Re: simple bind ldapsearch invalid credentials

Wed, 09 Aug 2006 23:47:12 -0700 

Hi there,

obiously this problem was due to my acls.

I missed three important points:

1. I need a anonymous auth for userPassword
2. The first matching acl wins.
3. The default last line of an acl is:
        by * none.

I had an acl

access to "dn-A" by "user-b" write
access to "dn-A" by "user-a" read

Thus the user a was not able to read.

Kind regards
Cornelius

Chechu . schrieb:
> 
> 
> 
>> From: Cornelius Koelbel <[EMAIL PROTECTED]>
>> To: [email protected]
>> Subject: simple bind ldapsearch invalid credentials
>> Date: Mon, 07 Aug 2006 23:51:37 +0200
>>
>> Hello,
>>
>> i set up openldap 2.2.29 on FC4.
>> I guess everything is right, I can access and modify everyting with the
>> manager.
>> I setup an object
>>     cn=corny,ou=users,dc=az,dc=local
>>
>> as follows:
>>
>>     dn: cn=corny,ou=users,dc=az,dc=local
>>     objectClass: top
>>     objectClass: person
>>     cn: corny
>>     sn: corny
>>
>> I want to have this person access to a subtree of the ldap.
>>     access to dn="ou=cornelius,ou=adressen,dc=az,dc=local"
>>         by dn="cn=corny,ou=users,dc=az,dc=local" write
>> But for now, I configured everything:
>>     access to *
>>         by dn="cn=corny,ou=users,dc=az,dc=local" write
>>
>> Now I set a password and try to connect:
>>
>> [EMAIL PROTECTED]:[/data/down]> ldappasswd  -x -D
>> "cn=Manager,dc=az,dc=local" -W -S  "cn=corny,ou=users,dc=az,dc=local"
>> New password:
>> Re-enter new password:
>> Enter LDAP Password:
>> Result: Success (0)
>>
>> everything seems fine, but now:
>>
>> [EMAIL PROTECTED]:[/data/down]> ldapsearch   -D
>> 'cn=corny,ou=users,dc=az,dc=local' -W  -x -b 'dc=az,dc=local'
>> Enter LDAP Password:
>> ldap_bind: Invalid credentials (49)
>>
>>
>> Whats wrong, where can I start to search?
>>
>> Kind regards
>> Cornelius
> 
> 
>> << smime.p7s >>
> try this
> 
> ldapsearch   -D "cn=corny,ou=users,dc=az,dc=local" -W  -x
> 
> 
> 
> -- 
> Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
> und ist - aktuelle Virenscanner vorausgesetzt - sauber.
> MailScanner dankt transtec Computer für die freundliche Unterstützung.
> 
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to