Am 27.11.2015 um 16:53 schrieb Gary Stainburn <gary at ringways.co.uk>:> Since posting my first email I have re-generated both the root and Manager > passwords and re-run the setup. > > I no longer get the "Invalid credentials" error so presumably the problem must > have been a cut/paste issue. > > I now get the following error. As I am a total newbie to LDAP and don't really > know what's going on, I don't know what I need to do to fix it. > > [root at ollie2 ~]# ldapadd -x -D cn=Manager,dc=ringways,dc=com -W -f > basedomain.ldif > Enter LDAP Password: > adding new entry "dc=ringways,dc=com" > ldap_add: Naming violation (64) > additional info: value of single-valued naming attribute 'dc' > conflicts with value present in entry > [root at ollie2 ~]# cat basedomain.ldif > # replace to your own domain name for "dc=***,dc=***" section > > dn: dc=ringways,dc=com > objectClass: top > objectClass: dcObject > objectclass: organization > o: Ringways > dc: Server > > dn: cn=Manager,dc=server,dc=world > objectClass: organizationalRole > cn: Manager > description: Directory Manager > > dn: ou=People,dc=ringways,dc=com > objectClass: organizationalUnit > ou: People > > dn: ou=Group,dc=ringways,dc=com > objectClass: organizationalUnit > ou: Group# systemctl stop slapd # slapadd -v -l this-ldif-file # cat this-ldif-file dn: dc=ringways,dc=com objectClass: dcObject objectclass: organization o: Ringways dc: ringways # systemctl start slapd # ldapadd -x -D cn=Manager,dc=ringways,dc=com -W -f the-rest-of-yourfile -- LF
On Friday 27 November 2015 16:14:32 Leon Fauster wrote:> # systemctl stop slapd > > # slapadd -v -l this-ldif-file > > > # cat this-ldif-file > dn: dc=ringways,dc=com > objectClass: dcObject > objectclass: organization > o: Ringways > dc: ringways > > # systemctl start slapd > > > # ldapadd -x -D cn=Manager,dc=ringways,dc=com -W -f the-rest-of-yourfile(Sorry, but I am doing this parrot fashion as I really don't understand LDAP yet) All of this is taken from the page http://www.server-world.info/en/note?os=CentOS_7&p=openldap&f=1 and the bit that is failing is the very last step on that page. All I have done is copy the code and files direct from the web page, replacing the two password fields and replacing dc=server,dc=world with dc=ringways,dc=com where required. [root at ollie2 ~]# slapadd -v -l basedomain.ldif 56588237 The first database does not allow slapadd; using the first available one (2) slapadd: dn="dc=ringways,dc=com" (line=1): (64) value of single-valued naming attribute 'dc' conflicts with value present in entry _####### 39.95% eta none elapsed none spd 1.5 M/s Closing DB... [root at ollie2 ~]# cat basedomain.ldif # replace to your own domain name for "dc=***,dc=***" section dn: dc=ringways,dc=com objectClass: top objectClass: dcObject objectclass: organization o: Ringways dc: Server dn: cn=Manager,dc=ringways,dc=com objectClass: organizationalRole cn: Manager description: Directory Manager dn: ou=People,dc=ringways,dc=com objectClass: organizationalUnit ou: People dn: ou=Group,dc=ringways,dc=com objectClass: organizationalUnit ou: Group [root at ollie2 ~]#
Am 27.11.2015 um 17:22 schrieb Gary Stainburn <gary at ringways.co.uk>:> On Friday 27 November 2015 16:14:32 Leon Fauster wrote: >> # systemctl stop slapd >> >> # slapadd -v -l this-ldif-file >> >> >> # cat this-ldif-file >> dn: dc=ringways,dc=com >> objectClass: dcObject >> objectclass: organization >> o: Ringways >> dc: ringways >> >> # systemctl start slapd >> >> >> # ldapadd -x -D cn=Manager,dc=ringways,dc=com -W -f the-rest-of-yourfile > > (Sorry, but I am doing this parrot fashion as I really don't understand LDAP > yet) > > All of this is taken from the page > > http://www.server-world.info/en/note?os=CentOS_7&p=openldap&f=1 > > and the bit that is failing is the very last step on that page. All I have > done is copy the code and files direct from the web page, replacing the two > password fields and replacing dc=server,dc=world with dc=ringways,dc=com > where required. > > [root at ollie2 ~]# slapadd -v -l basedomain.ldif > 56588237 The first database does not allow slapadd; using the first available > one (2) > slapadd: dn="dc=ringways,dc=com" (line=1): (64) value of single-valued naming > attribute 'dc' conflicts with value present in entry > _####### 39.95% eta none elapsed none spd 1.5 M/s > Closing DB... > [root at ollie2 ~]# cat basedomain.ldif > # replace to your own domain name for "dc=***,dc=***" section > > dn: dc=ringways,dc=com > objectClass: top > objectClass: dcObject > objectclass: organization > o: Ringways > dc: Server^^^^^ this must be dc: ringways (like in your dn)! -- LF
On 11/27/2015 08:22 AM, Gary Stainburn wrote:> (Sorry, but I am doing this parrot fashion as I really don't understand LDAP > yet)OK, then let's start with a simple description of what LDAP is. I'd describe it as a directory server. Like your filesystem (a directory tree), it stores information in a named tree structure. Like your filesystem, every entry needs a parent entry in the path. Unlike your filesystem, the base (root) doesn't need to be the shortest name possible. You can use "dc=ringways,dc=com" as a base for your directory, without providing "dc=com" or an entry at "". Also unlike your filesystem, the data in an LDAP entry is structured; while all of the files in your filesystem are essentially blobs of binary data, data stored in LDAP is stored in named attributes of an entry which have rules describing what data is valid, how it should be sorted, and how it should be compared to search filters, etc.> [root at ollie2 ~]# slapadd -v -l basedomain.ldif > 56588237 The first database does not allow slapadd; using the first available > one (2) > slapadd: dn="dc=ringways,dc=com" (line=1): (64) value of single-valued naming > attribute 'dc' conflicts with value present in entry...> dn: dc=ringways,dc=com > objectClass: top > objectClass: dcObject > objectclass: organization > o: Ringways > dc: ServerA special rule of LDAP is that every entry has an attribute which is implied by its path. In this case, the entry "dc=ringways,dc=com" has an attribute named "dc" whose value is "ringways". You don't need to specify that attribute, but if you do, then it has to match the implied value. The error is telling you that there is an attribute named "dc", that the rules describing that attribute specify that it is single-valued (you cannot have multiple "dc" attributes, though some attributes do allow that sort of thing), and that you specified a value that conflicts with a value that was already present.