Cant contact LDAP-Server

Hi,

i want to connect to my LDAP-Server with LDAP-Browser. The server runs on the same machine, sp i want to config for the first time. My linux distribution: OpenSuSe 11.1. OpenLDAP was installed with YaST. my domain is project.local. If i open the Browser and type in the ldap-server and the administrator-DN, the password and click “connect”, i receive message “Cant connect to LDAP server”
i tried ldap.project.local, 127.0.0.1, 192.168.100.1, ldap://1270.0.0.1, project.local but either i get “Invaild Server, Invalid DN” or “Cant connect LDAP server”

Does anybody know, whats wrong? I dont know, what to do.
Where can i find help for configuration LDAP with YaST? openSuSe documentation or OpenLDAP documentation?

best regards
florry

The openldap documentation is probably your best bet, as far as making sure slapd is configured correctly. I’ve found this guide the be pretty good for getting a handle on ldap.

sure, i searched the openldap doc, but without result. of course i found a description of common errors, but i dont know, what YaST requires at LDAP-Browser “LDAP-Server”

… my ldap-server is ldap.project.local. but if it type this in, i get

Invalid DN Syntax
Invalid DN

BUT: i typed in “ldap.hu-berlin.de” and it will accept, but i also get

Can’t connect LDAP-Server

What does YaST understand under a “correct Syntax”?
I found nothing. And the common errors-doc doesnt help :((((

For the LDAP server field yast expects the hostname/ip address of the ldap server.

example.ldap.server.com

If you’ve configured LDAP to listen on a different port:

example.ldap.server.com:<port>

It expects the manager dn & password as defined in /etc/openldap/slapd.conf. If you’re allowing anonymous access, you don’t need to put anything there.

Generally, that error means that either slapd isn’t running, or you haven’t opened up a port in the firewall for LDAP (389 for simple, 636 for ssl).

If you’re able to post specifics of how your directory is structured, it would help troubleshooting greatly.

my-linux # nmap localhost
shows

…]
389/tcp open ldap
…]

and
my-linux # /etc/init.d/ldap status
shows

Checking for service ldap: running

the ip-address of my ldap-server is 192.168.0.1 . many services run on this machine, e.g. dhcp, dns, samba…
i find out following:
if i open my browser and type in the ldap-server “ldap.project.local” and for "Administrator-DN “manager.project.local”, i get “Invalid DN syntax / Invalid DN”
Also with “192.168.0.1”, “127.0.0.1”, “192.168.0.1:389” for server.
for “ldap.hu-berlin.de” i get “Cant connect LDAP-Server”. consequentially , it doesnt find it in my network!
If i now type in my (hypothetical) correct data and want to connect as root, it doesnt function (invaild DN…)
BUT: if i try “anonymous connection” i can connect to my server, see my DIT. on the other site i cant change anything, because it cant save. Then the browser ask me for root-password and server and i get “invalid DN…” again.
Maybe false config? i dont know. need my server ssl/tls? i deactivated ssl/tls.

what do you mean with slapd.conf? yast doesnt use slapd.conf for server-config. the file is empty :frowning:

which specifics do you want to see?

Hi,

are you sure that the login is not expecting the fqdn ?

i.e. cn=joebloggs,ou=myhouse,dc=project,dc=local

hth
J

what do you mean with “fqdn”?
screenshot from my ldap-browser:
http://www.bilder-hochladen.net/files/thumbs/9quq-1.png](http://www.bilder-hochladen.net/files/9quq-1-png.html)

It does need the dn of the manager. Chapter 2 of the link in my first post explains how to navigate the directory.

Slaps.conf is the old way to configure ldap, you’re probably using the cn=config method.

even if i enter the manager-DN “manager.project.local” at “LDAP-Server” i get the error.
yast uses the dynamic configuration of ldap, therefor slap.conf is empty :question::question:

even if i enter the manager-DN “manager.project.local” at “LDAP-Server” i get the error.
yast uses the dynamic configuration of ldap, therefor slap.conf is empty :question::question:

EDIT if i enter a new file:

my-linux # cat >Test<<EOF
>dn: ou=Test,dc=project,dc=local
>objectClass: top
>objectClass: organizationalUnit
>ou: Test
>description: Test orgUnit
>EOF
my linux # slapadd -v -l Test

i can see it in the ldap-browser under anonymous account :open_mouth:

As stated by tuxituk, you need to specify the DN using the LDAP syntax. I’m going to guess yours is:

cn=Manager,dc=project,dc=local

You need the cn= part, and the dc= parts.

alright! i can connect to my ldap-server :slight_smile:
im so happy, thank you at everyone for help lol! :smiley:
but one thing at last: i thought in ldap-browser i can create users and OrgUnits, but there is no chance. I have to do in commandline like

my-linux # cat >OrgUnit<<EOF
>dn …
>…
>EOF

?