Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Charlie Nyman on October 19, 2000, 04:59:45 PM
-
I can't seem to get LDAP to work. My mail client (I've tried several) all come back with "no user found", but I know the user exists.
Any hints. Thanks in advance
-
Ok, lets see what we can do:
1. confirm that things are actually okay on the server end, though I suspect that they are. Login to your server as root.
Type:
ps -aux | grep slapd
It should come up with something like so:
root 9820 0.0 0.1 3476 1072 ? S Oct11 0:00 slapd
root 9821 0.0 0.1 3476 1072 ? S Oct11 0:13 slapd
root 9822 0.0 0.1 3476 1072 ? S Oct11 0:01 slapd
This makes sure that the ldap daemon (slapd) is running and not down for whatever reason.
2. try a search on your user from the server.
Type:
/usr/bin/ldapsearch "cn=Jason Miller"
or
/usr/bin/ldapsearch "uid=jay"
NOTE: this is an example of how I find my own record in the ldap server here, cn is common name - so the name of the user you know is for sure in the ldap database, and uid is the userid of that user.
They'll return something like so:
uid=jay,dc=e-smith,dc=net
objectclass=person
uid=jay
cn=Jason Miller
givenname=Jason
sn=Miller
mail=jay@e-smith.net
telephonenumber=
o=e-smith, inc.
l=Ottawa
street=150 Metcalfe Street, Suite 1500
-> if either fails, then the problem is that your user was never created. I suspect that this is not the case and that is more likely the user settings.
3. what browser client are you using? I'll give an example of a Netscape setting, I'm sure you can enterpolate that to another browser.
In the Netscape Address Book, edit/create a New Directory ... (from the File Menu). Make sure the settings are as such:
Description:
LDAP Server:
Server Root:
an example from our own:
Description: e-smith Directory
LDAP Server:
Server Root: dc=e-smith, dc=com
Then make sure your user preferences (Edit -> Preferences -> Mail & Newsgroups -> Addressing) are set to look for that directory server
That should hopefully help.
Jason
-
Hey, Thanks for that information! I never knew how to test my ldap before.
-
np.
There are a whole bunch of ldap commands in /usr/bin though using these (i.e. /usr/bin/ldapdelete) instead of going through the manager is not recommended as it could break other dependencies, but the ldapsearch is a handy little tool for sure.
-
I found my problem, I did not have a space between "dc=rn-computing," and "dc=com". Thanks for the great info.
-
Has anyone had luck using E-Smith LDAP with Outlook 2000? I was able to telnet in and test the LDAP server and it works, but outlook doesn't want to work.
Thanks
Jim
-
Of course.
My earlier instructions for this post will work with Outlook as well. Assuming that your client machine is setup properly to point to the e-smith server (preferrably by DHCP) as its gateway you should be fine.
Some brief description would be to do as follows (please ignore any small miscalculations, I have no Outlook to:
In Tools -> Accounts, say "Add" but make it "Add New Directory Service" instead of "Add New Mail".
For Internet Directory (LDAP) server:
Say no to 'LDAP requires me to log on' as this is not how e-smith does LDAP.
Say yes to 'Do you want to check addresses using this directory service?'.
Then, click finish.
Edit the properties for the new service, click the Advanced Tab and set the Search Base to: dc=domain, dc=com
Example from e-smith on Outlook here:
LDAP server:
Search Base: dc=e-smith, dc=net
-> apparently the comma (,) and space ( ) between the 'dc' are actually quite important. Don't ask why Outlook does this advanced stuff after the fact, its just something it does.
Hope that helps.
-
Thanks for all of your help. Oddly, it wouldn't work for me until I took the space out after the comma in the search base.
Now all I need to figure out is vacation messaging.
Jim OBrien