[Date Prev][Date Next] [Chronological] [Thread] [Top]

Users stored in OpenLDAP accessing and changing their data


I would like to allow the users stored in my OpenLDAP server to be
able to access (read) and change (write) their own data. However, I am
getting an 'invalid credentials' error.

Portions of my slapd.conf look like so:

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword
        by dn="cn=admin,dc=comat,dc=com" write
        by anonymous auth
        by self write
        by * none

# The admin dn has full write access, everyone else
# can read everything.
access to *
        by dn="cn=admin,dc=foo,dc=com" write
        by * read

When I run ldapsearch as cn=admin,dc=foo,dc=com, the entries are
printed just fine.

jupiter:~# ldapsearch -x -D "cn=admin,dc=foo,dc=com" -W -h localhost
"(objectclass=inetOrgPerson)" *|more
Enter LDAP Password:
# numResponses: 203
# numEntries: 202

However, when I run this binding as some user in LDAP I get an
"Invalid credentials" error message.

jupiter:~# ldapsearch -x -D
"cn=sudhakar.chandra,ou=people,dc=foo,dc=com" -W -h localhost
"(objectclass=inetOrgPerson)" *Enter LDAP Password:
ldap_bind: Invalid credentials (49)

Any help appreciated.

   "Good things don't end in -eum; they end in -mania or -teria"
                                   -- Homer J. Simpson