[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Users stored in OpenLDAP accessing and changing their data
- To: openldap-software@OpenLDAP.org
- Subject: Users stored in OpenLDAP accessing and changing their data
- From: Thaths <thaths@gmail.com>
- Date: Tue, 26 Jul 2005 18:20:59 +0530
- Content-disposition: inline
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=OcnQb700MxiUnnnP38J0neJ/hZw2o3MyLG6ctnYhlKbGAisVvlwvBTlWbMYqbeU8pfWdofkRxFZtwQJBMdMTYWsusDzKEJMk0jevs6Q6U2otJpfeRu0EbLbs5aaQ+mQiakMPT06Dd9Tf+9kq/njl2N18GjqoIpb98m595t75I44=
Hi,
I would like to allow the users stored in my OpenLDAP server to be
able to access (read) and change (write) their own data. However, I am
getting an 'invalid credentials' error.
Portions of my slapd.conf look like so:
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword
by dn="cn=admin,dc=comat,dc=com" write
by anonymous auth
by self write
by * none
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=foo,dc=com" write
by * read
When I run ldapsearch as cn=admin,dc=foo,dc=com, the entries are
printed just fine.
jupiter:~# ldapsearch -x -D "cn=admin,dc=foo,dc=com" -W -h localhost
"(objectclass=inetOrgPerson)" *|more
Enter LDAP Password:
...
# numResponses: 203
# numEntries: 202
However, when I run this binding as some user in LDAP I get an
"Invalid credentials" error message.
jupiter:~# ldapsearch -x -D
"cn=sudhakar.chandra,ou=people,dc=foo,dc=com" -W -h localhost
"(objectclass=inetOrgPerson)" *Enter LDAP Password:
ldap_bind: Invalid credentials (49)
Any help appreciated.
S.
--
"Good things don't end in -eum; they end in -mania or -teria"
-- Homer J. Simpson