[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: no userPassword?



Still no good.
ldapsearch -x -b "dc=somewhere,dc=net" -D "cn=Manager,dc=somewhere,dc=net" \
 -W "(objectClass=*)" "userPassword"
Returns the dn(plural) but no userPassword.
Logs show err=0.

Here is the /etc/openldap/slapd.conf:

include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/samba.schema

pidfile		/var/run/slapd/slapd.pid
argsfile	/var/run/slapd/slapd.args


access to *
        by * read

access to *
        by * read

access to *
	by anonymous read

access to *
	by anonymous write



database	ldbm

suffix		"dc=somewhere,dc=net"
rootdn		"cn=Manager,dc=somewhere,dc=net"

#rootpw		{SSHA}r7eFnzCGgO+zd5eaXJZ73rCzT2ZIU+H4
rootpw  secret

directory	/var/lib/ldap

# Indices to maintain
index objectClass           eq
index cn                    pres,sub,eq
index sn                    pres,sub,eq
index uid                   pres,sub,eq
index displayName           pres,sub,eq
index uidNumber             eq
index gidNumber             eq
index memberUID             eq
index sambaSID              eq
index sambaPrimaryGroupSID  eq
index sambaDomainName       eq
index default               sub


That's as _wide open and insecure_ as I can figure out how to make it.
This is of course a test box that is not even connected to the network.

Thanks.


--- Owen DeLong <owen@delong.com> wrote:

> The userPassword field is not returned on an anonymous bind unless your
> LDAP server is very poorly configured.  Try binding as the rootdn
> with -D '<rootdn>' -W.
> 
> e.g.:
>   ldapsearch -x -b 'dc=somewhere,dc=net' -D 'cn=root,dc=somewhere,dc=net' 
> -W \
> 	'(objectClass=*)' 'userPassword'
> 
> The userPassword field is also not displayed by default.  (don't know if 
> that's
> server side behavior or ldapsearch).  However, if you use the command above,
> I think you'll get what you expect.
> 
> Owen
> 
> 
> 
> --On Thursday, February 24, 2005 22:50 -0800 HK <thelistbox@yahoo.com> 
> wrote:
> 
> > my /etc/openldap/slapd.conf begins with
> > include           /etc/openldap/schema/core.schema
> > include           /etc/openldap/schema/cosine.schema
> > include           /etc/openldap/schema/inetorgperson.schema
> > include           /etc/openldap/schema/nis.schema
> > include           /etc/openldap/schema/samba.schema
> >
> > ldapsearch -x -b "dc=somewhere,dc=net" "(ObjectClass=*)"
> > seems to return everything expected
> >
> > ldapsearch -x -b "dc=somewhere,dc=net" "(ObjectClass=*)" | grep
> > userPassword returns nothing
> >
> > Shouldn't nis.schema have included the userPassword attr?
> >
> > suse 9.2 pro
> > rpms:
> > openldap2-2.2.15-5.2
> > openldap2-client-2.2.15-5
> >
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Mail - Find what you need with new enhanced search.
> > http://info.mail.yahoo.com/mail_250
> 
> 
> 
> -- 
> If this message was not signed with gpg key 0FE2AA3D, it's probably
> a forgery.
> 

> ATTACHMENT part 2 application/pgp-signature 




		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250