Hey William, Thanks for the welcome! > Hey there, welcome to LDAP and 389-ds! > > > Yeah, this socket file name is encoded. Check for /var/run/slapd-<instance > name>.socket, which in your case, is slapd-gopher.socket. Hmmm. Nope. No sockets. Here is what is in /var/run... # find -L /var/run -name '*sock*' /var/run/dbus/system_bus_socket /var/run/rpcbind.sock /var/run/systemd/journal/socket /var/run/systemd/inaccessible/sock > > > Which program did you use to create the server? It should be dscreate as setup-ds.pl has > been deprecated and should be removed .... Hmm. Okay. I did use the Perl script setup-ds. Debian documentation should be updated. I'll file a bug. I'll also try recreating things with the dscreate Python script. > > > Whin you run dsidm you need to use it as root or user dirsrv - this is because it reads > the .dsrc of the user, finds the ldapi socket, and then uses the uid/gid of the current > process to map your authetication through. Agreed. > > When you use ldapmodify, you need to configure the related openldap tools instead, at > /etc/openldap/ldap.conf. You can generate a configuration for this with: Ahh. Okay. Good to know. > > # > # OpenLDAP client configuration > # Generated by 389 Directory Server - dsidm > # > > # See ldap.conf(5) for details > # This file should be world readable but not world writable. > > BASE dc=blackhats,dc=net,dc=au > # Remember to check this: you can have multiple uris on this line. You may have > # multiple servers or load balancers in your environment. > URI ldapi://%2fdata%2frun%2fslapd-localhost.socket > # If you have DNS SRV records you can use: > # URI ldaps:///dc%3Dblackhats%2Cdc%3Dnet%2Cdc%3Dau > > DEREF never > # To use cacert dir, place *.crt files in this path then run: > # /usr/bin/c_rehash /etc/openldap/certs > TLS_CACERTDIR /etc/openldap/certs > # TLS_CACERT /etc/openldap/certs/ca.crt > > > > It depends who the user is. If you have .dsrc with ldapi, you won't need a password as > your are binding with cn=Directory Manager aka "root for 389-ds ldap". Agreed. If you > end up delegating privileges, you wouldbind as "that users dn". > > Hope that helps somewhat! Thanks for the hints and help! Have a good night! -m _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
