Forums

Resolved
0 votes
Hi! im trying to modify the LDAP schema to add de schema provided by Apache Guacamole. The command and has no more comments is "ldapadd -Q -Y EXTERNAL -H ldapi:/// -f schema/guacConfigGroup.ldif" and when i execute this command the result is "ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)"
Do you have any idea?
Thursday, June 11 2020, 11:16 PM
Share this post:
Responses (10)
  • Accepted Answer

    Sunday, June 14 2020, 06:49 PM - #Permalink
    Resolved
    0 votes
    Yes, the bind password is in /var/clearos/openldap/config.php.

    I wonder if you can add the schema to /etc/openldap/schema?
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, June 14 2020, 03:29 PM - #Permalink
    Resolved
    0 votes
    ok!i think the bind password was in /var/clearos/openldap/config.php i try poosible passwords but no luck. Thanks anyway!
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, June 13 2020, 09:41 PM - #Permalink
    Resolved
    0 votes
    I don't know, but try googling the error. There are references with solutions, but do not do anything which changes the bind password. As a suggestion, also keep a copy of the latest configuration backup file so you can revert if it all goes wrong.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, June 13 2020, 09:10 PM - #Permalink
    Resolved
    0 votes
    Well, i read the guide suggest and this is what happen:

    ldapadd -h localhost -D "cn=manager,ou=Internal,dc=system,dc=lan" -x -w xxxxxxxxxx -f guacamole-auth-ldap-1.1.0/schema/guacConfigGroup.ldif

    adding new entry "cn=guacConfigGroup,cn=schema,cn=config"
    ldap_add: Insufficient access (50)
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, June 13 2020, 06:38 PM - #Permalink
    Resolved
    0 votes
    I suggested dropping the "-Y EXTERNAL". You don't seem to have done that and I don't see that you've tried with the dn.

    A fresh install won't help. Have a look at this doc. Note that I believe ldapadd is just a shortcut for "ldapdiff -A" so the commands should be pretty much the same.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, June 13 2020, 06:28 PM - #Permalink
    Resolved
    0 votes
    yes! i try that you suggest, but is giving me another error:

    ldapadd -Y EXTERNAL -H ldap://127.0.0.1/ -f /root/guacamole-auth-ldap-1.1.0/schema/guacConfigGroup.ldif

    SASL/EXTERNAL authentication started
    ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
    additional info: SASL(-4): no mechanism available:

    is a fresh installation of Clearos

    is there a way to add de ldif to the schema?
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, June 13 2020, 06:19 PM - #Permalink
    Resolved
    0 votes
    yes! i try that you suggest, but is giving me another error:

    ldapadd -Y EXTERNAL -H ldap://127.0.0.1/ -f /root/guacamole-auth-ldap-1.1.0/schema/guacConfigGroup.ldif

    SASL/EXTERNAL authentication started
    ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
    additional info: SASL(-4): no mechanism available:

    is a fresh installation of Clearos

    is there a way to add de ldif to the schema?
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, June 13 2020, 07:28 AM - #Permalink
    Resolved
    0 votes
    All I can do is Google. I have no idea why you have the "-Y EXTERNAL" and I I suspect you don't need it. I don't know what your reference document is. I don't know if you need to specify the bind dn or password prompt either.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, June 12 2020, 09:56 PM - #Permalink
    Resolved
    0 votes
    Thanks! yeah i google a lot but still cant do it. I think i need to read more. Thank you!
    BTW the commando is from de Installation manual of Guacamole and dont have more comments about...
    The reply is currently minimized Show
  • Accepted Answer

    Friday, June 12 2020, 07:22 AM - #Permalink
    Resolved
    0 votes
    Instead of "-H ldapi:///", try "-H ldap://127.0.0.1/" or "-h ldap://127.0.0.1/" or even leave it out. The secret is somewhere there, but I don't think LDAP is listening on a socket so "ldapi" does not work.
    The reply is currently minimized Show
Your Reply