thx, Howard! that makes sense! but if bindpw is not an OpenLDAP directive, why OpenLDAP is so quite to accept it? It should tell the configuration errors in the conf file, right? :P
btw, do you know what are those configuration files using BINDPW for? actually I'm trying to reply the configuration error reported. Best, Tianyin On Mon, Jan 16, 2012 at 5:42 PM, Howard Chu <[email protected]> wrote: > Tianyin Xu wrote: > >> Hi, all, >> >> I'm using Ubuntu 10.04 and LDAP 2.4.23. I'm having difficulty with the >> basic >> binding. >> >> I don't want to allow anonymous ldapsearch on the LDAP server so I >> specify a >> dn and password for the bind. If I use the following parameters for >> ldapsearch >> like >> >> ldapsearch -b "dc=ucsd,dc=edu" -D "cn=admin,dc=ucsd,dc=edu" -w >> 1234 >> >> This works quite fine. Then, I write the parameters into ldap.conf as >> follows: >> >> -----------------ldap.conf----**------------------- >> BASE dc=ucsd,dc=edu >> BINDDN cn=admin,dc=ucsd,dc=edu >> BINDPW 12345 >> ------------------------------**----------------------- >> >> Then only BASE has effect. According to the ldap.conf manual, BINDDN is a >> "user-only" attribute and needs to go in ~/.ldaprc; it doesn't mention >> BINDPW >> at all. >> >> But searching on the web, I found several cases that used "binddn" and >> "bindpw" in ldap.conf and worked successfully. So I'm quite confused for >> these >> two directives. >> > > Those were not OpenLDAP's ldap.conf. BINDPW isn't mentioned in OpenLDAP > documentation because it does not exist in OpenLDAP. Reading non-OpenLDAP > documentation and attempting to apply it to OpenLDAP software is a pretty > reliable means of confusing yourself. > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP > http://www.openldap.org/**project/<http://www.openldap.org/project/> > -- Tianyin XU, http://cseweb.ucsd.edu/~tixu/
