalCode: 31000
l: Mycity
o: $dc1
mobile: +33 (0)6 22 22 22 22 22
homePhone: +33 (0)5 33 22 33 22
title: System Administrator
postalAddress:
initials: LP
EOF
ldapadd -c -x -D cn=admin,dc=$dc1,dc=$dc2 -w $passwd -f $tmpdir/dit.ldif
#test for success:
echo “Testing by listing all objects in the LDAP:”
ldapsearch -x -h localhost -b “dc=$dc1,dc=$dc2″ “(objectClass=*)”
[/cc]
Hi, putted the script in
tags.
thanks for the improvement, ps - I'm not a wizard, - read the about
Thanks again for the script,
Arditi.
Nice about
One thing about the script that bugs me is that you get a Debian configure prompt asking for the LDAP admin password. I’ve looked into debian configure stuff to see if you can assign this in advance but I haven’t seen anything obvious.
Any tips? This would help in creating an unattended install. Of course, I could go crazy and learn to use puppet or chef but what’s the fun in that
what about:
ldapsearch -y file Read password from file
it will read the password from a file, you can modify your script to create an temporary file to put in the password and than remove it just after the scripts finish running.
let me know
Hi!
Thanks for this excellent script!
But I have a question for you…
Does exist a GUI to modify the openldap ACL (i.e. olcAccess directive)?
Hi ,
you’r welcome,
not to bee “to geek” but when it’s about openldap CLI and an editor is prefered, I tried in the past many GUI softwares that did not work. Anyway for more question I suggest to subscribe to openldap mailinglist.
Nobody know more about openldap than his developpers.
@WizardFan,
I edited the link of ghacks as the guy didn’t mention the author;
line 91 + ; on his pastebin paste:
—
dn: cn=aw,dc=$dc1,dc=$dc2
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: aw
userPassword: $hash_pw
description: LDAP aw
—
Anyway.
Hi everybody,
thanks for the create script.
It|s nearly working for me.
But, there is one point, where I have to enter the LDAP password. > invalid credentials!
Is there any default password for openldap?
I haven\t set any password yet. Just a password to logon to Ubuntu.
Bob
Sorry guys,
I got it!
I couldn|t see the forest anymore, because there were so much trees.
Create work. I appreciate it.
I spent hours with problems. With your script it was so easy
Bob
Bob
Hi Bobuntu, I’m having the same error of invalid password. Could you please tell me how you sort it out ?
Thanks in advance
I don|t get it.
When I have to enter the LDAP password for the script it works.
But when I have to enter the password for the search, it doesn|t work > invalid credentials?
Please help
Once you get Ldap UP, use some tool to manage it, it’s better
or learn to use properly LDAP command line.
I|d like to use a tool to setup and configure OpenLDAP. Do you know one, which is free
Thank you in advance
I got a decent solution for me. It|s called OpenDS. A perfect software which is great for my testing purposes. Since it is Java based I can even use it in my Windows world.
Over and out
Yes, OpenDS is good to, notice in the first post I suggested phpldapadmin, but there are many tools out there.
sir,
you are a genius. i am pretty amazed and went over the scripts,your tutorial saved mine life. thanks a ton.
Still no luck after running the scripts. I get stock when running the configuration script , it ask for
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I wrote :
passwd=mypassword
dc1=mydomain
dc2=local
What I’m doing wrong ? Please help SOS !!
2 Alex
Check quotes in script when copy/paste
I’m having the same problem that bobubuntu and the others including Alex are having. I can’t either the original or the “Wizard” script to work. I get the “invalid credentials (49)” or the error 50 invalid credentials….
Bobubuntu said he fixed it on the “second time around”, but never said what he did…
I’m using Ubuntu 10.04.r3
Here is the output from the “WizardFan” script: (Any suggestions?)
root@001:/home/sysmanager# sh script1.sh
script1.sh: 1: [cc: not found
“Warning: the password will be shown on-screen. Also, don’t use spaces in the password”
test
“Enter the password again:”
test
Reading package lists… Done
Building dependency tree
Reading state information… Done
Reading extended state information
Initializing package states… Done
Writing extended state information… Done
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B of archives. After unpacking 0B will be used.
Writing extended state information… Done
Reading package lists… Done
Building dependency tree
Reading state information… Done
Reading extended state information
Initializing package states… Done
“Adding schemas:”
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=cosine,cn=schema,cn=config”
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=inetorgperson,cn=schema,cn=config”
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=nis,cn=schema,cn=config”
“Setting up configuration database:”
# Load dynamic backend modules
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
# Create directory database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=test,dc=com
olcRootDN: cn=admin,dc=test,dc=com
olcRootPW: {SSHA}vcUy1laKQnb8jKttofXM/4F0x75Of3yB
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn=”cn=admin,dc=test,dc=com″ write by anonymous auth by self write by * none
olcAccess: {1}to dn.base=”” by * read
olcAccess: {2}to * by dn=”cn=admin,dc=test,dc=com″ write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
################################
# Modifications
################################
dn: cn=config
changetype: modify
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}vcUy1laKQnb8jKttofXM/4F0x75Of3yB
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
script1.sh: 55: dn:: not found
script1.sh: 56: objectClass:: not found
script1.sh: 57: cn:: not found
script1.sh: 58: olcModulePath:: not found
script1.sh: 59: olcModuleLoad:: not found
script1.sh: 62: dn:: not found
script1.sh: 63: objectClass:: not found
script1.sh: 64: objectClass:: not found
script1.sh: 65: olcDatabase:: not found
script1.sh: 66: olcDbDirectory:: not found
script1.sh: 67: olcSuffix:: not found
script1.sh: 68: olcRootDN:: not found
script1.sh: 69: olcRootPW:: not found
script1.sh: 70: olcAccess:: not found
script1.sh: 71: olcAccess:: not found
script1.sh: 72: olcAccess:: not found
script1.sh: 73: olcLastMod:: not found
script1.sh: 74: olcDbCheckpoint:: not found
script1.sh: 77: olcDbConfig:: not found
script1.sh: 79: olcDbConfig:: not found
script1.sh: 81: olcDbConfig:: not found
script1.sh: 82: olcDbConfig:: not found
script1.sh: 84: olcDbIndex:: not found
script1.sh: 85: olcDbIndex:: not found
script1.sh: 86: olcDbIndex:: not found
script1.sh: 91: dn:: not found
script1.sh: 92: changetype:: not found
script1.sh: 94: dn:: not found
script1.sh: 95: changetype:: not found
script1.sh: 96: delete:: not found
script1.sh: 98: dn:: not found
script1.sh: 99: changetype:: not found
script1.sh: 100: add:: not found
script1.sh: 101: olcRootDN:: not found
script1.sh: 103: dn:: not found
script1.sh: 104: changetype:: not found
script1.sh: 105: add:: not found
script1.sh: 106: olcRootPW:: not found
script1.sh: 108: dn:: not found
script1.sh: 109: changetype:: not found
script1.sh: 110: delete:: not found
script1.sh: 111: EOF: not found
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=module{0},cn=config”
adding new entry “olcDatabase={1}hdb,cn=config”
ldap_add: Other (e.g., implementation specific) error (80)
additional info: handler exited with 1
modifying entry “cn=config”
modifying entry “olcDatabase={-1}frontend,cn=config”
modifying entry “olcDatabase={0}config,cn=config”
modifying entry “olcDatabase={0}config,cn=config”
modifying entry “olcDatabase={0}config,cn=config”
“Setting up a small directory tree:”
# Tree root
dn: dc=test,dc=com
objectClass: dcObject
objectclass: organization
o: test.com
dc: test
description: Tree root
# Populating
dn: cn=admin,dc=test,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: {SSHA}vcUy1laKQnb8jKttofXM/4F0x75Of3yB
description: LDAP administrator
dn: cn=aw,dc=test,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: aw
userPassword: {SSHA}vcUy1laKQnb8jKttofXM/4F0x75Of3yB
description: LDAP aw
dn: ou=people,dc=test,dc=com
ou: people
objectClass: organizationalUnit
objectClass: top
dn: ou=groups,dc=test,dc=com
ou: groups
objectClass: organizationalUnit
objectClass: top
dn: ou=addressbook,dc=test,dc=com
ou: addressbook
objectClass: top
objectClass: organizationalUnit
#Adding user
dn: uid=ldap1,ou=people,dc=test,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: ldap1
sn: Asdasd
givenName: ldap1
cn: ldap1 Asdasd
displayName: ldap1 asdasd
uidNumber: 1002
gidNumber: 1000
userPassword: {SSHA}vcUy1laKQnb8jKttofXM/4F0x75Of3yB
gecos: ldap1 asdasd
loginShell: /bin/bash
homeDirectory: /home/ldap1
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: aw@test.com
postalCode: 31000
l: Mysity
o: test
mobile: +33 (0)6 22 22 22 22 22
homePhone: +33 (0)5 33 22 33 22
title: System Administrator
postalAddress:
initials: LP
script1.sh: 120: dn:: not found
script1.sh: 121: objectClass:: not found
script1.sh: 122: objectclass:: not found
script1.sh: 123: o:: not found
script1.sh: 124: dc:: not found
script1.sh: 125: description:: not found
script1.sh: 128: dn:: not found
script1.sh: 129: objectClass:: not found
script1.sh: 130: objectClass:: not found
script1.sh: 131: cn:: not found
script1.sh: 132: userPassword:: not found
script1.sh: 133: description:: not found
script1.sh: 143: dn:: not found
script1.sh: 144: ou:: not found
script1.sh: 145: objectClass:: not found
script1.sh: 146: objectClass:: not found
script1.sh: 148: dn:: not found
script1.sh: 149: ou:: not found
script1.sh: 150: objectClass:: not found
script1.sh: 151: objectClass:: not found
script1.sh: 153: dn:: not found
script1.sh: 154: ou:: not found
script1.sh: 155: objectClass:: not found
script1.sh: 156: objectClass:: not found
script1.sh: 157: description:: not found
script1.sh: 160: dn:: not found
script1.sh: 161: objectClass:: not found
script1.sh: 162: objectClass:: not found
script1.sh: 163: objectClass:: not found
script1.sh: 164: uid:: not found
script1.sh: 165: sn:: not found
script1.sh: 166: givenName:: not found
script1.sh: 167: cn:: not found
script1.sh: 168: displayName:: not found
script1.sh: 169: uidNumber:: not found
script1.sh: 170: gidNumber:: not found
script1.sh: 171: userPassword:: not found
script1.sh: 172: gecos:: not found
script1.sh: 173: loginShell:: not found
script1.sh: 174: homeDirectory:: not found
script1.sh: 175: shadowExpire:: not found
script1.sh: 176: shadowFlag:: not found
script1.sh: 177: shadowWarning:: not found
script1.sh: 178: shadowMin:: not found
script1.sh: 179: shadowMax:: not found
script1.sh: 180: shadowLastChange:: not found
script1.sh: 181: mail:: not found
script1.sh: 182: postalCode:: not found
script1.sh: 183: l:: not found
script1.sh: 184: o:: not found
script1.sh: 185: Syntax error: “(” unexpected
root@001:/home/sysmanager#
Also, the script sets up the server right? Anyone know what has to be done to the clients to use the server to authenticate against?
Thanks
“Help”
Is this website still active?
These two lines need to be fixed to get the second script to work:
cat < $tmpdir/database.ldif
to
cat < $tmpdir/database.ldif
and
cat < $tmpdir/dit.ldif
to
cat < $tmpdir/dit.ldif
But I still have the Invalid Credentials (49) from the ldap_bind at the very bottom of the script, followed by and error on this line:
ldapsearch -x -h localhost -b “dc=$dc1,dc=$dc2″ “(objectClass=*)”
which is: Syntax error: “(” unexpected
I tried removing both of the parenthesis, but that didn’t work.
Still needing help….
cat < $tmpdir/database.ldif
cat < $tmpdir/dit.ldif
I got it!!!!!
It’s the “quotes”!!!!!!
The quotes are screwing up everything!!!!!
The only thing that should have the “Curved” quotes around it is the if statement at the beginning to check the password.
Everything else should have the quotes that are parallel to each other and NOT bent!!!!!
It works now!
Hi Alex!
I have same your error and I modify the line “passwd=mypassword” to “read passwd”. it’s work!
Thanks for great scrip!
This article is good.
Masfia, there is a GUI available called LdapBrowser (its a java based program)…
Im getting this error every time i use the script to run slapd configurations:
adding new entry “cn=module{0},cn=config”
ldap_add: Naming violation (64)
I have written the script word by word but i can’t get around this problem.
(i tried other websites having similar howto’s but all in vain)
This script simply doesn’t work on Ubuntu 10.4 Lucid Lynx, period!!
Like many others, I am consistently getting ldap_bind: Invalid credentials (49) error.
The page header mentions these instructions are for Ubuntu 10.4, then are all these people, including myself, crazy? Or are these instructions a cruel joke. Just like how horrible OpenLDAP is…?
Arditi – Although I appreciate ur effort for putting this page together, but since so many people are seeing the same issue, the explanation works-for-me doesn’t go too far. Sorry, but needless to say, I am a bit disappointed …
@Its_a_joke
I have a 10.04 Lucid and it works(perfectly) for me. Don’t copy all of it by the letter, dude. Some of it, you can/must edit. Oh, the quotes (”), as Help said, are formatted(or some other character…?) so you need to replace it with the plain keyboard quote (“) to work as a script.
The original script worked excellent, but the enhancements made it perfect!
Thanks:
– albanianwizard
– Arditi
– Wizardfan
I have adjusted the script (the quotes) and added the read passwd part. The script looks like http://pastebin.com/Fhb2ruFp but still does not work (Ubuntu 12.04 fresh install). I got the following log http://pastebin.com/s6SPK6db especially:
adding new entry “cn=module{0},cn=config”
ldap_add: Naming violation (64)
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I tried both passwords, even used the same in the script and initial slapd install. Could you please pastebin a wokring script, or say what is wrong with this one?
Kind regards,
Ave