On Sat, 2005-12-03 at 14:00 -0700, Richard Megginson wrote: > Craig White wrote: > > >If this is too newbie - please ignore (I'm used to openldap and I'm > >struggling) > > > >commands like ldapsearch only seem to work if my cwd is > >/opt/fedora-ds/shared/bin > ># cd ~ > >[root at lin-workstation ~]# ldapsearch > >ldapsearch: error while loading shared libraries: libldap50.so: cannot > >open shared object file: No such file or directory > > > > > Yep. You can either set your PATH to have /opt/fedora-ds/shared/bin > before /usr/bin and set LD_LIBRARY_PATH to contain > /opt/fedora-ds/shared/lib, or just use the ldapsearch in your PATH > (/usr/bin) which is the OpenLDAP version. ---- I did PATH /opt/fedora-ds/shared/bin but I didn't set LD_LIBRARY_PATH which was my problem. Also, I had removed the openldap-clients package previous to install fedora-ds and just reinstalled it since I pretty much am comfortable with the syntax of that client (subtle differences) ---- > >anyway, I can cd /opt/fedora-ds/shared/bin but it's a PITA > > > >the bigger problem, I wanted to simple bind and cannot do that... > > > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" "(objectclass=*)" > > > >gives me everyone in the container (I am obviously going to have to set > >up ACL's) > > > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" \ > >-D "cn=Directory Manager,dc=azapple,dc=com" -w - \ > >"(objectclass=*)" > > > >and > > > ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" \ > >-D "cn=admin,dc=azapple,dc=com" -w - \ > >"(objectclass=*)" > > > >both fail with > > > >ldapsearch: started Sat Dec 3 13:32:13 2005 > > > >ldap_init( localhost, 389 ) > >ldap_simple_bind: No such object > >ldap_simple_bind: matched: dc=azapple,dc=com > > > >I know it must be something obvious that I am missing but I have tried > >and tried with no success - is simple bind not permitted by default? > > > > > That's not it. In Fedora DS, the directory manager is not a 'real' > entry - it's just a DN and a password. So yours is probably just > "cn=directory manager" not "cn=directory manager,dc=azapple,dc=com". I > think in OpenLDAP they have a per-database or per-naming context > directory manager - not so in Fedora DS. > > Also, the console admin user is usually somewhere under o=netscaperoot, > like uid=admin,cn=administrators,cn=topology management,o=netscaperoot. ---- great explanation - got it - it works as you said. I've made a bunch of progress with your help - thanks Craig
