Craig White
2005-Dec-03 20:35 UTC
[Fedora-directory-users] command line client usage and simple bind
If this is too newbie - please ignore (I''m used to openldap and I''m struggling) commands like ldapsearch only seem to work if my cwd is /opt/fedora-ds/shared/bin # cd ~ [root@lin-workstation ~]# ldapsearch ldapsearch: error while loading shared libraries: libldap50.so: cannot open shared object file: No such file or directory anyway, I can cd /opt/fedora-ds/shared/bin but it''s a PITA the bigger problem, I wanted to simple bind and cannot do that... # ldapsearch -v -b "ou=people,dc=azapple,dc=com" "(objectclass=*)" gives me everyone in the container (I am obviously going to have to set up ACL''s) # ldapsearch -v -b "ou=people,dc=azapple,dc=com" \ -D "cn=Directory Manager,dc=azapple,dc=com" -w - \ "(objectclass=*)" and # ldapsearch -v -b "ou=people,dc=azapple,dc=com" \ -D "cn=admin,dc=azapple,dc=com" -w - \ "(objectclass=*)" both fail with ldapsearch: started Sat Dec 3 13:32:13 2005 ldap_init( localhost, 389 ) ldap_simple_bind: No such object ldap_simple_bind: matched: dc=azapple,dc=com I know it must be something obvious that I am missing but I have tried and tried with no success - is simple bind not permitted by default? Craig
Richard Megginson
2005-Dec-03 21:00 UTC
Re: [Fedora-directory-users] command line client usage and simple bind
Craig White wrote:>If this is too newbie - please ignore (I''m used to openldap and I''m >struggling) > >commands like ldapsearch only seem to work if my cwd is >/opt/fedora-ds/shared/bin ># cd ~ >[root@lin-workstation ~]# ldapsearch >ldapsearch: error while loading shared libraries: libldap50.so: cannot >open shared object file: No such file or directory > >Yep. You can either set your PATH to have /opt/fedora-ds/shared/bin before /usr/bin and set LD_LIBRARY_PATH to contain /opt/fedora-ds/shared/lib, or just use the ldapsearch in your PATH (/usr/bin) which is the OpenLDAP version.>anyway, I can cd /opt/fedora-ds/shared/bin but it''s a PITA > >the bigger problem, I wanted to simple bind and cannot do that... > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" "(objectclass=*)" > >gives me everyone in the container (I am obviously going to have to set >up ACL''s) > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" \ >-D "cn=Directory Manager,dc=azapple,dc=com" -w - \ >"(objectclass=*)" > >and > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" \ >-D "cn=admin,dc=azapple,dc=com" -w - \ >"(objectclass=*)" > >both fail with > >ldapsearch: started Sat Dec 3 13:32:13 2005 > >ldap_init( localhost, 389 ) >ldap_simple_bind: No such object >ldap_simple_bind: matched: dc=azapple,dc=com > >I know it must be something obvious that I am missing but I have tried >and tried with no success - is simple bind not permitted by default? > >That''s not it. In Fedora DS, the directory manager is not a ''real'' entry - it''s just a DN and a password. So yours is probably just "cn=directory manager" not "cn=directory manager,dc=azapple,dc=com". I think in OpenLDAP they have a per-database or per-naming context directory manager - not so in Fedora DS. Also, the console admin user is usually somewhere under o=netscaperoot, like uid=admin,cn=administrators,cn=topology management,o=netscaperoot.>Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > >
Craig White
2005-Dec-03 22:08 UTC
Re: [Fedora-directory-users] command line client usage and simple bind
On Sat, 2005-12-03 at 14:00 -0700, Richard Megginson wrote:> Craig White wrote: > > >If this is too newbie - please ignore (I''m used to openldap and I''m > >struggling) > > > >commands like ldapsearch only seem to work if my cwd is > >/opt/fedora-ds/shared/bin > ># cd ~ > >[root@lin-workstation ~]# ldapsearch > >ldapsearch: error while loading shared libraries: libldap50.so: cannot > >open shared object file: No such file or directory > > > > > Yep. You can either set your PATH to have /opt/fedora-ds/shared/bin > before /usr/bin and set LD_LIBRARY_PATH to contain > /opt/fedora-ds/shared/lib, or just use the ldapsearch in your PATH > (/usr/bin) which is the OpenLDAP version.---- I did PATH /opt/fedora-ds/shared/bin but I didn''t set LD_LIBRARY_PATH which was my problem. Also, I had removed the openldap-clients package previous to install fedora-ds and just reinstalled it since I pretty much am comfortable with the syntax of that client (subtle differences) ----> >anyway, I can cd /opt/fedora-ds/shared/bin but it''s a PITA > > > >the bigger problem, I wanted to simple bind and cannot do that... > > > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" "(objectclass=*)" > > > >gives me everyone in the container (I am obviously going to have to set > >up ACL''s) > > > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" \ > >-D "cn=Directory Manager,dc=azapple,dc=com" -w - \ > >"(objectclass=*)" > > > >and > > > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" \ > >-D "cn=admin,dc=azapple,dc=com" -w - \ > >"(objectclass=*)" > > > >both fail with > > > >ldapsearch: started Sat Dec 3 13:32:13 2005 > > > >ldap_init( localhost, 389 ) > >ldap_simple_bind: No such object > >ldap_simple_bind: matched: dc=azapple,dc=com > > > >I know it must be something obvious that I am missing but I have tried > >and tried with no success - is simple bind not permitted by default? > > > > > That''s not it. In Fedora DS, the directory manager is not a ''real'' > entry - it''s just a DN and a password. So yours is probably just > "cn=directory manager" not "cn=directory manager,dc=azapple,dc=com". I > think in OpenLDAP they have a per-database or per-naming context > directory manager - not so in Fedora DS. > > Also, the console admin user is usually somewhere under o=netscaperoot, > like uid=admin,cn=administrators,cn=topology management,o=netscaperoot.---- great explanation - got it - it works as you said. I''ve made a bunch of progress with your help - thanks Craig