[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bind using a user other than organizationalRole user

To: openldap-software@openldap.org
Subject: Re: Bind using a user other than organizationalRole user
From: Bjørn Ruberg <bjorn@ruberg.no>
Date: Wed, 07 Apr 2010 08:22:36 +0200
In-reply-to: <g2i1e5bcefd1004061128t1906e4e1sbc357a1f745558a1@mail.gmail.com>
References: <g2i1e5bcefd1004061128t1906e4e1sbc357a1f745558a1@mail.gmail.com>
User-agent: Thunderbird 2.0.0.24 (X11/20100317)

Marcelo de Moraes Serpa wrote:

Hello list,
I have a local OpenLDAP server with a couple of users. I'm using itfor development purposes, here's the ldif:


[...]

So far, so good. I can bind with "cn=Manager,dc=site,dc=com" and the12345678 password (the local server password, setup on slapd.conf).
However, I would like to bind with any user in under the people OU. Inthis case, I'd like to bind with:
  dn: uid=celoserpa, ou=people, dc=site, dc=com
  userPassword: secret_12345

And you are completely sure that this entry exists in the LDAP database,and that the userPassword attribute has a value? Use slapcat to seewhat's in the backend database.

But I'm getting a (49) - Invalid Credentials error everytime. I havetried through CLI tools (such as ldapadd, ldapwhoami, etc) and alsoruby/ldap. The bind with these credentials fails with a invalidcredentials error.


Please show the list how you use those tools.

I was suspecting that maybe OpenLDAP doesn't compare against userPassword?


I don't think that's very likely...

Or maybe some ACL configuration I am missing that is somehow affectingthe read access to userPassword for the specific DN.


If you suspect your ACLs, you should show them to the list for evaluation.

--
Bjørn

References:
- Bind using a user other than organizationalRole user
  - From: Marcelo de Moraes Serpa <celoserpa@gmail.com>

Prev by Date: Problems witch dynacl/now=<=...
Next by Date: Re: Bind using a user other than organizationalRole user
Index(es):
- Chronological
- Thread