[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with ACL's: can't bind as a non-root DN

To: openldap-software@openldap.org
Subject: Problem with ACL's: can't bind as a non-root DN
From: "Frank Van Damme" <frank.vandamme@gmail.com>
Date: Wed, 8 Nov 2006 15:08:20 +0100
Content-disposition: inline

Hello list,

I am a sysadmin with limited experience with LDAP, and I am having a
little issue with ACL's on an openldap server. The server has been
running for more than a year as an auth. backend for Plone. However,
recently I wanted to use the same user name/password information for
other purposes and then I ran into a problem:

I can not bind to the server as a non-root DN.

More concrete example:

# ldapsearch -D "cn=my_own_user_id,dc=example,dc=be" -x
(&(cn=editors)(uniqueMember=cn=someuser,dc=example,dc=be))" -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

I'll paste the acl's from my slapd.conf file:


access to attrs=userPassword
       by dn="cn=admin,dc=example,dc=be" write
       by anonymous auth
       by self write
#by * none
#access to dn.base="" by * read
access to *
       by dn="cn=admin,dc=example,dc=be" write
       by dn="cn=admin,dc=example,dc=be" read
       by * read

I would think that normally, "by anonymous auth" would allow any user
(inetOrgPerson) to bind to the server? Can anyone help?

Thanks in advance.

--
Frank Van Damme

"All  PCs are compatible. But some of them are more compatible than
others." [Onbekend]

Prev by Date: Error from replica getting changes from master server
Next by Date: Re: back_bdb-2.3.so.0: undefined symbol: db_version with make test on 2.3.28 - test000-rootdse
Index(es):
- Chronological
- Thread