[Date Prev][Date Next] [Chronological] [Thread] [Top]

Strange things in LDAP

To: openldap-software@OpenLDAP.org
Subject: Strange things in LDAP
From: Igor Loncarevic <anubis@ho.com>
Date: Sun, 17 Jun 2001 15:56:55 +0200

Hello this is my first post so sorry if this is obsolete or similar,

I've have some strange things concerning my LDAP setup.

1. I cannot change password via ldappasswd, or any web ldap change
password program:

anubis@topaz anubis]$ ldappasswd -A -S -h ldap.domain.org -x -D
"dc=domain,dc=org" igor
Old password:
Re-enter old password:
New password:
Re-enter new password:
Result: Strong authentication required (8)
Additional info: only authenicated users may change passwords


2. Also, I cannot search LDAP base:

[anubis@topaz anubis]$ ldapsearch -x -h ldap.domain.org -b
'dc=domain,dc=org' '(objectclass=*)'
version: 2

#
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1



3. I cannot bind with superuser-ldap (Manager) account, I have invalid
credentials:

$ ldapsearch -x -h ldap.domain.org -b 'dc=domain,dc=org' -D
'dc=Manager,dc=domain,dc=org' '(objectclass=*)' -w xyz

ldap_bind: Invalid credentials

What's working is authenticating users via pam_ldap users, so, when my
dial in users log in everyuthing is ok.

Also, noone LDAP browser (gq, directory_search,...) doesn't work as
predicted. ( connot broswe, search, change).

I'm using Red Hat 7.1 and following packages:

openldap-2.0.7-14
nss_ldap-149-1
openldap-devel-2.0.7-14
openldap-servers-2.0.7-14
openldap-clients-2.0.7-14

slapd.conf contains:

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/redhat/rfc822-MailMember.schema

database        ldbm
suffix          "dc=domain, dc=org"
rootdn          "cn=Manager, dc=domain, dc=org"
rootpw          {crypt}xyxcsxMxhjeti

access to attr=userPassword
            by self write
            by anonymous auth
            by dn="cn=Admin,dc=domain,dc=org" write
            by * none
access to *
            by self write
            by dn="cn=Admin,dc=domain,dc=org" write
            by * read

index   objectClass,uid,uidNumber,gidNumber     eq
index   cn,mail,surname,givenname               eq,subinitial


What I want to have workable is, to give users to change password on
LDAP.

Is cn=Manager same as cn=Admin?

Thanx very much for your answers,

Igor

Follow-Ups:
- Re: Strange things in LDAP
  - From: Turbo Fredriksson <turbo@bayour.com>

Prev by Date: Re: absolutely frustrated
Next by Date: Extensions for Dynamic Directory Services (RFC-2589)
Index(es):
- Chronological
- Thread