Hi,
I am attempting to follow the guide at https://www.virtualmin.com/documentation/installation/ldap and set up an LDAp server on a Webmin node so that my Virtualmin Web node (and all other Web nodes in the cluster) can connect to it. I am running CentOS 7.2 x64 and the very latest version of Webmin but am running into a major problem on the first step of the configuration process.
I have installed all packages as instructed in the documentation without any errors, but when I go to the “Setting up Webmin’s LDAP Server module” section and create the “root DN” of “dc=jemediacorp,dc=com” and set the user password, I am unable to see the DN I just created when going to the “Browse Database” page. Instead, it says, “no such object.”
I have applied the configuration, stopped and started the server, changed the password, etc. but still get the “no such object” message. When I skip that part and go down to create a new LDAP tree for Unix users it fails because, of course, no parent object exists. I am using the slapd.d method of configuration as opposed to the old-style slapd.conf file and am running OpenLDAP 2.4.40.
How might I resolve this problem?
Thanks, -Logan
Comments
Submitted by andreychek on Tue, 06/07/2016 - 10:05 Comment #1
Howdy -- hmm, just to verify a few things -- I'm looking at the steps mentioned in the "Setting up Webmin's LDAP Server Module" section of that documentation.
Is the "nis"schema checked, as described in step #6?
In Step #8, that's what applies the settings to the LDAP server... you may want to verify that this was set (though I do think you said you did this part).
And then Step #9, did Webmin prompt you to create the root DN after step #8?
Submitted by JEMEDIACORP on Tue, 06/07/2016 - 10:36 Pro Licensee Comment #2
Hi,
In step 6, on the "Manage Schemas" page there are no checkboxes, just the name of the schema, its description, and "view" and "edit" links but no way to "select" a schema. Also, I did apply the configuration in step 8 but never got prompted to create the root DN in step 9.
However, I was able to get the root DN created by following the external guide located at http://www.learnitguide.net/2016/01/configure-openldap-server-on-rhel7.html. I didn't go through the whole thing, just to the part where you have to create the base.ldif file and add it to the database, but the only part of that file I used was the root DN part, not any of the users or etc. because I want to continue following the Virtualmin guide in the "Creating LDAP Trees" section.
I'll keep following the guide and let you know if I run into any more errors; the "Browse Database" page now correctly shows my root Dn instead of giving me the "no such object" error.
Thanks, -Logan
Submitted by JEMEDIACORP on Tue, 06/07/2016 - 16:00 Pro Licensee Comment #3
I followed the rest of the Setting Up LDAP guide without any further issues and now have one LDAP server and three client nodes. So I guess the issue with the base DN not being created automatically by Webmin was the only one I had while setting up LDAP, and I resolved it by manually creating the DN. However, please do let me know if you figure out the cause of the issue as it would be nice if Webmin could once again create the base DN for me automatically.
Thanks, -Logan
Submitted by andreychek on Tue, 06/07/2016 - 17:00 Comment #4
Hmm, we'll definitely need to take a look at the documentation, and how it works when setting on LDAP on CentOS 7.
But I'm glad you were able to get it working, thanks for letting us know!
Submitted by JEMEDIACORP on Tue, 06/07/2016 - 22:57 Pro Licensee Comment #5
Hi,
So my LDAP server is properly configured, at least reported by Webmin/Virtualmin, and I can properly use the LDAP Users and Groups module to create new user and group accounts without any issues whatsoever.
However, when I go to create a new virtual server, I get the following error at the very top: failed to create administration group [GROUPNAME]: group created but does not exist.
There was about a 10-second pause from when it started creating the group to when it failed with that error message.
I have checked and double-checked my configuration both on the server and client, and have completely disabled NSCD (systemctl stop nscd && systemctl disable nscd) on both the server and client, and have rebooted each machine, but still get this problem.
This looks like the last issue I would have with this as everything else in Virtualmin is configured and ready to start creating virtual servers.
Do you know how I could resolve this issue?
Thanks, -Logan
Submitted by JEMEDIACORP on Wed, 06/08/2016 - 11:40 Pro Licensee Comment #6
A quick update: when running ldapsearch on the server to show all accounts and attributes and etc., it seems the "example" user created by Webmin while following the documentation is correctly placed in the "Users" DN but when using the Webmin LDAP Users and Groups module on the client to create a test user, the user gets created but is not placed into the Users DN and cannot log into the server via SSH or through su. Not sure if this is an intentional issue or not....
Submitted by JEMEDIACORP on Wed, 06/08/2016 - 15:39 Pro Licensee Comment #7
One more update and new issue: I fixed the earlier issue where Virtualmin created the administration group but it did not exist. I can't remember exactly how I fixed it, I essentially just reconfigured the LDAP Client module, checked /etc/nslcd.conf, converted the old config file format Webmin used to the new format NSLCD expects, and restarted everything.
Now, everything works except creating mail aliases. Here is the output of the Create Virtual Server operation for context, notice the failures with mail aliases and the like:
Setting Up Virtual Server
In domain gbeverage.com Creating administration group gbeverage .. .. done Creating administration user gbeverage .. .. done
Creating aliases for administration user .. .. aliases failed : LDAP add of cn=gbeverage@gbeverage.com,dc=Virtual,dc=jemediacorp,dc=com failed : objectClass: value #0 invalid per syntax at ../web-lib-funcs.pl line 1427.
Adding administration user to groups .. .. done
Creating home directory .. .. done
Creating mailbox for administration user .. .. done
Adding new DNS zone .. .. done
Adding slave zone on ns13.airshock.net ns12.airshock.net .. .. done
Adding to email domains list .. .. Mail for domain failed! : LDAP add of cn=gbeverage.com,dc=Virtual,dc=jemediacorp,dc=com failed : objectClass: value #0 invalid per syntax at ../web-lib-funcs.pl line 1427.
Adding new virtual website .. .. done
Adding webserver user apache to server's group .. .. done
Performing other Apache configuration .. .. done
Setting up log file rotation .. .. done
Creating MySQL login .. .. done
Creating MySQL database clients_gbeverage .. .. done
Setting up spam filtering .. .. done
Setting up virus filtering .. .. done
Creating Webmin user .. .. done
Re-starting DNS server .. .. done
Re-starting slave DNS servers .. .. done
Applying web server configuration .. .. done
Re-loading Webmin .. .. done
Saving server details .. .. done
Installing third-party scripts .. Installing wordpress version 4.5.2 .. Configuring webserver PHP settings .. .. done .. done. WordPress installation complete. It can be accessed at http://gbeverage.com/wp-admin/install.php.
.. done Applying web server configuration .. .. done
Do you have any suggestions for where to look for this? Unfortunately it doesn't tell me the exact syntax error, just that there is "invalid syntax."
Thanks, -Logan
Submitted by JEMEDIACORP on Thu, 06/09/2016 - 13:54 Pro Licensee Comment #8
Fixed it! Turns out I forgot to go into the Postfix module and configure object attributes and etc. as mentioned in the documentation. So now everything in Virtualmin works properly. :)
Submitted by andreychek on Thu, 06/09/2016 - 22:15 Comment #9
That's great to hear, thanks for letting us know!