I have done setup of OpenLdap 2.6.3 on CentOS8. I followed all the steps and I am trying to connect in Apache Directory Studio. It throws the error "Error while opening connection
-Missing schema location in RootDSE, using default schema". Please could you help me in this.
The input given in RootDN is:
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/lib/openldap/slapd.args
olcPidFile: /var/lib/openldap/slapd.pid
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/libexec/openldap
olcModuleload: back_mdb.la
# Include more schemas in addition to default core
include: file:///etc/openldap/schema/core.ldif
include: file:///etc/openldap/schema/cosine.ldif
include: file:///etc/openldap/schema/nis.ldif
include: file:///etc/openldap/schema/inetorgperson.ldif
include: file:///etc/openldap/schema/sudo.ldif
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: frontend
olcAccess: to dn.base="cn=Subschema" by * read
olcAccess: to *
by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
by * none
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcRootDN: cn=config
olcAccess: to *
by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
by * none
and the input given in binddnuser.ldif:
dn: ou=system,dc=ldapmaster,dc=connectors,dc=com
objectClass: organizationalUnit
objectClass: top
ou: system
dn: cn=readonly,ou=system,dc=ldapmaster,dc=connectors,dc=com
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: readonly
userPassword: {SSHA}p8Ivp9Qc3YQr1hO3DHuX2GMvTGAbdBux
description: Bind DN user for LDAP Operations
I'm triing to create a user with openldap 2.4
dn: uid=rrrrrr,ou=users,dc=my-domain,dc=com
objectClass: iNetOrgPerson
uid: iiiiii
but it doesn't seem recognize the objectClass producing this error:
adding new entry "uid=rrrrrr,ou=users,dc=my-domain,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #0 invalid per syntax
Using other object classes is ok. What's the problem?
I try to do a migration from one ldap (Ubuntu) to another one (CentOS)
From actual server I do an export of database and values:
slapcat -n 0 -l slapd.conf
slapcat -n 1 -l slapd.ldif
At the other one I try to load data but I get this error:
[root#oldap01 tmp]# slapadd -f slapd.ldif
5e442f2b slapd.ldif: line 1: unknown directive <dn:> outside backend info and database definitions.
slapadd: bad configuration file!
slapd.ldif start by:
dn:
objectClass: top
objectClass: dcObject
objectClass: organization
o: no-domain
dc: no-domain
structuralObjectClass: organization
There's any way to create manually the OU,CN,... and then import the values?
Thanks in advance
I have recently installed openldap 2.4.42 and disabled anonymous login using the following content in ldif file.
dn: cn=config
changetype: modify
add: olcDisallows
olcDisallows: bind_anon
dn: cn=config
changetype: modify
add: olcRequires
olcRequires: authc
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcRequires
olcRequires: authc
I can even see access to dn.base="" by * read in slapd.conf file
Now, I have a application(wordpress blog) which is trying to connect to LDAP server using anonymous login and failing because of that reason. I tried few options but none of them are working. Can someone help me out on how to re-enable the LDAP anonymous login.
Thanks in advance
What type of configuration are you using ? slapd.conf or slapd.d/ folder ? You cannot use both at the same time.
Drop added olcDisallows & olcRequires configuration if you use slapd.d/ folder configuration.
Or
delete countrepart settings from slapd.conf file (disallow & require) if you use slapd.conf configuration file.
To delete what you said you added to activate this behavior, ie with an LDIF file for example:
dn: cn=config
changetype: modify
delete: olcDisallows
olcDisallows: bind_anon
-
dn: cn=config
changetype: modify
delete: olcRequires
olcRequires: authc
-
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcRequires
olcRequires: authc
You should also verify that targeted anonymous access is allowed by database ACLs (olcAccess parameter)
When I:
ldapadd -f pop01.ldif -x -D "cn=Manager,dc=ldap,dc=beonegroup,dc=be" -w 1234
I get:
adding new entry "dc=ldap,dc=beonegroup,dc=org"
ldapadd: Server is unwilling to perform (53)
additional info: no global superior knowledge
Here is my slapd.conf:
database bdb
suffix "dc=ldap,dc=beonegroup,dc=be"
rootdn "cn=Manager,dc=ldap,dc=beonegroup,dc=be"
rootpw 1234
directory /var/lib/ldap/beoneDirectory
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
And my file used to populate:
[root#local beoneDirectory]# pwd
/var/lib/ldap/beoneDirectory
[root#local beoneDirectory]# cat pop01.ldif
dn: dc=ldap,dc=beone,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
dc: beone
o: beone
description: ldap.beone.be
dn: o=beone
objectClass: top
objectClass: organization
o: beone
description: Beone
dn: cn=Manager,o=beone
objectClass: organizationalRole
cn: Manager
description: LDAP Directory Administrator
dn: ou=Employes,o=beone
ou: Employes
objectClass: top
objectClass: organizationalUnit
description: Employes beone
dn: ou=Clients,o=beone
ou: Clients
objectClass: top
objectClass: organizationalUnit
description: Clients beone
#1ere entrée
dn: cn=Benoit Le,ou=Employes,o=beonegroup
cn: Benoit Le
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
mail: benoit#beone.be
givenname: Benoit
sn: Lecomte
ou: Employes
street: 29 rue de cp
l: jumet
postalCode: 6040
telephoneNumber: 04942311
mobile: 01234345
#2eme employé
dn: cn=Matteo Di,ou=Employes,o=beonegroup
cn: Matteo Di
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
mail: mat#beone.be
I know this is a slapd.conf related issue, openldap doesn't know where to insert my entries but I don't really see how to specify it
Your database is named (has suffix):
dc=ldap,dc=beonegroup,dc=be
You are in the ldif trying to add stuff to
dn: dc=ldap,dc=beone,dc=org
This is somewhat equivalent of makeing a directory called /something, then trying to create the file /some/file. It won't work since the directory /some doesn't exist.
Remember LDAP data is organized in a hierarchical structure, i.e. the form of a tree like directories and files are. The word superior refers to the level above (closer to top), similar to parent directory (closer to root) in the filesystem example.
In the filesystem you would get the error message /some/file: No such file or directory
The LDAP error could probably have been worded better, but to fix this you have to either change the suffix in your slapd.conf or change the stuff you want to add. They have to match.
(Thanks to lilalinux for in the comments also specifying how to fix)
The domain component structure what you have defined "dc=ldap,dc=beonegroup,dc=be" in not matching with your input entry in pop01.ldif first line.
Try to change the first line in your pop01.ldif from dc=org to dc=be and try again.