[Date Prev][Date Next] [Chronological] [Thread] [Top]

Sample how to create a user

Dear OpenLDAP users

I just tried OpenLDAP the first time on a SuSE Linux 7.3 Professional test
server. SuSE shipped a pre-installed package "openldap2" in the "n" series,
so I directly could start with the Quick-Start Guide at
http://www.openldap.org/doc/admin/quickstart.html on topic 8 (setting
slapd.conf). The sample worked without issues.

At the moment, I can successfully create and modify entries with the
"rootdn" user, so I created a sample organization with a "ou" and three
persons in it, for example "cn=John
Smith,ou=MySampleOrgUnit,dc=mydomain,dc=ch" . I added a "uid=jsmith" and
"userPassword=myPassword" attribute to this organizationalPerson object. In
my sample, I intended to setup "jsmith" as an admin for the
"MySampleOrgUnit", so I added

access to dn=".*,ou=MySampleOrgUnit,dc=mydomain,dc=ch"
        by dn="cn=John Smith,ou=MySampleOrgUnit,dc=mydomain,dc=ch" write
        by * read

The problem: When I try to access, for example a simple search

ldapsearch -x -D "cn=John Smith,ou=MySampleOrgUnit,dc=mydomain,dc=ch" -W -b
 'dc=mydomain,dc=ch' '(objectclass=*)'

then I always get a "ldap_bind: Invalid credentials" error message. Omitting
"-x" produces a "ldap_sasl_interactive_bind_s: No such object". So I'm a
little confused now.

It would be nice if somebody could show me a small "Quick Start Guide" like
example how to create a custom user account who has the access rights to
manage a branch in the LDAP data hierarchy. Important: Assume an
out-of-the-box Linux installation as start situation where
/etc/openldap/slapd.conf containts the modifications shown at
http://www.openldap.org/doc/admin/quickstart.html only.

Andreas Meile, Abt. Systementwicklung, Tel. direkt: +41 52 260 34 94
onsite solutions ag, Archstrasse 2, CH-8401 Winterthur (Switzerland)
Tel. +41 52 260 34 70 Fax +41 52 214 07 80
e-Mail: info@onsite.ch WWW: http://www.onsite.ch/