> On 15 May 2020, at 08:47, Matt Zagrabelny <mzagrabe@xxxxxxxxx> wrote: > > Hey William, > > Thanks for the welcome! > >> Hey there, welcome to LDAP and 389-ds! >> >> >> Yeah, this socket file name is encoded. Check for /var/run/slapd-<instance >> name>.socket, which in your case, is slapd-gopher.socket. > > Hmmm. Nope. No sockets. Here is what is in /var/run... > > # find -L /var/run -name '*sock*' > /var/run/dbus/system_bus_socket > /var/run/rpcbind.sock > /var/run/systemd/journal/socket > /var/run/systemd/inaccessible/sock > > >> >> >> Which program did you use to create the server? It should be dscreate as setup-ds.pl has >> been deprecated and should be removed .... > > Hmm. Okay. I did use the Perl script setup-ds. Debian documentation should be updated. I'll file a bug. > > I'll also try recreating things with the dscreate Python script. Yeh, I'd recreate with dscreate, because it actually sets up things as you would expect. setup-ds.pl should never be packaged on a 1.4.x release :( > >> >> >> Whin you run dsidm you need to use it as root or user dirsrv - this is because it reads >> the .dsrc of the user, finds the ldapi socket, and then uses the uid/gid of the current >> process to map your authetication through. > > Agreed. > >> >> When you use ldapmodify, you need to configure the related openldap tools instead, at >> /etc/openldap/ldap.conf. You can generate a configuration for this with: > > Ahh. Okay. Good to know. > > >> >> # >> # OpenLDAP client configuration >> # Generated by 389 Directory Server - dsidm >> # >> >> # See ldap.conf(5) for details >> # This file should be world readable but not world writable. >> >> BASE dc=blackhats,dc=net,dc=au >> # Remember to check this: you can have multiple uris on this line. You may have >> # multiple servers or load balancers in your environment. >> URI ldapi://%2fdata%2frun%2fslapd-localhost.socket >> # If you have DNS SRV records you can use: >> # URI ldaps:///dc%3Dblackhats%2Cdc%3Dnet%2Cdc%3Dau >> >> DEREF never >> # To use cacert dir, place *.crt files in this path then run: >> # /usr/bin/c_rehash /etc/openldap/certs >> TLS_CACERTDIR /etc/openldap/certs >> # TLS_CACERT /etc/openldap/certs/ca.crt >> >> >> >> It depends who the user is. If you have .dsrc with ldapi, you won't need a password as >> your are binding with cn=Directory Manager aka "root for 389-ds ldap". > > Agreed. > > If you >> end up delegating privileges, you wouldbind as "that users dn". >> >> Hope that helps somewhat! > > Thanks for the hints and help! > > Have a good night! If you have any more questions, please let us know! > > -m > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx