Hi all I’m following the following guide to setting up 389-ds,
I’ve got as far as " Managing LDAP users and groups" but am stuck, when I use dsidm to try and list users or groups I get the following :
Enter basedn :
Error: The DN "ou=People," does not exist. It is required for "user" subcommand. Please create it first.
master:~/ldap # dsidm master group list
Enter basedn :
Error: The DN "ou=Groups," does not exist. It is required for "group" subcommand. Please create it first.
I created with the following template :
;
; This is a version 2 ds setup inf file.
; It is used by the python versions of setup-ds-*
; Most options map 1 to 1 to the original .inf file.
; However, there are some differences that I envision
; For example, note the split backend section.
; You should be able to create, one, many or no backends in an install
;
; The special value {instance_name} is substituted at installation time.
;
; By default, all configuration parameters in this file are commented out.
; To use an INF file with dscreate, you must at least set the parameters
; flagged with [REQUIRED].
[general]
# defaults (str)
# Description: Directory Server enables administrators to use the default values for cn=config entries from a specific version. If you set this parameter to "999999999", which is the default, the instance always uses the default values of the latest version. For example, to configure that the instance uses default values from version 1.3.5, set this parameter to "001003005". The format of this value is XXXYYYZZZ, where X is the major version, Y the minor version, and Z the patch level. Note that each part of the value uses 3 digits and must be filled with leading zeros if necessary.
# Default value: 999999999
;defaults = 999999999
# full_machine_name (str)
# Description: Sets the fully qualified hostname (FQDN) of this system. When installing this instance with GSSAPI authentication behind a load balancer, set this parameter to the FQDN of the load balancer and, additionally, set "strict_host_checking" to "false".
# Default value: localhost.localdomain
full_machine_name = master.ramoth.ftt
# start (bool)
# Description: Starts the instance after the install completes. If false, the instance is created but not started.
# Default value: True
start = True
# strict_host_checking (bool)
# Description: Sets whether the server verifies the forward and reverse record set in the "full_machine_name" parameter. When installing this instance with GSSAPI authentication behind a load balancer, set this parameter to "false". Container installs imply "false".
# Default value: False
;strict_host_checking = False
[slapd]
# db_lib (str)
# Description: Select the database implementation library (bdb or mdb).
# Default value: mdb
db_lib = mdb
# instance_name (str)
# Description: Sets the name of the instance. You can refer to this value in other parameters of this INF file using the "{instance_name}" variable. Note that this name cannot be changed after the installation!
# Default value: localhost
instance_name = master
# ldapi (str)
# Description: Sets the location of socket interface of the Directory Server.
# Default value: /run/slapd-{instance_name}.socket
;ldapi = /run/slapd-{instance_name}.socket
# mdb_max_size (str)
# Description: Select the lmdb database maximum size.
# Default value: 20Gb
;mdb_max_size = 20Gb
# port (int)
# Description: Sets the TCP port the instance uses for LDAP connections.
# Default value: 389
;port = 389
# root_password (str)
# Description: Sets the password of the "cn=Directory Manager" account ("root_dn" parameter).You can either set this parameter to a plain text password dscreate hashes during the installation or to a "{algorithm}hash" string generated by the pwdhash utility. The password must be at least 8 characters long. Note that setting a plain text password can be a security risk if unprivileged users can read this INF file!
# Default value: Directory_Manager_Password
root_password = p4ssw0rd
# secure_port (int)
# Description: Sets the TCP port the instance uses for TLS-secured LDAP connections (LDAPS).
# Default value: 636
;secure_port = 636
# self_sign_cert (bool)
# Description: Sets whether the setup creates a self-signed certificate and enables TLS encryption during the installation. The certificate is not suitable for production, but it enables administrators to use TLS right after the installation. You can replace the self-signed certificate with a certificate issued by a Certificate Authority. If set to False, you can enable TLS later by importing a CA/Certificate and enabling 'dsconf <instance_name> config replace nsslapd-security=on'
# Default value: True
self_sign_cert = True
# self_sign_cert_valid_months (int)
# Description: Set the number of months the issued self-signed certificate will be valid.
# Default value: 24
self_sign_cert_valid_months = 120
[backend-userroot]
# changelog_max_age (str)
# Description: How long an entry should remain in the replication changelog. The default is 7 days, or '7d'. (requires that replication is enabled).
# Default value: 7d
;changelog_max_age = 7d
# changelog_max_entries (str)
# Description: The maximum number of entries to keep in the replication changelog. The default is '-1', which means unlimited. (requires that replication is enabled).
# Default value: -1
;changelog_max_entries = -1
# create_suffix_entry (bool)
# Description: Set this parameter to "True" to create a generic root node entry for the suffix in the database.
# Default value: False
;create_suffix_entry = False
# enable_replication (bool)
# Description: Enable replication for this backend. By default it will setup the backend as a supplier, with replica ID 1, and "cn=replication manager,cn=config" as the replication binddn.
# Default value: False
;enable_replication = False
# replica_binddn (str)
# Description: Set the replication manager DN
# Default value: cn=replication manager,cn=config
;replica_binddn = cn=replication manager,cn=config
# replica_bindgroup (str)
# Description: Set the replication bind group DN
# Default value:
;replica_bindgroup =
# replica_bindpw (str)
# Description: Sets the password of the Replication Manager account ("replica_binddn" parameter).Note that setting a plain text password can be a security risk if unprivileged users can read this INF file!
# Default value:
;replica_bindpw =
# replica_id (int)
# Description: Set the unique replication identifier for this replica's database (suppliers only)
# Default value: 1
;replica_id = 1
# replica_role (str)
# Description: Set the replication role. Choose either 'supplier', 'hub', or 'consumer'
# Default value: supplier
;replica_role = supplier
# require_index (bool)
# Description: Set this parameter to "True" to refuse unindexed searches in this database.
# Default value: False
;require_index = False
# sample_entries (str)
# Description: Set this parameter to 'yes' to add latest version of sample entries to this database. Or, use '001003006' to use the 1.3.6 version sample entries. Use this option, for example, to create a database for testing purposes.
# Default value: no
sample_entries = no
# suffix (str)
# Description: Sets the root suffix stored in this database. If you do not uncomment and set the suffix attribute the install process will NOT create the backend/suffix. You can also create multiple backends/suffixes by duplicating this section.
# Default value:
suffix = dc=MASTER, dc=COM
my ~/.dsrc contains :
[MASTER]
uri = ldapi://%%2fvar%%2frun%%2fslapd-LDAP1.socket
basedn = dc=MASTER,dc=COM
binddn = cn=Directory Manager
Any clues as to what is wrong?
Cheers.
Phill.