Re: Configuring the 389-ds-base on Fedora 30

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Okay, so you need to create the domain objects then. I'm not sure your ldapadd file is correct though, I think you need a blank line between the two entries? 

> On 24 Sep 2019, at 12:55, rtbell@xxxxxxxxxxxxxxxxxxx wrote:
> 
> William, 
> 
> The result was the same except that the base was <dc=granitemountain, dc=com> with scope subtree instead of <dc=granitemountain,> with scope subtree
> 
> Bob
> 
> -----Original Message-----
> From: William Brown [mailto:wbrown@xxxxxxx] 
> Sent: Monday, September 23, 2019 20:43
> To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: [389-users] Re: Configuring the 389-ds-base on Fedora 30
> 
> You need to quote it because else the shell thinks it's two arguments? 
> 
>> On 24 Sep 2019, at 12:31, rtbell@xxxxxxxxxxxxxxxxxxx <rtbell@xxxxxxxxxxxxxxxxxxx> wrote:
>> 
>> William -
>> 
>> I did it with this command:
>> ldapsearch -b dc=granitemountain, dc=com -h $HOSTNAME -x -D 
>> 'cn=Directory Manager' -W
>> 
>> The results were:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=granitemountain,> with scope subtree # filter: dc=com # 
>> requesting: ALL #
>> 
>> # search: results
>> search: 2
>> result: 32 No such object
>> 
>> # numResponses: 1
>> 
>> I am not sure what the ',' is doing in the base definition 
>> [<dc=granitemountain,>]
>> 
>> 
>> Bob
>> 
>> -----Original Message-----
>> From: William Brown [mailto:wbrown@xxxxxxx]
>> Sent: Monday, September 23, 2019 19:37
>> To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> Subject: [389-users] Re: Configuring the 389-ds-base on Fedora 30
>> 
>> Can you do an ldapsearch -b  dc=granitemountain, dc=com -h ... -x -D ... -W and see what exists already? 
>> 
>>> On 24 Sep 2019, at 10:39, rtbell@xxxxxxxxxxxxxxxxxxx <rtbell@xxxxxxxxxxxxxxxxxxx> wrote:
>>> 
>>> William,
>>> 
>>> I was trying it as you suggested. It now gets past the password issue. However, I am not hitting another roadblock. 
>>> 
>>> The original entries in the file I created are:
>>> 	dn: dc=granitemountain, dc=com
>>> 	objectClass: domain
>>> 	dc: granitemountain
>>> 	dn: dc=pki, dc=granitemountain, dc=com
>>> 	objectClass: domain
>>> 	dc: pki
>>> 
>>> When I created the file (without the leading tabs of course) I then used the command:
>>> ldapadd -f /tmp/ldapadd-file -h $HOSTNAME -x -D 'cn=Directory Manager' 
>>> -W as you suggested.
>>> 
>>> That got me past the password issue. Now however, it created the 
>>> first record (for the granitemountain domain) but it now issues a new error.
>>> The transcript is
>>> 
>>> 	Adding new entry "dc=pki", dc=granitemountain, dc=com"
>>> 	Ldap_add: No such object (32)
>>> 
>>> Any thoughts?
>>> 
>>> Bob
>>> 
>>> -----Original Message-----
>>> From: William Brown [mailto:wbrown@xxxxxxx]
>>> Sent: Monday, September 23, 2019 18:20
>>> To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>> Subject: [389-users] Re: Configuring the 389-ds-base on Fedora 30
>>> 
>>> Can you try the -f /file/of/changes rather than redirecting into the command? 
>>> 
>>>> On 24 Sep 2019, at 10:16, rtbell@xxxxxxxxxxxxxxxxxxx wrote:
>>>> 
>>>> William, thanks for responding. In the original command string I used -w redhat123 instead of -W which causes a prompt for the password. In both cases, I got the same error. 
>>>> 
>>>> -----Original Message-----
>>>> From: William Brown [mailto:wbrown@xxxxxxx]
>>>> Sent: Monday, September 23, 2019 18:12
>>>> To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Subject: [389-users] Re: Configuring the 389-ds-base on Fedora 30
>>>> 
>>>> 
>>>> 
>>>>> On 24 Sep 2019, at 09:46, rtbell@xxxxxxxxxxxxxxxxxxx <rtbell@xxxxxxxxxxxxxxxxxxx> wrote:
>>>>> 
>>>>> I have hit a roadblock and would appreciate any help I can get. I am running in a VM Workstation virtualization platform on a Windows 10 host machine.
>>>>> 
>>>>> I created a LAMP version of Fedora 30 using mariadb instead of mysql. I changed the host name to cn-poc-pki.granitemountain.com rebooted the system and verified that the host name was correct. I added cn-poc-pki.granitemountain.com to the hosts table and rebooted again. I then used dnf install 389-ds-base to retrieve the 389-ds subsystem. I used dscreate create-template ds.tmp to create a template. I used vim to update the fields in the template file I am attaching the template file. 
>>>>> 
>>>>> When I try to assert an ldapadd –h $HOSTNAME –x –D “cn=DirectoryManager” –W <<EOF with a number of additional parameters, I get an ldap_bind: Invalid credentials (49) error message. Obviously I have misconfigured something but I have been unable to discover what it might be. Could some of you experts please look at my configuration and tell me what I screwed up, please?
>>>> 
>>>> Hey there,
>>>> 
>>>> I wonder if you try something like:
>>>> 
>>>> ldapadd -f /path/to/file/of/changes -h $HOSTNAME -x -D 'cn=Directory 
>>>> Manager' -W
>>>> 
>>>> If that works.
>>>> 
>>>> I think that -W prompts, so right now you are echoing your changes as the password perhaps.
>>>> 
>>>> Hope that helps
>>>> 
>>>>> 
>>>>> Bob Bell
>>>>> 
>>>>> Granite Mountain Security Consultancy, LLC.
>>>>> 90 W 500 South, #404
>>>>> Bountiful UT 84010
>>>>> 
>>>>> 801-971-4200 (cell)
>>>>> rtbell@xxxxxxxxxxxxxxxxxxx
>>>>> 
>>>>> "Beware the engineers of society, I say, who would make everyone in 
>>>>> all the world equal.
>>>>> Opportunity should be equal, must be equal, but achievement must 
>>>>> remain individual.”
>>>>> ---Drizzt Do’Urden
>>>>> 
>>>>> 
>>>>> 
>>>>> <ds.tmp>_______________________________________________
>>>>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To 
>>>>> unsubscribe send an email to 
>>>>> 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> Fedora Code of Conduct: 
>>>>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>>> List Guidelines: 
>>>>> https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>> List Archives: 
>>>>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedor
>>>>> a
>>>>> p
>>>>> r
>>>>> oject.org
>>>> 
>>>> —
>>>> Sincerely,
>>>> 
>>>> William Brown
>>>> 
>>>> Senior Software Engineer, 389 Directory Server SUSE Labs 
>>>> _______________________________________________
>>>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To 
>>>> unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Fedora Code of Conduct: 
>>>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>> List Guidelines: 
>>>> https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>> List Archives: 
>>>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedora
>>>> p r oject.org _______________________________________________
>>>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To 
>>>> unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Fedora Code of Conduct: 
>>>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>> List Guidelines: 
>>>> https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>> List Archives: 
>>>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedora
>>>> p
>>>> r
>>>> oject.org
>>> 
>>> —
>>> Sincerely,
>>> 
>>> William Brown
>>> 
>>> Senior Software Engineer, 389 Directory Server SUSE Labs 
>>> _______________________________________________
>>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To 
>>> unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
>>> Fedora Code of Conduct: 
>>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines: 
>>> https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives: 
>>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedorap
>>> r oject.org _______________________________________________
>>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To 
>>> unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
>>> Fedora Code of Conduct: 
>>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines: 
>>> https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives: 
>>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedorap
>>> r
>>> oject.org
>> 
>> —
>> Sincerely,
>> 
>> William Brown
>> 
>> Senior Software Engineer, 389 Directory Server SUSE Labs 
>> _______________________________________________
>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To 
>> unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
>> Fedora Code of Conduct: 
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: 
>> https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: 
>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedorapr
>> oject.org _______________________________________________
>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To 
>> unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
>> Fedora Code of Conduct: 
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: 
>> https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: 
>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedorapr
>> oject.org
> 
>
> Sincerely,
> 
> William Brown
> 
> Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx

—
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux