intro to 389 LDAP administration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Greetings 389 users,

I am a sysadmin that has never really used LDAP before. I have installed 389-ds and am a little stuck as to how to start.

I am using Debian Buster...

389-ds:
  Installed: 1.4.0.21-1

>From the site:

https://www.port389.org/docs/389ds/howto/howto-install-389.html

I see it recommends setting a .dsrc file to ease usage as the root user:

For local instance administration (on the server), you want to use settings like:

# cat ~/.dsrc
[localhost]
# Note that '/' is replaced to '%%2f'.
uri = ldapi://%%2fvar%%2frun%%2fslapd-localhost.socket
basedn = dc=example,dc=com
binddn = cn=Directory Manager

I don't have the socket file in my installation. I don't see any sockets owned by the directory service:

# systemctl status dirsrv@gopher.service
● dirsrv@gopher.service - 389 Directory Server gopher.                                                                                                                                                                                       
   Loaded: loaded (/lib/systemd/system/dirsrv@.service; enabled; vendor preset: enabled)                                                                                                                                                     
   Active: active (running) since Wed 2020-05-13 12:38:22 CDT; 2h 5min ago                                                                                                                                                                   
 Main PID: 12270 (ns-slapd)                                                                                                                                                                                                                  
   Status: "slapd started: Ready to process requests"                                                                                                                                                                                        
    Tasks: 25 (limit: 4722)                                                                                                                                                                                                                  
   Memory: 19.2M                                                                                                                                                                                                                             
   CGroup: /system.slice/system-dirsrv.slice/dirsrv@gopher.service                                                                                                                                                                           
           └─12270 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-gopher -i /var/run/dirsrv/slapd-gopher.pid

# tree /var/run/dirsrv
/var/run/dirsrv
├── slapd-gopher.pid
└── slapd-gopher.stats

The Debian package states to initialize the server to run the command: /usr/sbin/setup-ds

I don't know if that is a distribution agnostic program or not. The command did prompt me for a password - which I entered.

When I run a command like dsidm or ldapmodify, the command prompts me for a password. I enter the one that was prompted for with setup-ds, but I get:

SASL/SCRAM-SHA-1 authentication started
Please enter your password: 
ldap_sasl_interactive_bind_s: Invalid credentials (49)

I guess I have two questions.

1. Should there be a socket somewhere owned by slapd for local communication?

2. What password should I enter for ldap<command> and dsidm?

Thanks for any pointer, advice, or help!

-m
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux