Hi ecanmaster,
Quote Originally Posted by ecanmaster View Post
I haven't setup any LDAP clients on Linux and this is the first time.
Instead of manually configuration/installation , I used the Yast ldap interface.
And I can't create any users, because of authentication errors
let me know if you need more info
haven't done this on SLED yet (just SLES), but that shouldn't make much of a difference: During LDAP client setup, you're asked for admin credentials to be used to bind to the LDAP backend. Have you entered anything there (i.e. "uid=root,cn=digest-md5,cn=auth"), or did you select "anonymous mode" instead?

When you set up the openLDAP server, you create some way to get write access to the server. Let's call that the "LDAP root account", and you'll have set up a password to go with that.

When you use YaST, configured as an LDAP client, you'll have to have write access to the LDAP tree, which is why you'd need to specify the "dn" to use to bind to the LDAP server. You'll probably use the above "LDAP root account" for that (since I doubt you have created some different account in LDAP with the required permissions). Had you only wanted to use that SLED client to *validate* accounts, not to add them, you'd might configure to bind to the LDAP server anonymously in general (and for account password verification, the client would bind to the LDAP server using the current user's credentials).

So what you probably are asked for, with your "ldapwhoami" invocation, is the password of the "*LDAP* root user", with hopefully a different password than your *Linux* root user.

On the other hand, having had separately managed LDAP servers for ages, and only adding SLES client systems with anonymous bind since then, my above statements may be all nonsense.

Regards,
Jens