Tech Chorus

Hi All,

I just now installed and configured ldap on Centos 5.2 machine but I am not able login from using the ldap username and password from a centos client.

These are the steps I followed:

1. yum install *openldap* -y

2. chkconfig --levels 235 ldap on

3. service ldap start

4. slappasswd

which resulted in some value which was similar to {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW

5. Update the same root password in and the belwo mentioned details - /etc/openldap/slapd.conf

database bdb
suffix "dc=adminmart,dc=com"
rootdn "cn=Manager,dc=adminmart,dc=com"
rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW

6. service ldap restart

7. useradd test1

8. passwd test1

9. grep root /etc/passwd > /etc/openldap/passwd.root
grep test1 /etc/passwd > /etc/openldap/passwd.test1

10. Edited the following file in /usr/share/openldap/migration/migrate_common.ph
with below mentioned details.

$DEFAULT_MAIL_DOMAIN = "adminmart.com";
$DEFAULT_BASE = "dc=adminmart,dc=com";

11. Converted password file to ldif using the belwo mentioned commands

/usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif

/usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif

12. Edited the following file /etc/openldap/root.ldif

dn: uid=root,ou=People,dc=adminmart,dc=com
uid: root
cn: Manager
objectClass: account

along with my previous details

objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$m1SnfabK$awerw3Q/9U5id5NG.6Afc0
shadowLastChange: 14336
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root

dn: uid=operator,ou=People,dc=adminmart,dc=com
uid: operator
cn: operator
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}*
shadowLastChange: 14335
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 11
gidNumber: 0
homeDirectory: /root
gecos: operator

13. And then created a new ldif file in /etc/openldap/adminmart.com.ldif with the beow mentioned details

14.dn: dc=adminmart,dc=com
dc: adminmart
description: LDAP Admin
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
dn: ou=People, dc=adminmart,dc=com
ou: People
description: Users of adminmart
objectClass: organizationalUnit

15. Import all users in to the LDAP
ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif
ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/root.ldif
ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/test1.ldif

16. Restart ldap servies with the following command: service ldap restart

17. After this I received the following error message stating "[SOLVED] - bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/openldap-data: (2) Expect poor performance for suffix"

I did the following things

1) cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

2) chown ldap:ldap /var/lib/ldap/DB_CONFIG

18. And again restarted ldap - service ldap restart

I got the following result

Stopping slapd: [ OK ]
Checking configuration files for slapd: config file testing succeeded
[ OK ]
Starting slapd: [ OK ]

Now I configured Centos 5.3 Desktop (Client machine) using the belwo mentioned commands

19. authconfig-tui
[*] Use LDAP [*] Use LDAP Authentication

[Both were checked]

Clicked on "Next".

[ ] Use TLS
Server: ldap.adminmart.com
Base DN: dc=adminmart,dc=com

Click "Ok" to confirm.

20. Now I rebooted my Centos 5.3 Desktop (Client) it took a longer time to show up the login screen but unfortunately I was not able to login as "test1" user.

Its pretty long I know but could some one who please take a look at the attachment and help me out.

I have tried going through http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_C... and have configured my client with the below mentioned details

Referring to your link http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_C....

I did the following

1. I first downloaded openldap and installed it on my client using the following command: yum install *openldap* -y

2. I then edited /etc/openldap/ldap.conf file using the vi /etc/openldap/ldap.conf command and now my ldap.conf file on the client reads as mentioned below

HOST 192.168.1.2
BASE dc=adminmart,dc=com
URI ldap://192.168.1.2/
TLS_CACERTDIR /etc/openldap/cacerts

where HOST 192.168.1.2 refers to my LDAP Server and the domain name is adminmart.com

3. I then used /usr/bin/authconfig-tui command to enable the authentication and mybelow mwntioned things were enabled

[*] Use Shadow Passwords
[*] Use MD5 Passwords
[*] Use LDAP
[*] Use LDAP Authentication

[ ] Use TLS
Server: 192.168.1.2
Base DN: dc=adminmart,dc=com

4. When I looked at my /etc/nsswitch.conf fie. I could find the below mentioned details

passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: files ldap

publickey: nisplus

automount: files ldap
aliases: files nisplus

5. After that I use the following command grep ldapuser /etc/passwd

6. I then created a directory doe ldapuser locally on the client by using this command: mkdir /home/ldapuser

7. Changed the permissions using this command: chmod 700 /home/ldapuser/

8. The following command listed all the home directories along with ldapuser's and it read as follows:

drwx------ 2 root root 4096 Mar 13 16:38 ldapuser

9. This is where it failed using the command : chown -R ldapuser:users /home/ldapuser
The error message read something like this chown: `ldapuser:users': invalid user

Could you please help

I tried even this ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)' and the result was

# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

I have also tried using the tcpdump -n tcp port ldap and was able to get a reply as mentioned below but I am not able to login from my client machine using the ldapuser accounts.

Can somebody help me out.

Thank you in advance.