Re: Problem doing BIND with uid

[kunkee@neosoft.com (Randy Kunkee)]

Do you have both DNs in your system, ie.

uid=mstella,ou=People,dc=myseasons,dc=com
    and
cn=michael k stella,ou=People,dc=myseasons,dc=com

or does the object with dn="cn=michael k stella,ou=People,dc=myseasons,dc=com"
contain an attribute "uid" with value "mstella"?  I suspect this is the case,
ie. that dn="uid=mstella,ou=People,dc=myseasons,dc=com" does not exist at all
which is why it fails.  If my string of assumptions is accurate so far, you
appear to have a slight misunderstanding of how ldap works.

A possible approach, if you want to just use the uid, is to perform a
search with anonymous bind to discover the associated DN, then perform
the actual search you want.

Or you could redesign your database such that the DNs use uid instead of cn.

Randy

> 
> I'm trying to do this (prompted for password):
> 
> poplar# ldapsearch -D 'uid=mstella,ou=People,dc=myseasons,dc=com'\
>   -b 'ou=people,dc=myseasons,dc=com' 'uid=mstauffe'
> Bind Password:
> LDAP Server is V2: execute command with LDAP V2...
> ldap_simple_bind_s: Invalid credentials
> 
> 
> But when I do this:
> 
> poplar# ldapsearch -D 'cn=michael k stella,ou=People,dc=myseasons,dc=com'\
>   -b 'ou=people,dc=myseasons,dc=com' 'uid=mstauffe'
> 
> the command works perfectly.  Why is this?  I am using a web-based password
> changer thing written in perl, and I'd prefer to use the uid fields rather than
> the users' full names.  I am missing something, and I suspect it's *very*
> simple.  Apologies if this has been discussed before, I could not find anything
> useful in the archives.
> 
> I can provide slapd.conf or ldap.conf if need be.
> 
> 
> -- 
> Michael Stella				      mySEASONS.com
> Sr. Unix Administrator			http://www.myseasons.com
> 860-395-1732 x110
>