Hi,
I’m setting up a new server and again I’m having problems with setting up LDAP (389-ds).
I can see that openSUSE LDAP documentation has changed since last time I was configuring 389-ds (https://doc.opensuse.org/documentation/leap/security/html/book.security/cha-security-ldap.html#sec-security-ldap-server-install) and there is also a section about configuring 389-ds on openSUSE in the official 389-ds documentation (which is more or less the same). I was hoping that this time it would go without any problems but it didn’t. The tools mentioned in both documentations are not available in openSUSE when installing 389-ds from official repositories. To get them I had to install 389-ds from experimental repository (build.opensuse.org/network:ldap).
Anyway, I finally managed to set the service up but now I can’t access LDAP users and groups using Yast2 Users and groups module. When I try to set LDAP filter there, there is no LDAP server address - it should be “localhost:389” I think but it is just “:389”. I think that’s the reason I can’t login with my Directory Manager credentials.
Is your server really named “server” on your network?
If not, that is likely a problem from what you posted.
If so, that also could be a problem because it’s inadvisable to use namespaces of commonly used words which can also be used elsewhere like in descriptions and default values (using values which can be default increases odds of a namespace collision/conflict).
Before configuring your LDAP server,
Verify that in your YaST > Network Settings module,
DNS/Hostname tab
Set the value for your Hostname correctly.
After setting your hostname,
From any console you open, you should see your new hostname.
When you run the following command, your new hostname should display
echo $HOSTNAME
I’m pretty sure you should also plan on your DNS FQDN should be consistent with the above settings for simplicity… Technically they don’t always have to be the same on a network but then you have to keep track what is happening whenever something depends on name resolution (like setting up LDAP).
To further ensure consistency in your machine, although likely unneeded I would recommend rebooting before you try configuring your LDAP again.
I never had a problem with server being named “server”. The old server had the same name (it’s different now) and it worked with LDAP.
Question is how does Users and groups module know about LDAP server? I’m not setting it up with Yasts “Create New Directory Server” but with that dscreate tool which isn’t even from the main repository. And I’m also not setting up LDAP Client on that server (never did and it worked).
Just a quick update.
I managed to set up 389 with Yasts “Create New Directory Server” using 389-ds from the main repository but that still didn’t solve the problem.