Topic: LDAP

[Charlie Nyman]

I can't seem to get LDAP to work. My mail client (I've tried several) all come back with "no user found", but I know the user exists.

Any hints. Thanks in advance

[Jason Miller]

Ok, lets see what we can do:

1. confirm that things are actually okay on the server end, though I suspect that they are.  Login to your server as root.

Type:

ps -aux | grep slapd

It should come up with something like so:

root      9820  0.0  0.1  3476 1072 ?        S    Oct11   0:00 slapd
root      9821  0.0  0.1  3476 1072 ?        S    Oct11   0:13 slapd
root      9822  0.0  0.1  3476 1072 ?        S    Oct11   0:01 slapd

This makes sure that the ldap daemon (slapd) is running and not down for whatever reason.

2. try a search on your user from the server.

Type:

/usr/bin/ldapsearch "cn=Jason Miller"
or
/usr/bin/ldapsearch "uid=jay"

NOTE: this is an example of how I find my own record in the ldap server here, cn is common name - so the name of the user you know is for sure in the ldap database, and uid is the userid of that user.

They'll return something like so:

uid=jay,dc=e-smith,dc=net
objectclass=person
uid=jay
cn=Jason Miller
givenname=Jason
sn=Miller
mail=jay@e-smith.net
telephonenumber=
o=e-smith, inc.
l=Ottawa
street=150 Metcalfe Street, Suite 1500

-> if either fails, then the problem is that your user was never created.  I suspect that this is not the case and that is more likely the user settings.

3.  what browser client are you using?  I'll give an example of a Netscape setting, I'm sure you can enterpolate that to another browser.

In the Netscape Address Book, edit/create a New Directory ... (from the File Menu).  Make sure the settings are as such:

Description:
LDAP Server:
Server Root:

an example from our own:

Description: e-smith Directory
LDAP Server:
Server Root: dc=e-smith, dc=com

Then make sure your user preferences (Edit -> Preferences -> Mail & Newsgroups -> Addressing) are set to look for that directory server

That should hopefully help.

Jason

[Tim Litwiller]

Hey, Thanks for that information!  I never knew how to test my ldap before.

[Jason Miller]

np.

There are a whole bunch of ldap commands in /usr/bin though using these (i.e. /usr/bin/ldapdelete) instead of going through the manager is not recommended as it could break other dependencies, but the ldapsearch is a handy little tool for sure.

[Charlie Nyman]

I found my problem, I did not have a space between "dc=rn-computing," and "dc=com". Thanks for the great info.

[Jim OBrien]

Has anyone had luck using E-Smith LDAP with Outlook 2000?  I was able to telnet in and test the LDAP server and it works, but outlook doesn't want to work.
Thanks
Jim

[Jason Miller]

Of course.  

My earlier instructions for this post will work with Outlook as well.  Assuming that your client machine is setup properly to point to the e-smith server (preferrably by DHCP) as its gateway you should be fine.

Some brief description would be to do as follows (please ignore any small miscalculations, I have no Outlook to:

In Tools -> Accounts, say "Add" but make it "Add New Directory Service" instead of "Add New Mail".

For Internet Directory (LDAP) server:
Say no to 'LDAP requires me to log on' as this is not how e-smith does LDAP.

Say yes to 'Do you want to check addresses using this directory service?'.

Then, click finish.

Edit the properties for the new service, click the Advanced Tab and set the Search Base to: dc=domain, dc=com

Example from e-smith on Outlook here:

LDAP server:
Search Base: dc=e-smith, dc=net

-> apparently the comma (,) and space ( ) between the 'dc' are actually quite important.  Don't ask why Outlook does this advanced stuff after the fact, its just something it does.

Hope that helps.

[Jim OBrien]

Thanks for all of your help. Oddly, it wouldn't work for me until I took the space out after the comma in the search base.
Now all I need to figure out is vacation messaging.
Jim OBrien