LDAP Problem
5 views
Skip to first unread message
Subhasis Dasgupta
Oct 22, 2008, 8:59:19 AM10/22/08
to puppet...@googlegroups.com
I am trying to configure puppet with LDAP repository . I have set puppet schema and I have also added node definition at LDAP.
Here is my configuration details .
##############################################################
Puppet.conf
node_terminus = ldap
ldapserver = 10.250.11.127
ldapbase = ou=Hosts,dc=xyz,dc=com
ldapassword = secret
#############################################################
Node details
####################
# extended LDIF
#
# LDAPv3
# base <dc=xyz,dc=com> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# xyz.com
dn: dc=xyz,dc=com
objectClass: dcObject
objectClass: organization
o: Example Company
dc: xyz
# Manager, xyz.com
dn: cn=Manager,dc=xyz,dc=com
objectClass: organizationalRole
cn: Manager
# Hosts, xyz.com
dn: ou=Hosts,dc=xyz,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Hosts
# default, Hosts, xyz.com
dn: cn=default,ou=Hosts,dc=xyz,dc=com
cn: default
description: Default
objectClass: device
objectClass: top
objectClass: puppetClient
puppetclass: defaultapps
# basenode, Hosts, xyz.com
dn: cn=basenode,ou=Hosts,dc=xyz,dc=com
cn: basenode
description: Basenode
objectClass: device
objectClass: top
objectClass: puppetClient
puppetclass: baseapps
# webserver, Hosts, xyz.com
dn: cn=webserver,ou=Hosts,dc=xyz,dc=com
cn: webserver
description: Webserver
objectClass: device
objectClass: top
objectClass: puppetClient
parentnode: basenode
puppetclass: apache
puppetclass: squid
puppetclass: named
# www1.testing.com, Hosts, xyz.com
dn: cn=www1.testing.com,ou=Hosts,dc=xyz,dc=com
cn: www1.testing.com
description: webserving host
objectClass: device
objectClass: top
objectClass: puppetClient
objectClass: ipHost
parentnode: webserver
ipHostNumber: 192.168.0.100
# ip-10-251-122-148.ec2.internal, Hosts, xyz.com
dn: cn=ip-10-251-122-148.ec2.internal,ou=Hosts,dc=xyz,dc=com
description: webserving host
objectClass: device
objectClass: ipHost
objectClass: puppetClient
objectClass: top
cn: ip-10-251-122-148.ec2.internal
environment: production
ipHostNumber: ip-10-251-122-148.ec2.internal
puppetclass: webserver
puppetclass: puppetserver
puppetclass: mailserver
parentnode: basenode
# search result
search: 2
result: 0 Success
# numResponses: 9
# numEntries: 8
##############################################################################
Now when I start my puppetmaster and try to connect with some it's giving the following error
[root@ip-10-250-11-127 puppet]# /usr/bin/puppetmasterd --verbose --no-daemonize
info: Starting server for Puppet version 0.24.5
info: Listening on port 8140
notice: Starting Puppet server version 0.24.5
info: Expiring the node cache of ip-10-251-122-148.ec2.internal
info: Not using expired node for ip-10-251-122-148.ec2.internal from cache; expired at Wed Oct 22 08:56:24 EDT 2008
info: Caching node for ip-10-251-122-148.ec2.internal
err: Could not find default node or by name with 'ip-10-251-122-148.ec2.internal, ip-10-251-122-148.ec2, ip-10-251-122-148' on node ip-10-251-122-148.ec2.internal
err: Could not find default node or by name with 'ip-10-251-122-148.ec2.internal, ip-10-251-122-148.ec2, ip-10-251-122-148' on node ip-10-251-122-148.ec2.internal
######################################################################################
what should I do ?
-Subhasis
--
Here is my configuration details .
##############################################################
Puppet.conf
node_terminus = ldap
ldapserver = 10.250.11.127
ldapbase = ou=Hosts,dc=xyz,dc=com
ldapassword = secret
#############################################################
Node details
####################
# extended LDIF
#
# LDAPv3
# base <dc=xyz,dc=com> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# xyz.com
dn: dc=xyz,dc=com
objectClass: dcObject
objectClass: organization
o: Example Company
dc: xyz
# Manager, xyz.com
dn: cn=Manager,dc=xyz,dc=com
objectClass: organizationalRole
cn: Manager
# Hosts, xyz.com
dn: ou=Hosts,dc=xyz,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Hosts
# default, Hosts, xyz.com
dn: cn=default,ou=Hosts,dc=xyz,dc=com
cn: default
description: Default
objectClass: device
objectClass: top
objectClass: puppetClient
puppetclass: defaultapps
# basenode, Hosts, xyz.com
dn: cn=basenode,ou=Hosts,dc=xyz,dc=com
cn: basenode
description: Basenode
objectClass: device
objectClass: top
objectClass: puppetClient
puppetclass: baseapps
# webserver, Hosts, xyz.com
dn: cn=webserver,ou=Hosts,dc=xyz,dc=com
cn: webserver
description: Webserver
objectClass: device
objectClass: top
objectClass: puppetClient
parentnode: basenode
puppetclass: apache
puppetclass: squid
puppetclass: named
# www1.testing.com, Hosts, xyz.com
dn: cn=www1.testing.com,ou=Hosts,dc=xyz,dc=com
cn: www1.testing.com
description: webserving host
objectClass: device
objectClass: top
objectClass: puppetClient
objectClass: ipHost
parentnode: webserver
ipHostNumber: 192.168.0.100
# ip-10-251-122-148.ec2.internal, Hosts, xyz.com
dn: cn=ip-10-251-122-148.ec2.internal,ou=Hosts,dc=xyz,dc=com
description: webserving host
objectClass: device
objectClass: ipHost
objectClass: puppetClient
objectClass: top
cn: ip-10-251-122-148.ec2.internal
environment: production
ipHostNumber: ip-10-251-122-148.ec2.internal
puppetclass: webserver
puppetclass: puppetserver
puppetclass: mailserver
parentnode: basenode
# search result
search: 2
result: 0 Success
# numResponses: 9
# numEntries: 8
##############################################################################
Now when I start my puppetmaster and try to connect with some it's giving the following error
[root@ip-10-250-11-127 puppet]# /usr/bin/puppetmasterd --verbose --no-daemonize
info: Starting server for Puppet version 0.24.5
info: Listening on port 8140
notice: Starting Puppet server version 0.24.5
info: Expiring the node cache of ip-10-251-122-148.ec2.internal
info: Not using expired node for ip-10-251-122-148.ec2.internal from cache; expired at Wed Oct 22 08:56:24 EDT 2008
info: Caching node for ip-10-251-122-148.ec2.internal
err: Could not find default node or by name with 'ip-10-251-122-148.ec2.internal, ip-10-251-122-148.ec2, ip-10-251-122-148' on node ip-10-251-122-148.ec2.internal
err: Could not find default node or by name with 'ip-10-251-122-148.ec2.internal, ip-10-251-122-148.ec2, ip-10-251-122-148' on node ip-10-251-122-148.ec2.internal
######################################################################################
what should I do ?
-Subhasis
--
Gary Richardson
Oct 22, 2008, 11:02:41 AM10/22/08
to puppet...@googlegroups.com
I'm guessing it's a problem with your node_terminus config. I use anonymous binding myself, so I don't know the actual settings.
First up, is ldapassword a typo?
Second, you specify a password, but not a user to bind as.
First up, is ldapassword a typo?
Second, you specify a password, but not a user to bind as.
Subhasis Dasgupta
Oct 22, 2008, 11:18:41 AM10/22/08
to puppet...@googlegroups.com
First , many thanks for your response , Let me check the configuration again .
If I want to use anonymous binding then what I have to do in ldap file. My ldap file configuration is here .
database bdb
suffix "dc=xyz,dc=com"
rootdn "cn=Manager,dc=xyz,dc=com"
rootpw secret
Thanks again
-Subhasis
--
If I want to use anonymous binding then what I have to do in ldap file. My ldap file configuration is here .
database bdb
suffix "dc=xyz,dc=com"
rootdn "cn=Manager,dc=xyz,dc=com"
rootpw secret
Thanks again
-Subhasis
2008/10/22 Gary Richardson <gary.ri...@gmail.com>
--
Subhasis Dasgupta
Oct 22, 2008, 11:19:13 AM10/22/08
to puppet...@googlegroups.com
First , many thanks for your response , Let me check the configuration again .
If I want to use anonymous binding then what I have to do in ldap file. My ldap file configuration is here .
database bdb
suffix "dc=xyz,dc=com"
rootdn "cn=Manager,dc=xyz,dc=com"
rootpw secret
Thanks again
-Subhasis
If I want to use anonymous binding then what I have to do in ldap file. My ldap file configuration is here .
database bdb
suffix "dc=xyz,dc=com"
rootdn "cn=Manager,dc=xyz,dc=com"
rootpw secret
Thanks again
-Subhasis
2008/10/22 Gary Richardson <gary.ri...@gmail.com>
I'm guessing it's a problem with your node_terminus config. I use anonymous binding myself, so I don't know the actual settings.
--
Gary Richardson
Oct 22, 2008, 11:47:03 AM10/22/08
to puppet...@googlegroups.com
If you want to make your database world readable, then add:
access to * by anonymous read
But you probably don't want that. You probably want to read the OpenLDAP ACL docs and figure out how to make that tree available or how to protect things like the userPassword attribute.
access to * by anonymous read
But you probably don't want that. You probably want to read the OpenLDAP ACL docs and figure out how to make that tree available or how to protect things like the userPassword attribute.
Subhasis Dasgupta
Oct 22, 2008, 11:56:07 AM10/22/08
to puppet...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages