[Fedora-directory-users] command line client usage and simple bind

Craig White craigwhite at azapple.com
Sat Dec 3 22:08:29 UTC 2005 

On Sat, 2005-12-03 at 14:00 -0700, Richard Megginson wrote:
> Craig White wrote:
> 
> >If this is too newbie - please ignore (I'm used to openldap and I'm
> >struggling)
> >
> >commands like ldapsearch only seem to work if my cwd is
> >/opt/fedora-ds/shared/bin
> ># cd ~
> >[root at lin-workstation ~]# ldapsearch
> >ldapsearch: error while loading shared libraries: libldap50.so: cannot
> >open shared object file: No such file or directory
> >  
> >
> Yep.  You can either set your PATH to have /opt/fedora-ds/shared/bin 
> before /usr/bin and set LD_LIBRARY_PATH to contain 
> /opt/fedora-ds/shared/lib, or just use the ldapsearch in your PATH 
> (/usr/bin) which is the OpenLDAP version.
----
I did PATH /opt/fedora-ds/shared/bin but I didn't set LD_LIBRARY_PATH
which was my problem. Also, I had removed the openldap-clients package
previous to install fedora-ds and just reinstalled it since I pretty
much am comfortable with the syntax of that client (subtle differences)
----
> >anyway, I can cd /opt/fedora-ds/shared/bin but it's a PITA
> >
> >the bigger problem, I wanted to simple bind and cannot do that...
> >
> ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" "(objectclass=*)"
> >
> >gives me everyone in the container (I am obviously going to have to set
> >up ACL's)
> >
> ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" \
> >-D "cn=Directory Manager,dc=azapple,dc=com" -w - \
> >"(objectclass=*)"
> >
> >and
> >
> ># ldapsearch -v -b "ou=people,dc=azapple,dc=com" \
> >-D "cn=admin,dc=azapple,dc=com" -w - \
> >"(objectclass=*)"
> >
> >both fail with
> >
> >ldapsearch: started Sat Dec  3 13:32:13 2005
> >
> >ldap_init( localhost, 389 )
> >ldap_simple_bind: No such object
> >ldap_simple_bind: matched: dc=azapple,dc=com
> >
> >I know it must be something obvious that I am missing but I have tried
> >and tried with no success - is simple bind not permitted by default?
> >  
> >
> That's not it.  In Fedora DS, the directory manager is not a 'real' 
> entry - it's just a DN and a password.  So yours is probably just 
> "cn=directory manager" not "cn=directory manager,dc=azapple,dc=com".  I 
> think in OpenLDAP they have a per-database or per-naming context 
> directory manager - not so in Fedora DS.
> 
> Also, the console admin user is usually somewhere under o=netscaperoot, 
> like uid=admin,cn=administrators,cn=topology management,o=netscaperoot.
----
great explanation - got it - it works as you said. 

I've made a bunch of progress with your help - thanks

Craig

More information about the Fedora-directory-users mailing list