Re: [SLUG] LDAP help please

[O Plameras <oscarp@xxxxxxxxxxx>]

Howard Lowndes wrote:

> I am trying to get the rootDSE to work in openldap but phpldapadmin is 
> coming back with:
> "Could not determine the root of your LDAP tree.
> It appears that the LDAP server has been configured to not reveal its 
> root.
> Please specify it in config.php"


There are a number of checks to ascertain this. These checks can't be done
completely because there are additional info required but you have not
supplied them.

1. Show us the output of
# cat /etc/openldap/ldap.conf

2. #slapcat    is  used  to check a complete 'ldif' only on localhost. 
As a matter of fact,
no need to start 'slapd' to run 'slapcat', and is not affected by 
'access list' in your
'slapd.conf'.

3. #ldapsearch is used to check directory address info on any server 
depending on
'ldap.conf' and on the format of 'ldapsearch' command. A 'slapd' server 
is required
to be running on the server being interrogated. Ldapsearch is affected 
by 'access list'
in your 'slapd.conf'.

4. Also, show us the output of 
#ldapsearch -x -h localhost -s base -b "" +
or
#ldapsearch -x -h <ldap-server>  -s base -b "" +

> Here is my slapd.conf:
> ##### Schema
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/openldap.schema
> include         /etc/openldap/schema/redhat/autofs.schema
> ##### Allow LDAP v2
> allow bind_v2
> ##### Some files
> pidfile         /var/run/slapd.pid
> argsfile        /var/run/slapd.args
> rootDSE         /var/lib/ldap/rootdse.ldif
> ##### Global access control
> access  to attrs=userPassword
>         by self write
>         by * auth
> ##### Databases
> ##### LANNet
> database        bdb
> suffix          "dc=lannet,dc=com,dc=au"
> directory       /var/lib/ldap
> mode            0600
> rootdn  XXX
> rootpw  YYY
> index objectClass                       eq,pres
> index ou,cn,mail,surname,givenname      eq,pres,sub
> index uidNumber,gidNumber,loginShell    eq,pres
> index uid,memberUid                     eq,pres,sub
> index nisMapName,nisMapEntry            eq,pres,sub
> access  to attrs=telephoneNumber,
>     facsimileTelephoneNumber,
>     mobile,
>     street,
>     l,
>     st,
>     postOfficeBox,
>     postalCode,
>     o
>         by self write
>         by * read
>
> ##### Buller
> database        bdb
> suffix          "dc=buller,dc=com,dc=au"
> directory       /var/lib/ldap
> mode            0600
> rootdn  XXX
> rootpw  YYY
> index objectClass                       eq,pres
> index ou,cn,mail,surname,givenname      eq,pres,sub
> index uidNumber,gidNumber,loginShell    eq,pres
> index uid,memberUid                     eq,pres,sub
> index nisMapName,nisMapEntry            eq,pres,sub
> access  to attrs=telephoneNumber,
>     facsimileTelephoneNumber,
>     mobile,
>     street,
>     l,
>     st,
>     postOfficeBox,
>     postalCode,
>     o
>         by self write
>         by * read
>
>
>
>
> and here is my rootdse.ldif:
> dn:
> namingContexts: dc=lannet,dc=com,dc=au
> namingContexts: dc=buller,dc=com,dc=au
>
>
>
> What I am trying to achieve is to get multiple suffix dn into the 
> directory structure.  I can populate the database with slapadd, but 
> when I run slapcat with the -b "<suffix>" option I see all of the 
> entries not just the one for the suffix, but when I run ldapsearch I 
> don't get much even though slapcat produces output:
> # ldapsearch -x -b "dc=lannet,dc=com,dc=au"
> # extended LDIF
> #
> # LDAPv3
> # base <dc=lannet,dc=com,dc=au> with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 1
>
>
>
> Should the rootDSE file have more entries - if so, what?

Try this command,

#ldapsearch -x -h <ldap-server>  -s base -b "" +

O Plameras