Re: 389ds for Dummies: How to get started with an empty 389ds server?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Thu, 24 Mar 2022 at 09:20, Johannes Kastl <kastl@xxxxxxxxxxxxx> wrote:
>
> Hi everyone,
>
> sorry if this question was asked before, but as I found nothing in the docs I am
> blocked at the moment.
>
> I got 389ds running in Kubernetes, which uses a very simple container.inf file:

This is actually a .dsrc file (even though it's named differently), so
it's not used to create an instance, but to help you to connect to
your instance using dsconf inside the container.

>
> > [localhost]
> > # Note that '/' is replaced to '%%2f' for ldapi url format.
> > # So this is pointing to /data/run/slapd-localhost.socket
> > uri = ldapi://%%2fdata%%2frun%%2fslapd-localhost.socket
> > binddn = cn=Directory Manager
> > # Set your basedn here
> > basedn = dc=example,dc=com
>
> So no sample entries are being generated (no "sample_entries = yes").
>
> I tried to follow and see which steps I need from the quickstart:
> https://www.port389.org/docs/389ds/howto/quickstart.html
>
> Checking the status is the first thing that does not work, as dsctl inside the
> container does not have a "status" subcommand:
> > 389server-6fff4cb6d8-kjjd4:/ # dsctl slapd-localhost status
> > usage: dsctl [-h] [-v] [-j] [-l] [instance] {db2index,db2bak,db2ldif,dbverify,bak2db,ldif2db,backups,ldifs,tls,healthcheck,get-nsstate,ldifgen,dsrc,cockpit,dblib} ...
> > dsctl: error: invalid choice: 'status' (choose from 'db2index', 'db2bak', 'db2ldif', 'dbverify', 'bak2db', 'ldif2db', 'backups', 'ldifs', 'tls', 'healthcheck', 'get-nsstate', 'ldifgen', 'dsrc', 'cockpit', 'dblib')
> > 389server-6fff4cb6d8-kjjd4:/ #
>
> The "healthcheck" seems to be successful. Puuh.
>
> Adding a user fails with "Error: 105 - 4 - 32 - No such object - []", most
> probably because there is no content inside the server yet (no base object,
> users OU or similar).
>
> So I tried to query the server using ldapsearch (from the outside) and got a
> working connection, even with "-ZZ":
>
> > $ ldapsearch -x -W -H ldap://my-389ds-server -D "cn=Directory Manager" -ZZ -b cn=config
>  > [...]
> > # search result
> > search: 3
> > result: 0 Success
> >
> > # numResponses: 161
> > # numEntries: 160
>
> OK, let's add a base object using ldapadd:
>
> > dn: dc=example,dc=com
> > objectClass: domain
> > objectClass: dcObject
>
> > $ ldapadd -x -f base_only.ldif -D "cn=Directory Manager" -W -H ldap://my-389ds-server
> > Enter LDAP Password:
> > adding new entry "dc=example,dc=com"
> > ldap_add: No such object (32)
>
> I tried different combinations of objectClass'es, but always got error 32.
>
> Question: How do I get content into the server initially? It seems I have an
> empty server, but I found no documentation on what to do at this point.

You have to create a backend and suffix first, because they are not
created by default:
dsconf localhost backend create --suffix="dc=example,dc=com" \
--be-name userRoot --create-suffix --create-entries

Leave --create-entries if you don't need sample entries present.

Sorry about the missing docs. I'm working on a howto doc for running
DS in OpenShift, hope to publish it soon.

>
> Am I missing some schema? If so, how would I bootstrap it?
>
> Sorry if those are obvious questions, but either I am lacking the deep LDAP
> knowledge to answer them myself or there is an error in my setup.
>
> Thanks in advance!
>
> Johannes
>
> --
> Johannes Kastl
> Linux Consultant & Trainer
> Tel.: +49 (0) 151 2372 5802
> Mail: kastl@xxxxxxxxxxxxx
>
> B1 Systems GmbH
> Osterfeldstraße 7 / 85088 Vohburg
> http://www.b1-systems.de
> GF: Ralph Dehner
> Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure



-- 
Viktor
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux