Comments on: Notes on ubuntu-8.10-serverguide-openldap http://blog.khax.net/2009/04/03/notes-on-ubuntu-810-serverguide-openldap/?utm_source=rss&utm_medium=rss&utm_campaign=notes-on-ubuntu-810-serverguide-openldap Webdev & Devops Blog Sat, 31 Dec 2011 04:54:04 +0000 hourly 1 By: iksan http://blog.khax.net/2009/04/03/notes-on-ubuntu-810-serverguide-openldap/#comment-58 iksan Sat, 28 May 2011 07:39:57 +0000 http://blog.khax.net/?p=123#comment-58 the comand is "sudo ldapadduser george example" not "ldapuseradd george example" help me Thanks for your ettention the comand is
“sudo ldapadduser george example”

not “ldapuseradd george example”

help me

Thanks for your ettention

]]> By: iksan http://blog.khax.net/2009/04/03/notes-on-ubuntu-810-serverguide-openldap/#comment-57 iksan Sat, 28 May 2011 07:37:16 +0000 http://blog.khax.net/?p=123#comment-57 Dear All i have a problem when i add user in ldap, the coment is "sudo ldapuseradd george example" error Massage display "Error adding user goerge to LDAP " What is the problem.. ? help me please Dear All

i have a problem when i add user in ldap, the coment is
“sudo ldapuseradd george example”

error Massage display

“Error adding user goerge to LDAP ”
What is the problem.. ?
help me please

]]> By: Paul http://blog.khax.net/2009/04/03/notes-on-ubuntu-810-serverguide-openldap/#comment-56 Paul Sun, 07 Jun 2009 02:30:53 +0000 http://blog.khax.net/?p=123#comment-56 Ok, sorry to be like a stalker. So I figured out that I have to escape the url with % signs. I had it working without them when I tested TLS before. ex.: sudo ldapsearch -x -H ldap:///%e%x%a%m%p%l%e%.%c%o%m -D cn=admin,dc=example,dc=com -W -ZZ Weird. I'd try it in the config file if I could figure out how without blowing up the server. --peace out. Ok, sorry to be like a stalker.

So I figured out that I have to escape the url with % signs. I had it working without them when I tested TLS before.

ex.: sudo ldapsearch -x -H ldap:///%e%x%a%m%p%l%e%.%c%o%m -D cn=admin,dc=example,dc=com -W -ZZ

Weird. I’d try it in the config file if I could figure out how without blowing up the server.

–peace out.

]]> By: Paul http://blog.khax.net/2009/04/03/notes-on-ubuntu-810-serverguide-openldap/#comment-55 Paul Sun, 07 Jun 2009 01:06:16 +0000 http://blog.khax.net/?p=123#comment-55 Mixed-success. I have much to document. But first the bad news. I have my new commercial certs for my domain www.example.info, and OpenLdap wants it to match my server name, hoth. Too bad I didn't know about wildcards or alternate certificate names. Now the good news. I generated two certificates on a third machine and got them installed with TLS working on both Ldap servers. I think it balked before because I was trying to connect to the other two ldap servers with the same machine that has the CA. To make it uglier, I was connecting through dyndns. And I was trying to do too much other junk on top of that. OK. Live and learn. Now that TLS works, I floundered updating the replication piece. I tried updating the config database, but apparently, I was slightly off. Looking at the update file that I created from the tutorial, it looks like I should be able to re-run it. I thought it would just replace the olcSyncRepl line, but no dice. It gives a message that it is updating, and then hangs. If I control -c and get back to the command prompt, it hangs if I try to do an ldapsearch. If I control -c and then /etc/init.d/slapd restart, I can ldapsearch again and see that it didn't update the config. Being a clever fellow, I went to the other server figuring that if I got it right, it would replicate. I didn't get it right. Same behavior when I try to re-run the file. Do you by chance know how to delete the syncrepl bit so that I can keep trying to get it right? Here's what the file looks like: dn: olcDatabase={0}config,cn=config replace: olcSyncrepl olcSyncrepl: {0}rid=001 provider=ldap:///www.example.info binddn="cn=admin,cn =config" bindmethod=simple credentials=password searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 starttls=yes olcSyncrepl: {1}rid=002 provider=ldap:///casserver.example.info binddn="cn=admin,cn =config" bindmethod=simple credentials=password searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 starttls=yes BTW, in case you notice, I have an example.info domain where my servers are running, but my ldap is setup as cn=example,cn=com because I have that domain also. Thanks for all your help. I hope this can help others. Openldap is hard. Paul Mixed-success. I have much to document. But first the bad news. I have my new commercial certs for my domain http://www.example.info, and OpenLdap wants it to match my server name, hoth. Too bad I didn’t know about wildcards or alternate certificate names. Now the good news. I generated two certificates on a third machine and got them installed with TLS working on both Ldap servers. I think it balked before because I was trying to connect to the other two ldap servers with the same machine that has the CA. To make it uglier, I was connecting through dyndns. And I was trying to do too much other junk on top of that.

OK. Live and learn. Now that TLS works, I floundered updating the replication piece. I tried updating the config database, but apparently, I was slightly off. Looking at the update file that I created from the tutorial, it looks like I should be able to re-run it. I thought it would just replace the olcSyncRepl line, but no dice. It gives a message that it is updating, and then hangs. If I control -c and get back to the command prompt, it hangs if I try to do an ldapsearch. If I control -c and then /etc/init.d/slapd restart, I can ldapsearch again and see that it didn’t update the config. Being a clever fellow, I went to the other server figuring that if I got it right, it would replicate. I didn’t get it right. Same behavior when I try to re-run the file.

Do you by chance know how to delete the syncrepl bit so that I can keep trying to get it right? Here’s what the file looks like:

dn: olcDatabase={0}config,cn=config
replace: olcSyncrepl
olcSyncrepl: {0}rid=001 provider=ldap:///www.example.info binddn=”cn=admin,cn
=config” bindmethod=simple credentials=password searchbase=”cn=config” type=refreshAndPersist retry=”5 5 300 5″ timeout=1 starttls=yes
olcSyncrepl: {1}rid=002 provider=ldap:///casserver.example.info binddn=”cn=admin,cn
=config” bindmethod=simple credentials=password searchbase=”cn=config” type=refreshAndPersist retry=”5 5 300 5″ timeout=1 starttls=yes

BTW, in case you notice, I have an example.info domain where my servers are running, but my ldap is setup as cn=example,cn=com because I have that domain also.

Thanks for all your help. I hope this can help others. Openldap is hard.
Paul

]]> By: Paul http://blog.khax.net/2009/04/03/notes-on-ubuntu-810-serverguide-openldap/#comment-54 Paul Sat, 06 Jun 2009 22:18:45 +0000 http://blog.khax.net/?p=123#comment-54 Hey I'm back at it. Sorry for not checking back. I ended up buying certs from Godaddy. I definitely would not do the self-signed thing again. As a noobie to ssl and openldap, it created confusion that was hard for me to solve. This tutorial has already helped me again today. I'll post the things that a ran into soon and hopefully news of my success. Thanks again. P.S. You are definitely still a hero! Hey I’m back at it. Sorry for not checking back. I ended up buying certs from Godaddy. I definitely would not do the self-signed thing again. As a noobie to ssl and openldap, it created confusion that was hard for me to solve. This tutorial has already helped me again today. I’ll post the things that a ran into soon and hopefully news of my success.

Thanks again.

P.S. You are definitely still a hero!

]]>