Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: [Openldap] can not import LConf schema

  1. #1

    Default [Openldap] can not import LConf schema

    Hi,

    Trying to set up LConf to work with my Openldap and icinga but getting insufficient access error when importing schema.

    Openldap version: 2.4.31-2.1.3-x86_64
    OpenSUSE version: 12.2
    LCOnf version: 1.3rc


    1. zypper install openldap2 openldap2-devel openldap2-client
    2. vi /etc/openldap/slapd.conf
    3. mkdir -p /var/run/openldap
    4. chmod 0700 /var/run/openldap
    5. chown -R ldap.ldap /var/run/openldap
    6. chown -R ldap.ldap /var/lib/ldap
    7. vi /var/lib/ldap/DB_CONFIG
    set_cachesize 0 15000000 1
    set_lg_regionmax 262144
    set_lg_bsize 2097152
    set_lk_max_locks 30000
    set_lk_max_objects 30000
    set_flags DB_LOG_AUTOREMOVE

    8. /etc/init.d/ldap start
    9. cat << "EOF" > /tmp/ldap_initialize
    dn: dc=icinga,dc=cfg
    dc: icinga
    objectClass: domain
    EOF

    10. ldapadd -h 127.0.0.1 -x -D "cn=Manager,dc=icinga,dc=cfg" -W -f /tmp/ldap_initialize
    11. tar xvzf LConf-1.3rc.tar.gz
    12. ./configure --with-lconf-cli-user=icinga --with-lconf-cli-group=icinga --with-ldap-dn="dc=icinga,dc=cfg" --with-ldap-bind-dn="cn=Manager,dc=icinga,dc=cfg" --with-ldap-bind-password=secret
    make
    make install

    13. ldapadd -Y EXTERNAL -H ldapi:/// -f src/netways.schema.ldif
    ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

    14. change OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap
    15. Try again ldapadd -Y EXTERNAL -H ldapi:/// -f src/netways.schema.ldif
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry "cn=netways,cn=schema,cn=config"
    ldap_add: Insufficient access (50)

    16. Try ldapadd -h localhost -x -D "cn=config" -f ./src/netways.schema.ldif -w secret
    ldap_bind: Invalid credentials (49)

    17. ldapsearch -x -b 'dc=icinga,dc=cfg' '(objectclass=*)'
    # extended LDIF
    #
    # LDAPv3
    # base with scope subtree
    # filter: (objectclass=*)
    # requesting: ALL
    #

    # icinga.cfg
    dn: dc=icinga,dc=cfg
    dc: icinga
    objectClass: domain
    # search result
    search: 2
    result: 0 Success
    # numResponses: 2
    # numEntries: 1

    18. vi /etc/openldap/slapd.d

    " ============================================================================
    " Netrw Directory Listing (netrw v140)
    " /etc/openldap/slapd.d
    " Sorted by name
    " Sort sequence: [\/]$,\,\.h$,\.c$,\.cpp$,*,\.o$,\.obj$,\.info$,\.s
    " Quick Help: :help -:go up dir D:delete R:rename s:sort-by x:exec
    " ============================================================================
    ../

    Stuck here... Anyone can help to identify the error?

  2. #2
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,050

    Default Re: [Openldap] can not import LConf schema

    On Mon, 06 May 2013 03:06:05 +0000, ycsiong wrote:

    > Stuck here... Anyone can help to identify the error?


    It's an authentication error, where did you get the steps from?

    Usually with the ldap utils, I use simple authentication (-x) and a
    username and password, rather than an external authentication. But
    you're getting a -1 error on that step.

    You might try running with -v or -vv to get more verbose output.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  3. #3

    Default Re: [Openldap] can not import LConf schema

    Quote Originally Posted by hendersj View Post
    It's an authentication error, where did you get the steps from?

    Usually with the ldap utils, I use simple authentication (-x) and a
    username and password, rather than an external authentication. But
    you're getting a -1 error on that step.

    You might try running with -v or -vv to get more verbose output.

    Jim
    The -1 error was solve after alter OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap

    When i try
    ldapadd -h 127.0.0.1 -x -D "cn=Manager,dc=icinga,dc=cfg" -W -f src/base.ldif
    It give me another error.

    Output:
    Enter LDAP Password:
    adding new entry "ou=LConf,dc=icinga,dc=cfg"

    adding new entry "ou=IcingaConfig,ou=LConf,dc=icinga,dc=cfg"
    ldap_add: Invalid syntax (21)
    additional info: objectClass: value #0 invalid per syntax

  4. #4

    Default Re: [Openldap] can not import LConf schema

    Then run ldapsearch -x -b 'dc=icinga,dc=cfg' '(objectclass=*)' again, the newly added OU is shown

    # extended LDIF
    #
    # LDAPv3
    # base <dc=icinga,dc=cfg> with scope subtree
    # filter: (objectclass=*)
    # requesting: ALL
    #


    # icinga.cfg
    dn: dc=icinga,dc=cfg
    dc: icinga
    objectClass: domain


    # LConf, icinga.cfg
    dn: ou=LConf,dc=icinga,dc=cfg
    ou: LConf
    objectClass: organizationalUnit


    # search result
    search: 2
    result: 0 Success


    # numResponses: 3
    # numEntries: 2

  5. #5
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,050

    Default Re: [Openldap] can not import LConf schema

    On Tue, 07 May 2013 06:46:03 +0000, ycsiong wrote:

    > -adding new entry "ou=IcingaConfig,ou=LConf,dc=icinga,dc=cfg"-
    > -ldap_add:
    > Invalid syntax (21)-
    > - additional info: objectClass: value #0 invalid per syntax -


    Would need to see the contents of base.ldif - please post that (and any
    computer input/output text) in code tags ("#" button in the advanced post
    editor) - otherwise it becomes much more difficult to read.

    It also would help to see the schema changes that were applied to compare
    the data types.

    An invalid syntax error indicates that the data being put into a value
    doesn't match the expected formatting/data type requirements defined in
    the schema.

    Jim
    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  6. #6

    Default Re: [Openldap] can not import LConf schema

    Can not attached file here, no permission. How do i attach the schema file?

  7. #7

    Default Re: [Openldap] can not import LConf schema

    Here is the base.ldif

    dn: ou=LConf,dc=icinga,dc=cfg
    ou: LConf
    objectClass: organizationalUnit


    dn: ou=IcingaConfig,ou=LConf,dc=icinga,dc=cfg
    ou: IcingaConfig
    objectClass: lconfStructuralObject


    dn: ou=Templates,ou=LConf,dc=icinga,dc=cfg
    ou: Templates
    objectClass: lconfStructuralObject


    dn: ou=Examples,ou=LConf,dc=icinga,dc=cfg
    ou: Examples
    objectClass: lconfStructuralObject


    dn: cn=example-timeperiod,ou=Examples,ou=LConf,dc=icinga,dc=cfg
    cn: example-timeperiod
    lconfAlias: 24 Hours A Day, 7 Days A Week
    description: 24x7
    lconfTimeperiodValue: sunday 00:00-24:00
    lconfTimeperiodValue: monday 00:00-24:00
    lconfTimeperiodValue: tuesday 00:00-24:00
    lconfTimeperiodValue: wednesday 00:00-24:00
    lconfTimeperiodValue: thursday 00:00-24:00
    lconfTimeperiodValue: friday 00:00-24:00
    lconfTimeperiodValue: saturday 00:00-24:00
    objectClass: lconfTimeperiod


    dn: cn=example-command,ou=Examples,ou=LConf,dc=icinga,dc=cfg
    cn: example-command
    lconfCommandline: $USER1$/check_users -w 50 -c 100
    objectClass: lconfCommand


    dn: cn=example-contact,ou=Examples,ou=LConf,dc=icinga,dc=cfg
    cn: example-contact
    lconfAlias: example-contact
    lconfEmail: user@example.net
    lconfPager: +491701234567
    objectClass: lconfContact


    dn: cn=example-contactgroup,ou=Examples,ou=LConf,dc=icinga,dc=cfg
    cn: example-contactgroup
    lconfAlias: example-contactgroup
    lconfMembers: example-contact
    objectClass: lconfContactgroup


    dn: cn=example-host,ou=Examples,ou=LConf,dc=icinga,dc=cfg
    cn: example-host
    lconfAddress: 127.0.0.1
    lconfAlias: example-host
    objectClass: lconfHost


    dn: cn=example-hostgroup,ou=Examples,ou=LConf,dc=icinga,dc=cfg
    cn: example-hostgroup
    lconfAlias: example-hostgroup
    lconfMembers: example-host
    objectClass: lconfHostgroup


    dn: cn=example-service,ou=Examples,ou=LConf,dc=icinga,dc=cfg
    cn: example-service
    lconfCheckcommand: example-command
    objectClass: lconfService


    dn: ou=example-structural-object,ou=Examples,ou=LConf,dc=icinga,dc=cfg
    ou: example-structural-object
    objectClass: lconfStructuralObject


    dn: ou=example-alias,ou=Examples,ou=LConf,dc=icinga,dc=cfg
    objectClass: top
    objectClass: alias
    objectClass: extensibleObject
    ou: example-alias
    aliasedObjectName: ou=example-target

  8. #8
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,050

    Default Re: [Openldap] can not import LConf schema

    On Fri, 10 May 2013 08:16:09 +0000, ycsiong wrote:

    > Can not attached file here, no permission. How do i attach the schema
    > file?


    Use susepaste.org or just paste the text in between code tags.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  9. #9
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,050

    Default Re: [Openldap] can not import LConf schema

    On Tue, 07 May 2013 06:46:03 +0000, ycsiong wrote:

    > When i try ldapadd -h 127.0.0.1 -x -D "cn=Manager,dc=icinga,dc=cfg" -W
    > -f src/base.ldif It give me another error.
    >
    > Output:
    > -Enter LDAP Password:-
    > -adding new entry "ou=LConf,dc=icinga,dc=cfg"-
    >
    > -adding new entry "ou=IcingaConfig,ou=LConf,dc=icinga,dc=cfg"-
    > -ldap_add: Invalid syntax (21)-
    > - additional info: objectClass: value #0 invalid per syntax


    Thinking about this a bit more, try adding -vv to the ldapadd command and
    see if it provides any more useful debug output.

    Jim
    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  10. #10

    Default Re: [Openldap] can not import LConf schema

    ldapadd -Y EXTERNAL -H ldapi:/// -f src/netways.schema.ldif -vv

    SUSE Paste

    ldapadd -h localhost -x -D "cn=Manager,dc=icinga,dc=cfg" -fsrc/netways.schema.ldif -w secret -vv

    SUSE Paste

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •