Hi, I thought that the rootdn of the config backend is hardcoded to "cn=config". Since this is not the case, can you please give more details regarding your example ?
Please notice, that in the test database, I'm only using the "core.schema" schema. So, what exactly should I add to the config file, and how should I call ldapsearch (as I already stated, I'm new to LDAP). Thanks in advance, Eran On Mon, 2006-09-04 at 18:40 +0200, Pierangelo Masarati wrote: > > Hi, > > > > I've posted the following question, but no one seemed to answer it. I > > guess that I'm missing something trivial. I would appreciate if someone > > could help. > > > > Thanks, > > Eran > > > > // Original message > > /////////////////// > > > > Hi, > > > > I've added SASL configuration to the test slapd that I'm using. I've > > added the following to the slapd.conf: > > > > disallow bind_simple > > disallow bind_anon > > sasl-secprops noanonymous > > sasl-host localhost > > > > ####################################################################### > > # BDB database definitions > > ####################################################################### > > > > I've added a test user using the saslpasswd2 utility. When I'm trying to > > access the bdb database, everything seems to be OK. But, when I try to > > search the "cn=config" sub tree, I get the following: > > > > ldapsearch -a always -O noanonymous -U [EMAIL PROTECTED] -Y login -w > > password -b "cn=schema,cn=config" > > SASL/LOGIN authentication started > > SASL username: [EMAIL PROTECTED] > > SASL SSF: 0 > > # extended LDIF > > # > > # LDAPv3 > > # base <cn=schema,cn=config> with scope subtree > > # filter: (objectclass=*) > > # requesting: ALL > > # > > > > # search result > > search: 4 > > result: 50 Insufficient access > > > > # numResponses: 1 > > > > Can someone please explain what I'm missing here. > > Did you set that user (actually, the DN it's expanded as; see authz-regexp > in slapd.conf(5)) as the rootdn of the config database? For example, > > database config > rootdn "uid=erantest,cn=eranl,cn=login,cn=auth" > > p. > > > > > Ing. Pierangelo Masarati > OpenLDAP Core Team > > SysNet s.n.c. > Via Dossi, 8 - 27100 Pavia - ITALIA > http://www.sys-net.it > ------------------------------------------ > Office: +39.02.23998309 > Mobile: +39.333.4963172 > Email: [EMAIL PROTECTED] > ------------------------------------------ >
