Hi, habe da ein Paar kleine Probleme mit dem Handling der LDAP-Datenbenk:
Offensichtlich schweine ich es in einer geg. Testkonfiguration zu schaffen, Daten in die Datenbank zu bringen. "slapcat" liest auch alle Daten wieder heraus. "ldapsearch" sowie "JXplorer" weigern sich standhaft, das eben in die Datenbank eingebrachte zu "sehen".
Zunächs einmal die config-dateien:
ldap.conf:
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_REQCERT allow
host 10.11.12.39
base "dc=plainjoe,dc=org"
ldapd.conf:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
loglevel 296
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib/openldap/modules
# moduleload back_ldap.la
# moduleload back_meta.la
# moduleload back_monitor.la
# moduleload back_perl.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access to user password
# Allow anonymous users to authenticate
# Allow read access to everything else
# Directives needed to implement policy:
#access to dn.base=""
# by * read
#
#access to dn.base="cn=Subschema"
# by * read
#
#access to attr=userPassword,userPKCS12
# by self write
# by * auth
#
#access to attr=shadowLastChange
# by self write
# by * read
access to *
by * read
access to *
by * write
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
checkpoint 1024 5
cachesize 10000
suffix "dc=plainjoe,dc=org"
rootdn "cn=Manager,dc=plainjoe,dc=org"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd( and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw blubber01
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
index objectClass eq
... als nächste habe ich mittels slapadd -v -l structure.ldif
structure.ldif:
dn: dc=plainjoe,dc=org
dc: plainjoe
objectClass: dcObject
objectClass: organizationalUnit
ou: PlainJoe Dot Org
dn: ou=people,dc=plainjoe,dc=org
ou: people
objectClass: organizationalUnit
...Strukturen angelegt und mit dem selben Kommando ein Paar Personendatensätze eingebracht:
slapadd -v -l data.ldif
data.ldif:
dn: cn=suseuser1, ou=people, dc=plainjoe,dc=org
cn: suseuser1
sn: suseuser
objectclass: Person
dn: cn=suseuser2, ou=people, dc=plainjoe,dc=org
cn: suseuser2
sn: suseuser
objectclass: Person
dn: cn=suseuser3, ou=people, dc=plainjoe,dc=org
cn: suseuser3
sn: suseuser
objectclass: Person
dn: cn=suseuser4, ou=people, dc=plainjoe,dc=org
cn: suseuser4
sn: suseuser
objectclass: Person
dn: cn=suseuser5, ou=people, dc=plainjoe,dc=org
cn: suseuser5
sn: suseuser
objectclass: Person
Das Problem ist, wie gesagt, "ldapsearch" wird die eben eingegebenen Daten nicht finden, obwohl ldapadd mit Erfolgmeldung baschliesst:
tcpc2039:/etc/openldap/ldiftest # ldapsearch -v -x -b 'dc=plainjoe,dc=org' -W -D "cn=Manager,dc=plainjoe,dc=org" -p 389 -h 10.11.12.39
ldap_initialize( ldap://10.11.12.39:389 )
Enter LDAP Password:
filter: (objectclass=*)
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <dc=plainjoe,dc=org> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
Währe nett, wenn mir da jemend weiter helpfen könnte.
Danke & Gruß Marcus
minzi0815 Gast |