Hi there list,
Lately I've been fooling around with openLDAP. My ultimate goal is using
the LDAP server as a user database for Cyrus IMAP and authentication of
people visiting certain web sites we host.
At the moment I am puzzled by the behaviour of the LDAP server.
I used to have no index for the UID field... this lets me authenticate
users with testsaslauthd, lets me find them with ldapsearch and I can
finger the user (with use of nss_ldap).
But I kept getting entries in the logs like:
<= bdb_equality_candidates: (uid) index_param failed (18)
Which seem to indicate I need an index for the UID field... so I made one:
# Indices to maintain
index objectClass eq
index uid eq
(The objectClass index was allready present)
By doing this the bdb_equality_candidates error no longer shows up in
the logs. But ldapsearch comes up blank in a search and testsaslauthd
fails to authenticate a user.
Below is my slapd.conf (comments left out):
=====================snip=======================
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
database bdb
suffix "dc=atlascollege,dc=nl"
rootdn "cn=Manager,dc=atlascollege,dc=nl"
rootpw {SSHA}somehash
directory /var/openldap-data
index objectClass eq
index uid eq
access to attrs=userPassword
by self write
by * auth
access to *
by * read
================snap=========================
I am sure it must be something obvious... but I am missing it completely
I guess. Some help or even a RTFM in the right direction would be
apreciated.
regards
Peter Kaagman
--
The trouble with a kitten is that
When it grows up, it's always a cat
-- Ogden Nash.
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
