Setting up OpenLDAP

Bob Hall rjhjr at cox.net
Fri Jul 25 23:13:30 PDT 2003 

OpenLDAP 2.1.22, FBSD 4.8

I'm trying to set up LDAP to store passwords. Eventually I will 
want to store addresses and do general authentication, but right 
now I just want to do something really simple: add passwords.

I installed from the ports using portintall, couldn't get it to 
work, and went back and reinstalled doing
	# make depend
	# make
	# make test 
The install didn't fail any of the tests, although make kept looping
through the tests until I hit ^C. But I still have the same problems. 
If anyone has succeeded in installing OpenLDAP from the ports, I'd 
be grateful for any pointers.

I'm trying to do the Quick Install described at www.openldap.org. The 
first problem is that the doc claims that this is supposed to be a 
non-referring set up, which is what I want, but OpenLDAP complains that 
there's no referral. So I've uncommented the referral line in slapd.conf. 
But attempts to add records still fail. 

When I do search prior to adding records, I get
# /usr/local/bin/ldapsearch -x -b '' -s base '(objectclass=*)'
	dn:
	objectClass: top
	objectClass: OpenLDAProotDSE
When I try to add records without a referral, I get 
# ldapadd -x -v -D "cn=Manager,dc=domain,dc=net" -W -f domain.ldif
	additional info: referral missing
With the referral, I get
	ldapadd: update failed: dc=domain, dc=net   objectclass: dcObject   
		objectclass: organization   o: SNAFU   
		dc: domain 
	ldap_add: Referral (10)
       		referrals:
                	ldap://root.openldap.org/dc=domain,dc=net%20%20%20objectclass:%20dcObject%20%20%20objectclass:%20organization%20%20%20o:%20SNAFU%20%20%20dc:%20domain

Configuration
# less slap.conf
include         /usr/local/etc/openldap/schema/core.schema
referral       ldap://root.openldap.org
pidfile         /var/run/ldap/slapd.pid
argsfile        /var/run/ldap/slapd.args
database        bdb
suffix          "dc=domain, dc=net"
rootdn          "cn=Manager, dc=domain, dc=net"
rootpw          <md5 hash>
directory       /var/db/openldap-data
index   objectClass     eq

# less domain.ldif
dn: dc=domain, dc=net
    objectclass: dcObject
    objectclass: organization
    o: SNAFU
    dc: domain
dn: cn=Manager, dc=domain, dc=net
    objectclass: organizationalRole
    cn: Manager

Bob Hall

More information about the freebsd-questions mailing list