Ldap on Centos 5.2 server

Hi All,

I just now installed and configured ldap on Centos 5.2 machine but I am not able login from using the ldap username and password from a centos client.

These are the steps I followed:

1. yum install *openldap* -y

2. chkconfig --levels 235 ldap on

3. service ldap start

4. slappasswd

which resulted in some value which was similar to {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW

5. Update the same root password in and the belwo mentioned details - /etc/openldap/slapd.conf

database bdb
suffix "dc=adminmart,dc=com"
rootdn "cn=Manager,dc=adminmart,dc=com"
rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW

6. service ldap restart

7. useradd test1

8. passwd test1

9. grep root /etc/passwd > /etc/openldap/passwd.root
grep test1 /etc/passwd > /etc/openldap/passwd.test1

10. Edited the following file in /usr/share/openldap/migration/migrate_common.ph
with below mentioned details.

$DEFAULT_MAIL_DOMAIN = "adminmart.com";
$DEFAULT_BASE = "dc=adminmart,dc=com";

11. Converted password file to ldif using the belwo mentioned commands

/usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif

/usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif

12. Edited the following file /etc/openldap/root.ldif

dn: uid=root,ou=People,dc=adminmart,dc=com
uid: root
cn: Manager
objectClass: account

along with my previous details

objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$m1SnfabK$awerw3Q/9U5id5NG.6Afc0
shadowLastChange: 14336
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root

dn: uid=operator,ou=People,dc=adminmart,dc=com
uid: operator
cn: operator
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}*
shadowLastChange: 14335
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 11
gidNumber: 0
homeDirectory: /root
gecos: operator

13. And then created a new ldif file in /etc/openldap/adminmart.com.ldif with the beow mentioned details

14.dn: dc=adminmart,dc=com
dc: adminmart
description: LDAP Admin
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
dn: ou=People, dc=adminmart,dc=com
ou: People
description: Users of adminmart
objectClass: organizationalUnit

15. Import all users in to the LDAP
ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif
ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif
ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif

16. Restart ldap servies with the following command: service ldap restart

17. After this I received the following error message stating "[SOLVED] - bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/openldap-data: (2) Expect poor performance for suffix"

I did the following things

1) cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

2) chown ldap:ldap /var/lib/ldap/DB_CONFIG

18. And again restarted ldap - service ldap restart

I got the following result

Stopping slapd: [ OK ]
Checking configuration files for slapd: config file testing succeeded
[ OK ]
Starting slapd: [ OK ]

Now I configured Centos 5.3 Desktop (Client machine) using the belwo mentioned commands

19. authconfig-tui
[*] Use LDAP [*] Use LDAP Authentication

[Both were checked]

Clicked on "Next".

[ ] Use TLS
Server: ldap.adminmart.com
Base DN: dc=adminmart,dc=com

Click "Ok" to confirm.

20. Now I rebooted my Centos 5.3 Desktop (Client) it took a longer time to show up the login screen but unfortunately I was not able to login as "test1" user.

Its pretty long I know but could some one who please take a look at the attachment and help me out.

I have tried going through http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_C... and have configured my client with the below mentioned details

Referring to your link http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_C....

I did the following

1. I first downloaded openldap and installed it on my client using the following command: yum install *openldap* -y

2. I then edited /etc/openldap/ldap.conf file using the vi /etc/openldap/ldap.conf command and now my ldap.conf file on the client reads as mentioned below

BASE dc=adminmart,dc=com
URI ldap://
TLS_CACERTDIR /etc/openldap/cacerts

where HOST refers to my LDAP Server and the domain name is adminmart.com

3. I then used /usr/bin/authconfig-tui command to enable the authentication and mybelow mwntioned things were enabled

[*] Use Shadow Passwords
[*] Use MD5 Passwords
[*] Use LDAP
[*] Use LDAP Authentication

[ ] Use TLS
Base DN: dc=adminmart,dc=com

4. When I looked at my /etc/nsswitch.conf fie. I could find the below mentioned details

passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: files ldap

publickey: nisplus

automount: files ldap
aliases: files nisplus

5. After that I use the following command grep ldapuser /etc/passwd

6. I then created a directory doe ldapuser locally on the client by using this command: mkdir /home/ldapuser

7. Changed the permissions using this command: chmod 700 /home/ldapuser/

8. The following command listed all the home directories along with ldapuser's and it read as follows:

drwx------ 2 root root 4096 Mar 13 16:38 ldapuser

9. This is where it failed using the command : chown -R ldapuser:users /home/ldapuser
The error message read something like this chown: `ldapuser:users': invalid user

Could you please help

I tried even this ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)' and the result was

# extended LDIF
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL

# search result
search: 2
result: 32 No such object

I have also tried using the tcpdump -n tcp port ldap and was able to get a reply as mentioned below but I am not able to login from my client machine using the ldapuser accounts.

Can somebody help me out.

Thank you in advance.

Taxonomy upgrade extras: 

tcpdump -n tcp port ldap resulted in

19:37:03.947093 IP > P 29:43(14) ack 247 win 215
19:37:03.986262 IP > . ack 43 win 183

IP Refers to my ldap server
IP refers to my client

I just did the whole thing again refer to the link mentioned below and it started working for me.



First of all, I'm already following inuxhomenetworking.com 'http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_C...' and I want to mention something,

When I'm trying to make CHOWN from client side, I get "chown: invalid user 'ldapuser:users'' error. although the user and it's group are already exist in the server side, the client is hunging up when it tries to login...Please help meeeeeeeeeee..Please............

Add new comment

By submitting this form, you accept the Mollom privacy policy.