Thank you for your response. As far as your questions:
Did you build slapd(8) with {crypt} support?
Yes, I did. I used:
$ ./configure
If so, does the crypt(3) implementation used support the
password scheme used?
This I do not know. I have read through many documents and the 'Reilly book and
it appears to be supported. If anyone else knows, it would be greatly appreciated.
~~K
At 02:32 PM 8/19/2005, kandryc (AT) miser (DOT) umass.edu wrote:
>$ ldapsearch -v -x -W -b "dc=domain,dc=com" -D
>"uid=myuser,ou=people,dc=domain,dc=com" "(objectclass=*)"
>ldap_initialize( ldap://ldap.domain.com )
>Enter LDAP Password:
>ldap_bind: Invalid credentials
>
>dn: uid=myuser,ou=people,dc=domain,dc=com
>userPassword: {crypt}$1$XXXXXXXX/XXXXXXXXX/
>
Did you build slapd(8) with {crypt} support? If so,
does the crypt(3) implementation used support the
password scheme used?
Kurt
--

Hi,

'man crypt' should give you the answer.
If it says that it supports MD5-based algorithm (salt), then your ldap
binding should work.

Sam

Thank you for your response. As far as your questions:
>
>Did you build slapd(8) with {crypt} support?
>
Yes, I did. I used:

$ ./configure
>
>If so, does the crypt(3) implementation used support the
>password scheme used?
>
This I do not know. I have read through many documents and the 'Reilly
book and
it appears to be supported. If anyone else knows, it would be greatly
appreciated.

~~K
>
>At 02:32 PM 8/19/2005, kandryc (AT) miser (DOT) umass.edu wrote:
>>$ ldapsearch -v -x -W -b "dc=domain,dc=com" -D
>>"uid=myuser,ou=people,dc=domain,dc=com" "(objectclass=*)"
>>ldap_initialize( ldap://ldap.domain.com )
>>Enter LDAP Password:
>>ldap_bind: Invalid credentials
>>
>>dn: uid=myuser,ou=people,dc=domain,dc=com
>>userPassword: {crypt}$1$XXXXXXXX/XXXXXXXXX/
>>
>Did you build slapd(8) with {crypt} support? If so,
>does the crypt(3) implementation used support the
>password scheme used?
>>
>Kurt
>>
>>
>

At 08:06 AM 8/20/2005, kandryc (AT) miser (DOT) umass.edu wrote:
$ ./configure
/configure | grep crypt

At 10:21 AM 8/20/2005, Samuel Tran wrote:
>'man crypt' should give you the answer.

but not necessary the correct answer. There may be multiple
implementations of crypt(3) on the system, any of which
could be the being used by slapd(8). For instance, some
distributions of SSL contained a crypt(3) implementation.

Kurt

Yes, that was the reason. It was my ineptitude. I apologize. After performing:

$ ./configure
$ make depend
$ make
$ make test
$ make install

Everything now appears to work expept for one small item. When I try to add the
following LDIF:

dn: cn=root,ou=Group,dc=mydomain,dc=com
objectClass: posixGroup
objectClass: top
cn: root
userPassword: {crypt}x
gidNumber: 0

Using the following command:

$ ldapadd -D "cn=Manager,dc=mydomain,dc=com" -W -f group.ldif

I get the following error:

adding new entry "cn=root,ou=Group,dc=mydomain,dc=com"
ldap_add: class violation (65)
additional info: no structural object class provided

In slapd.conf, I do have the following schemas defined:

include /path/to/schema/core.schema
include /path/to/schema/cosine.schema
include /path/to/schema/nis.schema
include /

The posixGroup schema is defined in nis.schema. Any ideas?

Thanks,
~~K

Quoting "Kurt D. Zeilenga" <Kurt (AT) LDAP (DOT) org>:

At 08:06 AM 8/20/2005, kandryc (AT) miser (DOT) umass.edu wrote:
$ ./configure

./configure | grep crypt

At 01:31 PM 8/20/2005, kandryc (AT) miser (DOT) umass.edu wrote:
>When I try to add the following LDIF:
>
>dn: cn=root,ou=Group,dc=mydomain,dc=com
>objectClass: posixGroup
>objectClass: top

>adding new entry "cn=root,ou=Group,dc=mydomain,dc=com"
>ldap_add: class violation (65)
additional info: no structural object class provided

If you are using 2.3.5, you should consider upgrading to 2.3.6.
There as an error in nis.schema with the posixGroup object
class (see ITS#3941), it was incorrectly marked as being
an auxiliary class.

Kurt

Could the structural object class be added to the ldif manually?
Possibly found-out with a search on an existing entry with a '+' ?

8/20/05, Kurt D. Zeilenga <Kurt (AT) openldap (DOT) orgwrote:
At 01:31 PM 8/20/2005, kandryc (AT) miser (DOT) umass.edu wrote:
>When I try to add the following LDIF:
>
>dn: cn=root,ou=Group,dc=mydomain,dc=com
>objectClass: posixGroup
>objectClass: top
>
>adding new entry "cn=root,ou=Group,dc=mydomain,dc=com"
>ldap_add: class violation (65)
additional info: no structural object class provided

If you are using 2.3.5, you should consider upgrading to 2.3.6.
There as an error in nis.schema with the posixGroup object
class (see ITS#3941), it was incorrectly marked as being
an auxiliary class.

Kurt

At 09:56 AM 8/22/2005, matthew sporleder wrote:
>Could the structural object class be added to the ldif manually?

In this case, it was. posixGroup, per RFC 2307, is structural
and is listed in the LDIF as an objectClass value. Problem is,
I assume, that the nis.schema file in 2.3.5 had that class
mistaken marked as auxiliary. Upgrading to 2.3.6 should
resolve this problem.

>Possibly found-out with a search on an existing entry with a '+' ?

If one is adding an entry to the directory, searching for it
before hand will not reveal anything more than its non-existance.

Kurt

8/20/05, Kurt D. Zeilenga <Kurt (AT) openldap (DOT) orgwrote:
>At 01:31 PM 8/20/2005, kandryc (AT) miser (DOT) umass.edu wrote:
>>When I try to add the following LDIF:
>>
>>dn: cn=root,ou=Group,dc=mydomain,dc=com
>>objectClass: posixGroup
>>objectClass: top
>>
>>adding new entry "cn=root,ou=Group,dc=mydomain,dc=com"
>>ldap_add: class violation (65)
>additional info: no structural object class provided
>
>If you are using 2.3.5, you should consider upgrading to 2.3.6.
>There as an error in nis.schema with the posixGroup object
>class (see ITS#3941), it was incorrectly marked as being
>an auxiliary class.
>
>Kurt
>
>
>>