Openldap on Red Hat Enterprise 6 has changed the new configuration file, which is a configuration tree style. If you has configured the Openldap in RHEL5 you may be confused when you completely configured for the slapd.conf and start ldap service, then use ldapadd or ldapsearch command for query data but it shown error “ldapadd ldap_bind: Invalid credentials (49)“. So, in this article I will give the way for solve the problem.
Before walkthrough on the configuration step you should to know that /etc/openldap/slapd.d/ is directory for store the new configuration file. By default it has provided example configuration on this directory. If you worry about how to configure a new ldap configuration style, you should relaxed and walk-through this step below for reach the new configuration style.
[root@ezylinux ~] # rm -rf /etc/openldap/slapd.d/* |
[root@ezylinux ~] # slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d |
[root@ezylinux ~] # chown -R ldap:ldap /etc/openldap/slapd.d |
[root@ezylinux ~] # chmod -R 000 /etc/openldap/slapd.d |
[root@ezylinux ~] # chmod -R u+rwX /etc/openldap/slapd.d |
After all the steps you can start the slapd service and then try to use ldapsearch and ldapadd again.
---------------------------------------------------
配置上述过程之前:
# ldapmodify -x -D "cn=Manager,dc=cjt,dc=com" -w infocoreldap_bind: Invalid credentials (49)
[root@chenjintao smbldap-tools]# smbldap-populate
Populating LDAP directory for domain DOMAIN.COM (S-1-5-21-2375657850-2705846475-872074600)
(using builtin directory structure)
adding new entry: dc=DOMAIN,dc=COM
failed to add entry: no global superior knowledge at /usr/sbin/smbldap-populate line 500,
....
adding new entry: cn=Replicators,ou=Group,dc=DOMAIN,dc=COM
failed to add entry: objectClass: value #2 invalid per syntax at /usr/sbin/smbldap-populate line 500,
adding new entry: sambaDomainName=DOMAIN,dc=DOMAIN,dc=COM
failed to add entry: invalid DN at /usr/sbin/smbldap-populate line 500,
配置上述过程之后:
[root@chenjintao openldap]# smbldap-populate
Populating LDAP directory for domain DOMAIN.COM (S-1-5-21-2375657850-2705846475-872074600)
(using builtin directory structure)
entry dc=DOMAIN,dc=COM already exist.
adding new entry: ou=People,dc=DOMAIN,dc=COM
adding new entry: ou=Group,dc=DOMAIN,dc=COM
adding new entry: ou=Computers,dc=DOMAIN,dc=COM
adding new entry: ou=Idmap,dc=DOMAIN,dc=COM
adding new entry: uid=root,ou=People,dc=DOMAIN,dc=COM
adding new entry: uid=nobody,ou=People,dc=DOMAIN,dc=COM
adding new entry: cn=Domain Admins,ou=Group,dc=DOMAIN,dc=COM
adding new entry: cn=Domain Users,ou=Group,dc=DOMAIN,dc=COM
adding new entry: cn=Domain Guests,ou=Group,dc=DOMAIN,dc=COM
adding new entry: cn=Domain Computers,ou=Group,dc=DOMAIN,dc=COM
adding new entry: cn=Administrators,ou=Group,dc=DOMAIN,dc=COM
adding new entry: cn=Account Operators,ou=Group,dc=DOMAIN,dc=COM
adding new entry: cn=Print Operators,ou=Group,dc=DOMAIN,dc=COM
adding new entry: cn=Backup Operators,ou=Group,dc=DOMAIN,dc=COM
adding new entry: cn=Replicators,ou=Group,dc=DOMAIN,dc=COM
adding new entry: sambaDomainName=DOMAIN.COM,dc=DOMAIN,dc=COM
Please provide a password for the domain root:
Changing UNIX and samba passwords for root
New password:
Retype new password:
[root@chenjintao openldap]#