On Oct 7, 2011, at 11:58 AM, sim123 wrote: > > > On Thu, Oct 6, 2011 at 9:50 AM, Craig White <[email protected]> wrote: > Obviously there is something that I don't understand because I would expect > to be able to bind using CN as well as UID attribute... > > version: 2.4.21-0ubuntu5.5 > > ***** this as you can see works ***** > # ldapsearch -x -D 'uid=cwhite,ou=people,dc=ttinet,dc=local' -W > '(uid=cwhite)' uid, cn > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base <dc=ttinet,dc=local> (default) with scope subtree > # filter: (uid=cwhite) > # requesting: uid, cn > # > > # cwhite, people, ttinet.local > dn: uid=cwhite,ou=people,dc=ttinet,dc=local > cn: Craig White > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > ***** same as above but using cn instead of uid ***** > # ldapsearch -x -D 'cn=Craig White,ou=people,dc=ttinet,dc=local' -W > '(uid=cwhite)' uid, cn > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > > I have to believe that if this is an ACL issue, then the very first rule is > the problem... > > olcAccess: {0}to attrs=userPassword,shadowLastChange by dn.exact="uid=administ > rator,ou=people,dc=ttinet,dc=local" write by self write by anonymous auth > by * none > > What is it that I am missing? > > I guess it not matter of CN or UID, you can only bind using DN and a valid > password. The key is DN, your can search DN using any attribute and then do > the bind using DN. ---- Thanks (also Quanah) for the clue stick.
My issue is that I am dealing with SuperMicro IPMI (embedded BMC) and it is mostly not configurable and uses CN to bind so I am left with only options at the LDAP server level so I gather that this is going to require some type of overlay. Craig
