Solved FreeBSD 13.1 + openLDAP 2.6

zicherka

zicherka

Hi!
I am asking you for help. So far I've been able to solve software installation problems on FreeBSD by searching the web. However, now I can't find a satisfactory and above all working answer to the question below. So to the point. I have FreeBSD 13.1 and openLDAP server 2.6 installed. The configuration file looks like this (I removed the commented out lines for clarity):

Code: 
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/corba.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/collective.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/duaconf.schema
include /usr/local/etc/openldap/schema/dyngroup.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/pmi.schema

TLSCACertificateFile /usr/local/openssl/certs/domain.test-CAcert.pem
TLSCertificateFile /usr/local/openssl/certs/vfbsd01.domain.test-cert.pem
TLSCertificateKeyFile /usr/local/openssl/certs/vfbsd01.domain.test-unencrypted-key.pem
TLSDHParamFile /usr/local/openssl/certs/vfbsd01.domain.test-dhparam.pem

allow bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

modulepath      /usr/local/libexec/openldap
moduleload      back_mdb
moduleload      back_ldap

database config

database        mdb
maxsize         1073741824
suffix          "dc=domain,dc=test"
rootdn          "cn=Manager,dc=domain,dc=test"
rootpw {SSHA}+difR5gyIzxxxxxxxxxxxxxxx/JbaKk7
checkpoint 1024 15
directory       /var/db/openldap-data

index   objectClass     eq

database monitor

access  to      attrs=userPassword
                by self write
                by anonymous write
                by * none

access  to      *
                by self write
                by users read
                by peername.ip=127.0.0.1 read
                by anonymous auth

I added an entry to the database regarding the domain and manager:

Code: 
fbsduser@vfbsd01:~ $ mcedit kierownik.ldif

dn: dc=domain,dc=test
objectclass: dcObject
objectclass: organization
o: domain.test
dc: domain

dn: cn=Manager,dc=domain,dc=test
objectclass: organizationalRole
cn: Manager

fbsduser@vfbsd01:~ $ ldapadd -x -D "cn=Manager,dc=domain,dc=test" -W -f kierownik.ldif -c
Enter LDAP Password: 
adding new entry "dc=domain,dc=test"
adding new entry "cn=Manager,dc=domain,dc=test"

I created an organizational unit for user entries:

Code: 
fbsduser@vfbsd01:~ $ mcedit osoby.ldif

dn: ou=Osoby,dc=domain,dc=test
objectclass: top
objectclass: organizationalUnit
ou: Osoby

fbsduser@vfbsd01:~ $ ldapadd -x -D "cn=Manager,dc=domain,dc=test" -W -f osoby.ldif
Enter LDAP Password:
adding new entry "ou=Osoby,dc=domain,dc=test"

I added a user to the database:

Code: 
fbsduser@vfbsd01:~ $ mcedit uzytkownik.ldif
dn: cn=Adam Adamowski,ou=Osoby,dc=domain,dc=test
objectclass: inetOrgPerson
cn: Adam Adamowski
givenname: Adam
sn: Adamowski
mail: aadamowski@domain.test

I added a password to the user:

Code: 
fbsduser@vfbsd01:~ $ echo -n "userPassword: " >> uzytkownik.ldif
fbsduser@vfbsd01:~ $ slappasswd >> uzytkownik.ldif

I added the contents of the uzytkownik.ldif file to the LDAP database:

Code: 
fbsduser@vfbsd01:~ $ ldapadd -x -D "cn=Manager,dc=domain,dc=test" -W -f uzytkownik.ldif
Enter LDAP Password:
adding new entry "cn=Adam Adamowski,ou=Osoby,dc=domain,dc=test"


The problem occurs when I want to check the correctness of the data entered into the lDAP database:

Code: 
fbsduser@vfbsd01:~ $ ldapsearch -W -H ldap://localhost/ -D ? cn=Manager,dc=domain,dc=test -b 'dc=domain,dc=test' '(objectclass=*)'
Enter LDAP Password:
ldap_bind: Invalid DN syntax (34)
        additional info: invalid DN

Where is this DN syntax error??
 
Mother of God - such a mistake. In fact, the question mark introduces an error.
I don't know why I put it there - some kind of eclipse.
Thank you so much for solving such a small problem for you, but a huge one for me. Thanks!
 
You must log in or register to reply here.
Back
Top