[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch -D?

I'm going to assume you are using OpenLDAP 1.2.  If you are not,
you should be.

At 11:35 AM 8/2/99 PDT, Samir Desai wrote:
>if I set my acl to;
>access to dn=".*,ou=OrgUnit,o=OrgName,c=US"
>by self write
>by dn=".*,ou=OrgUnit,o=OrgName,c=US" search
>by * none
>& use ldapsearch as;
>ldapsearch -b "cn=My Name,ou=OrgUnit,o=OrgName,c=US" -D "cn=My 
>Name,ou=OrgUnit,o=OrgName,c=US" -w "mypwd" objectclass=*
>it returns;
>ldap_bind: Partial results and referral received
>        matched: ""
>        additional info: Referral:

I would assume that no backend configured to hold this entry.
Since server returned partial results, I would assume that
you have specified a default referral.  I would suggest you
first configure the server without any ACLs (and a default
access of read and bind as root to write).  Once you have
that working, than implement ACLs.

>& if I change my acl to;
>access to *
>by self write
>by dn=".*,ou=Development,o=Zoomtown.com,c=US" search
>by * none

I don't understand your configuration.  The suffix used
here is different than above.  It might be wise to include
relevant portions of your slapd.conf file and exact copies
of commands issued and the responses indicated.

>it sometimes returns the same message as above or it will return;
>ldap_bind: Insufficient access
>        matched: ""
>        additional info:

See previous note about 2.0 authentication access requirements.
If using 1.2, I frankly have no clue.

>Has anyone seen the same set of behaviour?  Can't seem to figure this out.

It looks like you are suffering from a configuration mismatch and/or
bogus bulk loaded directory entries.  Verify that backend suffix
match the entries you add.  Add entries using ldapadd.  Verify
that they were added using ldapsearch.