I ma trying to install fedora-ds and am having some beginner problems.
The installation was accomplished on a Fedora 5 system from an rpm
download off of the fedora-ds site. I originally used a yum install but
could not get anything to work so I did a yum remove before I did an rpm
install. The setup script seemed to work ok, and now I am trying to
load a *.ldif file without success. I do not have a gui on this machine
so command line entry is necessary.
The command I am using to enter the data is :
ldapmodify -a -D cn=Directory Manager,dc=example,dc=com -W -f
newdat.ldif
The response I am getting is :
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
I thought perhaps I memorized the password wrong, but could not find
config file that the password is stored.
Sorry for the beginner question.
Any help would be appreciated.
Greg Ennis
Gregory P. Ennis wrote:> I ma trying to install fedora-ds and am having some beginner problems. > The installation was accomplished on a Fedora 5 system from an rpm > download off of the fedora-ds site. I originally used a yum install but > could not get anything to work so I did a yum remove before I did an rpm > install. The setup script seemed to work ok, and now I am trying to > load a *.ldif file without success. I do not have a gui on this machine > so command line entry is necessary. > > The command I am using to enter the data is : > ldapmodify -a -D cn=Directory Manager,dc=example,dc=com -W -f > newdat.ldif > > The response I am getting is : > ldap_sasl_interactive_bind_s: Unknown authentication method (-6) > additional info: SASL(-4): no mechanism available: > > I thought perhaps I memorized the password wrong, but could not find > config file that the password is stored. >Add "-x" after ldapmodify. /usr/bin/ldapmodify (et. al.) are the openldap tools - they all require the -x argument after the command name in order to use simple auth - without -x, by default, they all attempt to use sasl auth.> Sorry for the beginner question. > > Any help would be appreciated. > > Greg Ennis > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Gregory P. Ennis wrote:> On Mon, 2007-05-21 at 11:15 -0600, Richard Megginson wrote: > >> Gregory P. Ennis wrote: >> >>> I ma trying to install fedora-ds and am having some beginner problems. >>> The installation was accomplished on a Fedora 5 system from an rpm >>> download off of the fedora-ds site. I originally used a yum install but >>> could not get anything to work so I did a yum remove before I did an rpm >>> install. The setup script seemed to work ok, and now I am trying to >>> load a *.ldif file without success. I do not have a gui on this machine >>> so command line entry is necessary. >>> >>> The command I am using to enter the data is : >>> ldapmodify -a -D cn=Directory Manager,dc=example,dc=com -W -f >>> newdat.ldif >>> >>> The response I am getting is : >>> ldap_sasl_interactive_bind_s: Unknown authentication method (-6) >>> additional info: SASL(-4): no mechanism available: >>> >>> I thought perhaps I memorized the password wrong, but could not find >>> config file that the password is stored. >>> >>> >> Add "-x" after ldapmodify. /usr/bin/ldapmodify (et. al.) are the >> openldap tools - they all require the -x argument after the command name >> in order to use simple auth - without -x, by default, they all attempt >> to use sasl auth. >> >>> Sorry for the beginner question. >>> >>> Any help would be appreciated. >>> >>> Greg Ennis >>> >>> -- >>> > > Richard, > > That helped, but now I am getting : > > ldap_bind: No such object (32) > matched DN: dc=domain,dc=com > > I am not certain that I have the correct password is there a way to get > to the password or should I rerun the setup script? >Sorry, I didn''t notice this earlier. The correct bind DN is "cn=Directory Manager" - without the domain.> I did try to use openldap but could not get it to work remotely, I do > not have it running. Are their tools peculiar to fedora-ds that I > should be using to load data? > > Thanks for your help!!! > > Greg > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
On Mon, 2007-05-21 at 11:15 -0600, Richard Megginson wrote:> Gregory P. Ennis wrote: > > I ma trying to install fedora-ds and am having some beginner problems. > > The installation was accomplished on a Fedora 5 system from an rpm > > download off of the fedora-ds site. I originally used a yum install but > > could not get anything to work so I did a yum remove before I did an rpm > > install. The setup script seemed to work ok, and now I am trying to > > load a *.ldif file without success. I do not have a gui on this machine > > so command line entry is necessary. > > > > The command I am using to enter the data is : > > ldapmodify -a -D cn=Directory Manager,dc=example,dc=com -W -f > > newdat.ldif > > > > The response I am getting is : > > ldap_sasl_interactive_bind_s: Unknown authentication method (-6) > > additional info: SASL(-4): no mechanism available: > > > > I thought perhaps I memorized the password wrong, but could not find > > config file that the password is stored. > > > Add "-x" after ldapmodify. /usr/bin/ldapmodify (et. al.) are the > openldap tools - they all require the -x argument after the command name > in order to use simple auth - without -x, by default, they all attempt > to use sasl auth. > > Sorry for the beginner question. > > > > Any help would be appreciated. > > > > Greg Ennis > > > > --Richard, That helped, but now I am getting : ldap_bind: No such object (32) matched DN: dc=domain,dc=com I am not certain that I have the correct password is there a way to get to the password or should I rerun the setup script? I did try to use openldap but could not get it to work remotely, I do not have it running. Are their tools peculiar to fedora-ds that I should be using to load data? Thanks for your help!!! Greg
On Mon, 2007-05-21 at 11:33 -0600, Richard Megginson wrote:> Gregory P. Ennis wrote: > > On Mon, 2007-05-21 at 11:15 -0600, Richard Megginson wrote: > > > >> Gregory P. Ennis wrote: > >> > >>> I ma trying to install fedora-ds and am having some beginner problems. > >>> The installation was accomplished on a Fedora 5 system from an rpm > >>> download off of the fedora-ds site. I originally used a yum install but > >>> could not get anything to work so I did a yum remove before I did an rpm > >>> install. The setup script seemed to work ok, and now I am trying to > >>> load a *.ldif file without success. I do not have a gui on this machine > >>> so command line entry is necessary. > >>> > >>> The command I am using to enter the data is : > >>> ldapmodify -a -D cn=Directory Manager,dc=example,dc=com -W -f > >>> newdat.ldif > >>> > >>> The response I am getting is : > >>> ldap_sasl_interactive_bind_s: Unknown authentication method (-6) > >>> additional info: SASL(-4): no mechanism available: > >>> > >>> I thought perhaps I memorized the password wrong, but could not find > >>> config file that the password is stored. > >>> > >>> > >> Add "-x" after ldapmodify. /usr/bin/ldapmodify (et. al.) are the > >> openldap tools - they all require the -x argument after the command name > >> in order to use simple auth - without -x, by default, they all attempt > >> to use sasl auth. > >> > >>> Sorry for the beginner question. > >>> > >>> Any help would be appreciated. > >>> > >>> Greg Ennis > >>> > >>> -- > >>> > > > > Richard, > > > > That helped, but now I am getting : > > > > ldap_bind: No such object (32) > > matched DN: dc=domain,dc=com > > > > I am not certain that I have the correct password is there a way to get > > to the password or should I rerun the setup script? > > > Sorry, I didn''t notice this earlier. The correct bind DN is > "cn=Directory Manager" - without the domain. > > I did try to use openldap but could not get it to work remotely, I do > > not have it running. Are their tools peculiar to fedora-ds that I > > should be using to load data? > > > > Thanks for your help!!! > > > > Greg > > > > --Richard, Thank you, one step further.... but still no cigar. I had about 10 users to enter as test data, but am not sure if the data made it to the server. My entry command was : ldapmodify -v -x -a -D "cn=Directory Manager" -W -f ./EcCare.ldif And the response was : add objectclass: top domain add dc: EcCare add aci: (target ="ldap:///dc=EcCare,dc=com")(targetattr ! ="userPassword")(version 3.0;acl "Anonymous read-search access";allow (read, search, compare)(userdn = "ldap:///anyone");) (target="ldap:///dc=EcCare,dc=com") (targetattr = "*")(version 3.0; acl "allow all Admin group"; allow(all) groupdn "ldap:///cn=Directory Administrators,ou=Groups,dc=EcCare,dc=com";) adding new entry "dc=EcCare,dc=com" modify complete ldap_add: Already exists (68) When I perform : ldapsearch -x -b ''dc=eccare,dc=com'' ''(objectclass=*)'' I get : dn: dc=EcCare,dc=com objectClass: top objectClass: domain dc: EcCare # Directory Administrators, EcCare.com dn: cn=Directory Administrators, dc=EcCare,dc=com objectClass: top objectClass: groupofuniquenames cn: Directory Administrators Note: I used the Example.ldif as a template with some changes of the data. When I do : ldapsearch -x -b ''dc=eccare,dc=com'' ''(cn=Ennis)'' I get : # search result search: 2 result: 0 Success Which causes me to believe the details of the data did not make it to the server. If my questions are too newbie I will certianly take some direction to read, but so far I have not found the appropriate docs. Thanks again!!!! Greg
Gregory P. Ennis wrote:> <snip> > Richard, > > Thank you, one step further.... but still no cigar. > > I had about 10 users to enter as test data, but am not sure if the data > made it to the server. > > My entry command was : > ldapmodify -v -x -a -D "cn=Directory Manager" -W -f ./EcCare.ldif > > And the response was : > > add objectclass: > top > domain > add dc: > EcCare > add aci: > (target ="ldap:///dc=EcCare,dc=com")(targetattr ! > ="userPassword")(version 3.0;acl "Anonymous read-search access";allow > (read, search, compare)(userdn = "ldap:///anyone");) > (target="ldap:///dc=EcCare,dc=com") (targetattr = "*")(version > 3.0; acl "allow all Admin group"; allow(all) groupdn > "ldap:///cn=Directory Administrators,ou=Groups,dc=EcCare,dc=com";) > adding new entry "dc=EcCare,dc=com" > modify complete > ldap_add: Already exists (68) > > When I perform : > > ldapsearch -x -b ''dc=eccare,dc=com'' ''(objectclass=*)'' > > I get : > > dn: dc=EcCare,dc=com > objectClass: top > objectClass: domain > dc: EcCare > > # Directory Administrators, EcCare.com > dn: cn=Directory Administrators, dc=EcCare,dc=com > objectClass: top > objectClass: groupofuniquenames > cn: Directory Administrators > > Note: I used the Example.ldif as a template with some changes of the > data. > > When I do : > > ldapsearch -x -b ''dc=eccare,dc=com'' ''(cn=Ennis)'' > > I get : > > # search result > search: 2 > result: 0 Success > > Which causes me to believe the details of the data did not make it to > the server. >You are correct. The error Already exists (68) means you tried to add an entry that already exists (probably dc=EcCare,dc=com). Remove that entry from your ldif file and try again. When you run setup, and choose your initial base suffix, setup will create that entry for you. You can also add the "-c" argument to ldapmodify to make it continue despite errors.> If my questions are too newbie I will certianly take some direction to > read, but so far I have not found the appropriate docs. > > Thanks again!!!! > > Greg > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Gregory P. Ennis wrote:> On Mon, 2007-05-21 at 12:12 -0600, Richard Megginson wrote: > >> Gregory P. Ennis wrote: >> >>> <snip> >>> Richard, >>> >>> Thank you, one step further.... but still no cigar. >>> >>> I had about 10 users to enter as test data, but am not sure if the data >>> made it to the server. >>> >>> My entry command was : >>> ldapmodify -v -x -a -D "cn=Directory Manager" -W -f ./EcCare.ldif >>> >>> And the response was : >>> >>> add objectclass: >>> top >>> domain >>> add dc: >>> EcCare >>> add aci: >>> (target ="ldap:///dc=EcCare,dc=com")(targetattr ! >>> ="userPassword")(version 3.0;acl "Anonymous read-search access";allow >>> (read, search, compare)(userdn = "ldap:///anyone");) >>> (target="ldap:///dc=EcCare,dc=com") (targetattr = "*")(version >>> 3.0; acl "allow all Admin group"; allow(all) groupdn >>> "ldap:///cn=Directory Administrators,ou=Groups,dc=EcCare,dc=com";) >>> adding new entry "dc=EcCare,dc=com" >>> modify complete >>> ldap_add: Already exists (68) >>> >>> When I perform : >>> >>> ldapsearch -x -b ''dc=eccare,dc=com'' ''(objectclass=*)'' >>> >>> I get : >>> >>> dn: dc=EcCare,dc=com >>> objectClass: top >>> objectClass: domain >>> dc: EcCare >>> >>> # Directory Administrators, EcCare.com >>> dn: cn=Directory Administrators, dc=EcCare,dc=com >>> objectClass: top >>> objectClass: groupofuniquenames >>> cn: Directory Administrators >>> >>> Note: I used the Example.ldif as a template with some changes of the >>> data. >>> >>> When I do : >>> >>> ldapsearch -x -b ''dc=eccare,dc=com'' ''(cn=Ennis)'' >>> >>> I get : >>> >>> # search result >>> search: 2 >>> result: 0 Success >>> >>> Which causes me to believe the details of the data did not make it to >>> the server. >>> >>> >> You are correct. The error Already exists (68) means you tried to add >> an entry that already exists (probably dc=EcCare,dc=com). Remove that >> entry from your ldif file and try again. When you run setup, and choose >> your initial base suffix, setup will create that entry for you. You can >> also add the "-c" argument to ldapmodify to make it continue despite >> errors. >> >>> If my questions are too newbie I will certianly take some direction to >>> read, but so far I have not found the appropriate docs. >>> >>> Thanks again!!!! >>> >>> Greg >>> >>> > Richard, > > That was helpful... Looks like I have the data in the server now. I can > get ldapsearch to work but am not able to get evolution to display any > of the data. I was able to turn the logs on to debug for openldap, > where can I do this for fedora-ds so I can look at how evolution is > accessing slapd >http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting Keep in mind that the access log is buffered, which means requests and responses will not be immediately available in that file.> Thanks again for your help!!!! > > Greg > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
On Mon, 2007-05-21 at 12:12 -0600, Richard Megginson wrote:> Gregory P. Ennis wrote: > > <snip> > > Richard, > > > > Thank you, one step further.... but still no cigar. > > > > I had about 10 users to enter as test data, but am not sure if the data > > made it to the server. > > > > My entry command was : > > ldapmodify -v -x -a -D "cn=Directory Manager" -W -f ./EcCare.ldif > > > > And the response was : > > > > add objectclass: > > top > > domain > > add dc: > > EcCare > > add aci: > > (target ="ldap:///dc=EcCare,dc=com")(targetattr ! > > ="userPassword")(version 3.0;acl "Anonymous read-search access";allow > > (read, search, compare)(userdn = "ldap:///anyone");) > > (target="ldap:///dc=EcCare,dc=com") (targetattr = "*")(version > > 3.0; acl "allow all Admin group"; allow(all) groupdn > > "ldap:///cn=Directory Administrators,ou=Groups,dc=EcCare,dc=com";) > > adding new entry "dc=EcCare,dc=com" > > modify complete > > ldap_add: Already exists (68) > > > > When I perform : > > > > ldapsearch -x -b ''dc=eccare,dc=com'' ''(objectclass=*)'' > > > > I get : > > > > dn: dc=EcCare,dc=com > > objectClass: top > > objectClass: domain > > dc: EcCare > > > > # Directory Administrators, EcCare.com > > dn: cn=Directory Administrators, dc=EcCare,dc=com > > objectClass: top > > objectClass: groupofuniquenames > > cn: Directory Administrators > > > > Note: I used the Example.ldif as a template with some changes of the > > data. > > > > When I do : > > > > ldapsearch -x -b ''dc=eccare,dc=com'' ''(cn=Ennis)'' > > > > I get : > > > > # search result > > search: 2 > > result: 0 Success > > > > Which causes me to believe the details of the data did not make it to > > the server. > > > You are correct. The error Already exists (68) means you tried to add > an entry that already exists (probably dc=EcCare,dc=com). Remove that > entry from your ldif file and try again. When you run setup, and choose > your initial base suffix, setup will create that entry for you. You can > also add the "-c" argument to ldapmodify to make it continue despite > errors. > > If my questions are too newbie I will certianly take some direction to > > read, but so far I have not found the appropriate docs. > > > > Thanks again!!!! > > > > Greg > >Richard, That was helpful... Looks like I have the data in the server now. I can get ldapsearch to work but am not able to get evolution to display any of the data. I was able to turn the logs on to debug for openldap, where can I do this for fedora-ds so I can look at how evolution is accessing slapd Thanks again for your help!!!! Greg
On Mon, 2007-05-21 at 13:04 -0600, Richard Megginson wrote:> > > > http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting > > Keep in mind that the access log is buffered, which means requests and > responses will not be immediately available in that file. > > Thanks again for your help!!!! > > > > Greg > > > > --Richard, Thanks again, I have lots of log information, but can not figure out how to make this work with evolution. When I open a new ldap address book with evolution I can get to the server from the local network as well as from a remote machine. I can also pick a search base of "dc=EcCare,dc=com" so I know I am getting to the server, but I am not getting any data in the address book. Are their specific schema that should be used in reference to evolutions''s access or will the one in Example.ldif work? Greg
Gregory P. Ennis wrote:> On Mon, 2007-05-21 at 13:04 -0600, Richard Megginson wrote: > >>> >>> >> http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting >> >> Keep in mind that the access log is buffered, which means requests and >> responses will not be immediately available in that file. >> >>> Thanks again for your help!!!! >>> >>> Greg >>> >>> -- >>> > > Richard, > > Thanks again, I have lots of log information, but can not figure out how > to make this work with evolution. When I open a new ldap address book > with evolution I can get to the server from the local network as well as > from a remote machine. I can also pick a search base of > "dc=EcCare,dc=com" so I know I am getting to the server, but I am not > getting any data in the address book. > > Are their specific schema that should be used in reference to > evolutions''s access or will the one in Example.ldif work? >AFAIK, every address book client uses its own schema which is incompatible with all of the other address book clients, and with the standard inetOrgSchema used in Example.ldif.> Greg > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >