soup4you2
November 5th, 2003, 19:25
Ok i create a LDAP index with:

[code:1:f8509ac71a]
index cn,mail,surname,givename eq,subinitial
[/code:1:f8509ac71a]

and i have these schemas included

[code:1:f8509ac71a]
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
[/code:1:f8509ac71a]


i keep getting this error:

index attribute "givename" undefined

Any clues?

tarballed
November 5th, 2003, 19:58
When are you getting this error exactly?

soup4you2
November 5th, 2003, 20:06
upon starting slapd

soup4you2
November 5th, 2003, 20:17
Another issue.. did you get smbldap-tools to work properly?

/me should go back to my hacking linux books.. their easier to follow..

tarballed
November 5th, 2003, 20:32
Yes...the smbldap-tools can make life very easy.

What part are you having trouble with on the tools?

I know I had to edit the configs pretty heavily to get them working correctly.


Tarballed

tarballed
November 5th, 2003, 20:34
soup4you2,

at the very bottom of your slapd.conf file you should see something like this:

[code:1:fa75e4a7ea]index objectClass,rid,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
[/code:1:fa75e4a7ea]

Also, here are my schemas defined:

[code:1:fa75e4a7ea]include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
[/code:1:fa75e4a7ea]


Tarballed

soup4you2
November 5th, 2003, 20:41
so far my conf goes like this:

[code:1:10d4d6ee32]
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema

include /usr/local/etc/openldap/slapd.access.conf

database ldbm
suffix "dc=xxxxxxxxx,dc=xxx"
rootdn "cn=xxxxxxxxxxxxx,dc=xxxxxx,dc=xxxx"
rootpw {MD5}XXXXXXXXXXXXXXX
directory /var/db/openldap-data
index objectClass,rid,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname eq,subinitial
password-hash {crypt}
password-crypt-salt-format "$1$%.8s"

[/code:1:10d4d6ee32]

then as for ldap tools

first there's

# Put your own SID
# to obtain this number do: "net getlocalsid"
$SID='S-1-5-21-3516781642-1962875130-3438800523';

all i gotta say is What?

and the other options like

[code:1:10d4d6ee32]
# Master LDAP : needed for write operations
# Ex: $masterLDAP = "127.0.0.1";
$masterLDAP = "127.0.0.1";
$masterPort = "389";

# Use SSL for LDAP
# If set to "1", this option will use start_tls for connection
# (you should also used the port 389)
$ldapSSL = "0";

# LDAP Suffix
# Ex: $suffix = "dc=IDEALX,dc=ORG";
$suffix = "dc=IDEALX,dc=ORG";


# Where are stored Users
# Ex: $usersdn = "ou=Users,$suffix"; for ou=Users,dc=IDEALX,dc=ORG
$usersou = q(_USERS_);
$usersdn = "ou=$usersou,$suffix";

# Where are stored Computers
# Ex: $computersdn = "ou=Computers,$suffix"; for ou=Computers,dc=IDEALX,dc=ORG
$computersou = q(_COMPUTERS_);
$computersdn = "ou=$computersou,$suffix";

# Where are stored Groups
# Ex $groupsdn = "ou=Groups,$suffix"; for ou=Groups,dc=IDEALX,dc=ORG
$groupsou = q(_GROUPS_);
$groupsdn = "ou=$groupsou,$suffix";

# Default scope Used
$scope = "sub";

# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA)
$hash_encrypt="SSHA";
[/code:1:10d4d6ee32]

All i shoud have to do is tell it the right encription, cn and dc's correct? or is there any special modifying i gotta do

the ldap structure looks like:

[code:1:10d4d6ee32]
dn: dc=xxxxxxxxxxxxx,dc=xxx
objectClass: domain
dc: xxxxxxxxxxxxx

dn: ou=Groups,dc=xxxxxxxxxxxxx,dc=xxx
objectClass: top
objectClass: organizationalUnit
ou: Groups
description: System Groups

dn: ou=Users,dc=xxxxxxxxxxxxx,dc=xxx
objectClass: top
objectClass: organizationalUnit
ou: Users
description: Users of the Organization

dn: ou=xxxputers,dc=xxxxxxxxxxxxx,dc=xxx
objectClass: top
objectClass: organizationalUnit
ou: xxxputers
description: Windows Domain Computers

dn: cn=Domain Admins,ou=Groups,dc=xxxxxxxxxxxxx,dc=xxx
objectClass: posixGroup
gidNumber: 200
cn: Domain Admins
memberUid: administrator
description: Windows Domain Users

dn: cn=Domain Users,ou=Groups,dc=xxxxxxxxxxxxx,dc=xxx
objectClass: posixGroup
gidNumber: 201
cn: Domain Users
description: Windows Domain Users

dn: cn=Domain Guests,ou=Groups,dc=xxxxxxxxxxxxx,dc=xxx
objectClass: posixGroup
gidNumber: 202
cn: Domain Guests
description: Windows Domain Guests Users

dn: cn=Administrators,ou=Groups,dc=xxxxxxxxxxxxx,dc=xx x
description: Members can fully administer the xxxputer/domain
objectClass: posixGroup
gidNumber: 220
cn: Administrators
description: Windows Domain Members can fully administer the Computer/domain

dn: cn=Users,ou=Groups,dc=xxxxxxxxxxxxx,dc=xxx
description: Ordinary users
objectClass: posixGroup
gidNumber: 221
cn: Users
description: Windows Domain Ordinary users

dn: cn=Guests,ou=Groups,dc=xxxxxxxxxxxxx,dc=xxx
description: Users granted guest access to the xxxputer/domain
objectClass: posixGroup
gidNumber: 222
cn: Guests
memberUid: nobody
description: Windows Domain Users granted guest access to the Computer/domain

dn: cn=Power Users,ou=Groups,dc=xxxxxxxxxxxxx,dc=xxx
description: Members can share directories and printers
objectClass: posixGroup
gidNumber: 223
cn: Power Users
description: Windows Domain Members can share directories and printers

dn: cn=Account Operators,ou=Groups,dc=xxxxxxxxxxxxx,dc=xxx
objectClass: posixGroup
gidNumber: 224
cn: Account Operators
description: Windows Domain Users to manipulate users accounts

dn: cn=Server Operators,ou=Groups,dc=xxxxxxxxxxxxx,dc=xxx
objectClass: posixGroup
gidNumber: 225
cn: Server Operators
description: Windows Domain Server Operators

dn: cn=Print Operators,ou=Groups,dc=xxxxxxxxxxxxx,dc=xxx
objectClass: posixGroup
gidNumber: 226
cn: Print Operators
description: Windows Domain Print Operators

dn: cn=Backup Operators,ou=Groups,dc=xxxxxxxxxxxxx,dc=xxx
objectClass: posixGroup
gidNumber: 227
cn: Backup Operators
description: Windows Domain Members can bypass file security to back up files

dn: cn=Replicator,ou=Groups,dc=xxxxxxxxxxxxx,dc=xxx
description: Supports file replication in a domain
objectClass: posixGroup
gidNumber: 228
cn: Replicator
description: Windows Domain Supports file replication in a domain
[/code:1:10d4d6ee32]

tarballed
November 5th, 2003, 21:06
soup,

try this:

For your slapd.conf add this to it:

original:

[code:1:c1fbe50bc8]index cn,mail,surname eq,subinitial [/code:1:c1fbe50bc8]

New version:

[code:1:c1fbe50bc8]index cn,mail,surname,givenname eq,subinitial[/code:1:c1fbe50bc8]

As far as:

# Put your own SID
# to obtain this number do: "net getlocalsid"
$SID='S-1-5-21-3516781642-1962875130-3438800523';

all i gotta say is What?

SID is Microsofts Security Identifier for each computer. If you wanted to set a SID for a specific computer, you could. Only way I could see you doing this is if you were moving a computer from an AD environment and needed to maintain the SID. I've never had any issues with it. YOu may run into some problems if you Ghost Windows machines and then have them join your Domain.

All i shoud have to do is tell it the right encription, cn and dc's correct? or is there any special modifying i gotta do

Correct. Just modify your tools to add your specific options. Thus, when you start adding users, groups, deleting etc, the tools are setup just as how you setup your LDAP tree.

Make sure you check both smbldap_conf.pm as well as smbldap_tools.pm

They both feed off of each other.

Hope this helps.

Tarballed

soup4you2
November 5th, 2003, 21:11
soup,

try this:

For your slapd.conf add this to it:

original:

[code:1:91cacb5878]index cn,mail,surname eq,subinitial [/code:1:91cacb5878]

New version:

[code:1:91cacb5878]index cn,mail,surname,givenname eq,subinitial[/code:1:91cacb5878]



oops givename was in there.. i just pasted that out of the current conf.. i removed it from the errors.. can you go into your schema dir and run:

more * | grep -l 'givenname' *

and tell me what schema that goes twords..

i got ldap-tools working thanks.. the issue i was having was i forgot to install:
p5-ResourcePool-Resource-Net-LDAP

soup4you2
November 5th, 2003, 21:19
got it working... thanks.

tarballed
November 5th, 2003, 21:23
Sweet!

what was it?

soup4you2
November 5th, 2003, 21:48
well errm maybe not...

[code:1:a7018b8711]
# ./smbldap-useradd.pl -m test
failed to add entry: parent does not exist at ./smbldap-useradd.pl line 232, <DATA> line 283.
No such object at /wip/ldap//smbldap_tools.pm line 176, <DATA> line 283.
[/code:1:a7018b8711]