I use just installed Debian 6 with openldap 2.4. I have CentOS box too with openldap 2.3.
I make .ldif file from centOS (working configuration) box and successfully add all entries from ldif to Debian's openldap. After this, I try to use
ldapsearch -xLLL
and get an error
No such object (32)
command
ldapsearch -xLLL -b dc=pgtk,dc=edu,dc=ru
also doesn't work. I just can't understand what's wrong?
here is my slapd.conf
loglevel 0
modulepath /usr/lib/ldap
moduleload back_bdb.la
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/samba.schema
database bdb
suffix "dc=pgtk,dc=edu,dc=ru"
directory /var/lib/ldap
rootdn "cn=root,dc=pgtk,dc=edu,dc=ru"
rootpw {SSHA}Fq0LHya+lD4356rE5B91snwP5390fDUg
index objectClass eq,pres
index ou,cn,sn,mail,givenname eq,pres,sub,approx
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index entryCSN,entryUUID eq
index sambaSID,sambaPrimaryGroupSID eq
index sambaDomainName eq
access to attrs=userPassword
by dn.base="uid=ldap,ou=Users,dc=pgtk,dc=edu,dc=ru" write
by self write
by anonymous auth
access to attrs=sambaLMPassword
by dn.base="uid=ldap,ou=Users,dc=pgtk,dc=edu,dc=ru" write
by self write
by anonymous auth
access to attrs=sambaNTPassword
by dn.base="uid=ldap,ou=Users,dc=pgtk,dc=edu,dc=ru" write
by self write
by anonymous auth
access to *
by dn.base="uid=ldap,ou=Users,dc=pgtk,dc=edu,dc=ru" write
by * read
and my ldap.conf
BASE dc=pgtk,dc=edu,dc=ru
URI ldap://192.168.0.249
So, where I was wrong?
Best regards, thanks a lot for wasting your time.
P.S.
-
ldapsearch
on Debian with-h
and-b
parameters can successfully print ldap content from CentOS LDAP server. -
LDAP Account manager (LAM) on Debian box shows Debian's LDAP content.
-
slapcat
without any parameters on Debian box prints LDAP content.
Best Answer
I found solution! It was the access rights. Shoud be global access rule
before any database and access rights definition. Stupid mistake, but I thought that
enough for complete read access for all objects to all persons. In openldap 2.3 on CentOS box it's enough. Seems like openldap 2.4 has little different access rights politics.
Thanks all again for wasting your time!