Kyle Tucker
2006-Oct-21 19:45 UTC
[Fedora-directory-users] Can add with GUI, not with ldapmodify
Hi,
New clean installation of Fedora DS 1.0.2 on FC5. I
added a first user with the admin console, exported it to see
its attributes and made a template to add a new user via LDIF
like below. If I try to add it with ldapmodify, I get this:
ldapmodify -x -a -W -D "cn=Manager,dc=testdom,dc=net" -h \
localhost -f addtester.ldif
Enter LDAP Password:
ldap_bind: No such object (32)
matched DN: dc=testdom,dc=net
If import the exact same LDIF file with the admin console, it
goes right in and all the attributes are fine.
Any ideas? Thanks.
dn: uid=tester, ou=People, dc=testdom,dc=net
changetype: add
objectClass: top
objectClass: person objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
ou: People cn: Tony Tester
sn: Tester
givenName: Tony
uid: tester telephoneNumber: 603-555-1212
loginShell: /bin/sh
gidNumber: 100
uidNumber: 503 mail: tester@testdom.net
gecos: Tony Tester
homeDirectory: /usr/local/home/tester
userPassword: {SSHA}yYUVdAn95yDfzbIK92SuL0jK0cCnU//A
--
- Kyle
---------------------------------------------
kylet@panix.com http://www.panix.com/~kylet
---------------------------------------------
Chris St. Pierre
2006-Oct-21 23:09 UTC
Re: [Fedora-directory-users] Can add with GUI, not with ldapmodify
What happens if you try to bind as the directory manager to create Tony Tester''s entry? I.e., ldapmodify -x -a -W -D "cn=directory manager" -h -f addtester.ldif Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Sat, 21 Oct 2006, Kyle Tucker wrote:>Hi, > New clean installation of Fedora DS 1.0.2 on FC5. I >added a first user with the admin console, exported it to see >its attributes and made a template to add a new user via LDIF >like below. If I try to add it with ldapmodify, I get this: > >ldapmodify -x -a -W -D "cn=Manager,dc=testdom,dc=net" -h \ >localhost -f addtester.ldif >Enter LDAP Password: >ldap_bind: No such object (32) > matched DN: dc=testdom,dc=net > >If import the exact same LDIF file with the admin console, it >goes right in and all the attributes are fine. > >Any ideas? Thanks. > >dn: uid=tester, ou=People, dc=testdom,dc=net >changetype: add >objectClass: top >objectClass: person objectClass: organizationalPerson >objectClass: inetorgperson >objectClass: posixAccount >ou: People cn: Tony Tester >sn: Tester >givenName: Tony >uid: tester telephoneNumber: 603-555-1212 >loginShell: /bin/sh >gidNumber: 100 >uidNumber: 503 mail: tester@testdom.net >gecos: Tony Tester >homeDirectory: /usr/local/home/tester >userPassword: {SSHA}yYUVdAn95yDfzbIK92SuL0jK0cCnU//A > >-- >- Kyle >--------------------------------------------- >kylet@panix.com http://www.panix.com/~kylet >--------------------------------------------- > >-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Kyle Tucker
2006-Oct-22 14:35 UTC
Re: [Fedora-directory-users] Can add with GUI, not with ldapmodify
On Sat, Oct 21, 2006 at 06:09:51PM -0500, Chris St. Pierre wrote:> What happens if you try to bind as the directory manager to create > Tony Tester''s entry? I.e., > > ldapmodify -x -a -W -D "cn=directory manager" -h -f addtester.ldifI named my directory manager just "Manager" instead of "Directory Manager" so I could use the same scripts and templates with OpenLDAP as I am comparing the two to decide on which to implement. Is that a problem?> On Sat, 21 Oct 2006, Kyle Tucker wrote: > > >Hi, > > New clean installation of Fedora DS 1.0.2 on FC5. I > >added a first user with the admin console, exported it to see > >its attributes and made a template to add a new user via LDIF > >like below. If I try to add it with ldapmodify, I get this: > > > >ldapmodify -x -a -W -D "cn=Manager,dc=testdom,dc=net" -h \ > >localhost -f addtester.ldif > >Enter LDAP Password: > >ldap_bind: No such object (32) > > matched DN: dc=testdom,dc=net > > > >If import the exact same LDIF file with the admin console, it > >goes right in and all the attributes are fine. > > > >Any ideas? Thanks. > > > >dn: uid=tester, ou=People, dc=testdom,dc=net > >changetype: add > >objectClass: top > >objectClass: person objectClass: organizationalPerson > >objectClass: inetorgperson > >objectClass: posixAccount > >ou: People cn: Tony Tester > >sn: Tester > >givenName: Tony > >uid: tester telephoneNumber: 603-555-1212 > >loginShell: /bin/sh > >gidNumber: 100 > >uidNumber: 503 mail: tester@testdom.net > >gecos: Tony Tester > >homeDirectory: /usr/local/home/tester > >userPassword: {SSHA}yYUVdAn95yDfzbIK92SuL0jK0cCnU//A > > > >-- > >- Kyle > >--------------------------------------------- > >kylet@panix.com http://www.panix.com/~kylet > >--------------------------------------------- > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users@redhat.com > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >-- - Kyle --------------------------------------------- kylet@panix.com http://www.panix.com/~kylet ---------------------------------------------
Kyle Tucker
2006-Oct-22 17:02 UTC
Re: [Fedora-directory-users] Can add with GUI, not with ldapmodify
I reinstalled FDS with directory manager set as "Directory Manager" and I can now add LDIF files. I don''t know if that was the issue, but the problem went away. -- - Kyle --------------------------------------------- kylet@panix.com http://www.panix.com/~kylet ---------------------------------------------
Gordon Messmer
2006-Oct-22 23:57 UTC
Re: [Fedora-directory-users] Can add with GUI, not with ldapmodify
Kyle Tucker wrote:> > ldapmodify -x -a -W -D "cn=Manager,dc=testdom,dc=net" -h \ > localhost -f addtester.ldif > Enter LDAP Password: > ldap_bind: No such object (32) > matched DN: dc=testdom,dc=netThat means that "cn=Manager,dc=testdom,dc=net" doesn''t exist. Normally, your "manager" user isn''t within the base DN for the rest of your data. I''m not sure if it must be that way or not. You can, however, create an entry at "cn=Manager,dc=testdom,dc=net" after installation, and add that user to the managers group so that you can use the same scripts that you already use with OpenLDAP.
Pierangelo Masarati
2006-Oct-23 12:32 UTC
Re: [Fedora-directory-users] Can add with GUI, not with ldapmodify
> On Sat, Oct 21, 2006 at 06:09:51PM -0500, Chris St. Pierre wrote: >> What happens if you try to bind as the directory manager to create >> Tony Tester''s entry? I.e., >> >> ldapmodify -x -a -W -D "cn=directory manager" -h -f addtester.ldif > > I named my directory manager just "Manager" instead of "Directory > Manager" so I could use the same scripts and templates with OpenLDAP > as I am comparing the two to decide on which to implement. Is that > a problem?In OpenLDAP the rootdn can be whatever valid DN; maybe you should exploit flexibility where it''s easier, not the opposite ;). p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
Richard Megginson
2006-Oct-23 14:22 UTC
Re: [Fedora-directory-users] Can add with GUI, not with ldapmodify
Pierangelo Masarati wrote:>> On Sat, Oct 21, 2006 at 06:09:51PM -0500, Chris St. Pierre wrote: >> >>> What happens if you try to bind as the directory manager to create >>> Tony Tester''s entry? I.e., >>> >>> ldapmodify -x -a -W -D "cn=directory manager" -h -f addtester.ldif >>> >> I named my directory manager just "Manager" instead of "Directory >> Manager"Did you try -D "cn=Manager" in that case? That should have worked.>> so I could use the same scripts and templates with OpenLDAP >> as I am comparing the two to decide on which to implement. Is that >> a problem? >> > > In OpenLDAP the rootdn can be whatever valid DN; maybe you should exploit > flexibility where it''s easier, not the opposite ;). > > p. > > > > Ing. Pierangelo Masarati > OpenLDAP Core Team > > SysNet s.n.c. > Via Dossi, 8 - 27100 Pavia - ITALIA > http://www.sys-net.it > ------------------------------------------ > Office: +39.02.23998309 > Mobile: +39.333.4963172 > Email: pierangelo.masarati@sys-net.it > ------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Kyle Tucker
2006-Oct-25 09:23 UTC
Re: [Fedora-directory-users] Can add with GUI, not with ldapmodify
On Mon, Oct 23, 2006 at 08:22:43AM -0600, Richard Megginson wrote:> >>>ldapmodify -x -a -W -D "cn=directory manager" -h -f addtester.ldif > >>> > >>I named my directory manager just "Manager" instead of "Directory > >>Manager" > Did you try -D "cn=Manager" in that case? That should have worked.I am quite certain I had but can''t duplicate my issues since I reinstalled. In hindsight, it may have been as simple as an bad password as the requirement to have at least 8 characters on the Directory Manager account when I did the reinstall brought with it the potentially embarassing realization. - Kyle --------------------------------------------- kylet@panix.com http://www.panix.com/~kylet ---------------------------------------------