This one time, at band camp, Selim Jahangir wrote:
>1. /etc/openldap/slapd.conf
>
>
>
>include /etc/openldap/schema/core.schema
>include /etc/openldap/schema/cosine.schema
>include /etc/openldap/schema/inetorgperson.schema
>include /etc/openldap/schema/nis.schema
>
>allow bind_v2
>
>pidfile /var/run/openldap/slapd.pid
>argsfile /var/run/openldap/slapd.args
>
>database bdb
>suffix "dc=example,dc=com"
>rootdn "cn=Manager,dc=example,dc=com"
># Cleartext passwords, especially for the rootdn, should
># be avoided. See slappasswd(8) and slapd.conf(5) for details.
># Use of strong authentication encouraged.
> #rootpw secret
> rootpw {SSHA}airnU5gtmX+okEfQzseQsdXEx1QWpJ7/
>directory /var/lib/ldap/example.com
>
>index objectClass eq,pres
>index ou,cn,mail,surname,givenname eq,pres,sub
>index uidNumber,gidNumber,loginShell eq,pres
>
You don't actually have any ACLs defined to grant access. You might want to
add something like this:
# allow read access of root DSE
access to dn="" by * read
# deny all other access
access to * by * none
# Allow users to authenticate/update their password.
access to attrs=userPassword
by anonymous auth
by self write
I'm just clutching at straws because you left some of the questions in my
other mail unanswered.
Finally, there's one other thing you could try: use the plain text rootpw
setting and see if you can bind with the password 'secret'. Yes, it says to
not use that in production but that doesn't yet appear to be a constraint on
your configuration :-)
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
