Re: The problem of BINDDN/BINDPW in ldap.conf (2nd time)

[Dan White <dwhite@olp.net>]

On 05/01/13 11:52 +0200, Madas Pál wrote:
> Earlier thread:
> > Tianyin Xu asked, Howard Chu answered:
> >
> >    ...
> >
> >    This works quite fine. Then, I write the parameters into ldap.conf as follows:

> >    Then only BASE has effect. According to the ldap.conf manual, BINDDN is a
> >
> > Those were not OpenLDAP's ldap.conf. BINDPW isn't mentioned in 
> > OpenLDAP documentation because it does not exist in OpenLDAP. 
> > Reading non-OpenLDAP documentation and attempting to apply it to 
> > OpenLDAP software is a pretty reliable means of confusing yourself.
>
> My question:
>
> It has been clearly stated, that BINDPW cannot be used in ldaprc (at least in the case of openldap).
>
> But it is definitely stated in the manpage of ldap.conf, that BINDDN is a legal user-only option of openldap. My ldaprc says:
>
> BASE            ou=madas,dc=something
> BINDDN          cn=admin,dc=something
> TLS_REQCERT     allow
> URI             ldaps://ip1.ip2.ip3.ip4
>
> BASE and URI has its effect, BINDDN has not. Did I make a mistake?

I don't recall the detail of the original thread, and your usage case, but
this works for me:

cd `mktemp -d`

cat > ldaprc << EOF
BASE uid=user@example.net,ou=people,dc=example,dc=net
BINDDN uid=user@example.net,ou=people,dc=example,dc=net
URI ldap://ldap.example.net
EOF

ldapwhoami -x -W
Enter LDAP Password: 
dn:uid=user@example.net,ou=people,dc=example,dc=net

Adding a '-d -1' option to your command, or enabling a debugging level in
your ldap client software may provide help in resolving this problem.

--
Dan White