[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Bind but no succesful search
Hello
You should add a sasl-regexp directive in slapd.conf in order to have
root@dell translated into cn=root,dc=a1informatisering,dc=nl, or use
uid=root,cn=dell,cn=digest-md5,cn=auth in your ACL, instead of
cn=root,dc=a1informatisering,dc=nl
here, the authentication identity is root@dell, and regarding to your ACLs
it has no access to any entry
so you have to give it access, or translate it into another identity that
has access
regards,
Francois
----- Original Message -----
From: "Antoine Maartens" <antoinem@ision.nl>
To: <openldap-software@OpenLDAP.org>
Sent: Wednesday, April 23, 2003 12:28 PM
Subject: Bind but no succesful search
> Dear List,
>
> My problem:
> I can search my ldap database with ldapseach -x etc.
>
> I added sasl-md5 authentication (although by default my server prefers
> OTP for reason or another) and when I search the database, the logfile
> responds with:
> \Apr 23 12:18:41 DELL slapd[28600]: conn=5 fd=9 ACCEPT from
> IP=10.7.0.3:33224 (IP=0.0.0.0:389)
> Apr 23 12:18:41 DELL slapd[28602]: conn=5 op=0 BIND dn="" method=163
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 op=1 BIND dn="" method=163
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 op=1 BIND authcid="root@dell"
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 op=1 BIND
> dn="uid=root,cn=dell,cn=digest-md5,cn=auth" mech=DIGEST-MD5 ssf=128
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 op=2 SRCH
> base="dc=a1informatisering,dc=nl" scope=2 filter="(objectClass=*)"
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 op=2 SRCH attr=base
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 op=2 SEARCH RESULT tag=101
> err=0 nentries=0 text=
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 op=3 UNBIND
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 fd=9 closed
>
> I have the impression that binding to the database works.
>
> However I get no usuable responds back to my query:
> ldapsearch -U root@dell -Y digest-md5 '(objectclass=*)' -b
> 'dc=a1informatisering,dc=nl'
>
> Here is my current slapd.conf:
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/cosine.schema
> include /usr/local/etc/openldap/schema/inetorgperson.schema
> include /usr/local/etc/openldap/schema/misc.schema
> include /usr/local/etc/openldap/schema/openldap.schema
>
> pidfile /var/run/slapd.pid
> argsfile /var/run/slapd.args
>
> access to attr=userPassword
> by self write
> by anonymous auth
> by dn="cn=root,dc=a1informatisering,dc=nl" write
> by * none
>
> access to attr=sn,cn
> by peername=10.7.0.3 read
> by * none
>
> access to * access to attr=sn,cn
> by peername=10.7.0.3 read
> by * none
>
> access to *
> by self write
> by dn="cn=root,dc=a1informatisering,dc=nl" write
> by anonymous read
> #
> # if no access controls are present, the default is:
> Allow read by all
> #
> # rootdn can always write!
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> database ldbm
> suffix "dc=a1informatisering,dc=nl"
> rootdn "cn=root,dc=a1informatisering,dc=nl"
> rootpw {MD5}...... #replaced by dots for newsgroup posting
> directory /var/lib/ldap
> index cn,mail,surname,givenname eq,subinitial
>
> I seem to be lacking the brainpower to get this product going properly.
>
> Best regards,
>
> Antoine Maartens
>