[Date Prev][Date Next] [Chronological] [Thread] [Top]

login authentication stuff



Hi all,

I'm wanting to setup openldap as the authentication system for a network
I'm setting up. Now, I've installed openldap and all. I've used the padl
migration tools to get my accounts into the ldap database, and I can
retrieve the data if I use ldapsearch and bind as my root user. I've got
this in my slapd.conf as regards access control:

access to attr=userPassword,entry
    by anonymous auth
    by self write
    by dn="cn=Manager,o=Beast,c=AU" write

access to dn=".*,o=Beast,c=AU"
    by self write
    by dn="cn=Manager,o=Beast,c=AU" write
    by * read

which is the amalgamation of a whole heap of ACL's I've seen for
openldap in various places, but I figure that should be the minimum I
should need to get it going. Now, I try to query the database binding as
one of my users:

[root@beast /root]# /usr/local/bin/ldapsearch -D
'uid=james,ou=People,o=Beast,c=AU' -W -x -b
'uid=james,ou=People,o=Beast,c=AU'
Enter LDAP Password: 
ldap_bind: Invalid credentials
[root@beast /root]# 

The user does indeed exist and I can check it's existence.

Any help is greatly appreciated.

Also, ultimately I want to use SASL and PAM_LDAP, is there anything
special I need to know to make this work?

Thanks,

James.