Re: Single User Authentication

[Alexander Hartner <alex@j2anywhere.com>]

I now changed it to :

access to dn.subtree="ou=people,o=j2anywhere,c=com"
  by dn.one="cn=addressbook,o=j2anywhere,c=com" write
  by * auth

Yet I still get either error. Am I correct in assuming that because I  
used a MD5 hashed password that I can savely ignore the -x flag. To  
be honest i am not sure which is the correct error. I think that the  
second error message is the right one as I am not correctly  
authentication (without the -x) in the first one. If you have any  
further information please let me know.

bumblebee ~ # ldapsearch -D "cn=addressbook,o=j2anywhere,c=com"  -w  
password -x  -v -h 192.168.0.3
ldap_initialize( ldap://192.168.0.3 )
ldap_bind: Invalid credentials (49)

bumblebee ~ # ldapsearch -D "cn=addressbook,o=j2anywhere,c=com"  -w  
password -v -h 192.168.0.3
ldap_initialize( ldap://192.168.0.3 )
ldap_sasl_interactive_bind_s: No such object (32)
bumblebee ~ #

Thanks
Alex


On 6 Feb 2006, at 21:41, Pierangelo Masarati wrote:

> On Mon, 2006-02-06 at 21:15 +0000, Alexander Hartner wrote:
> > I am trying to configure a single user on my directly which has
> > access to a sub tree. So I added the following to my slapd.conf
> >
> > access to dn.subtree="ou=people,o=j2anywhere,c=com"
> >   by dn.one="cn=addressbook,o=j2anywhere,c=com" write
>
> add a "by * auth" as the last <by> clause of your ACL; or add  
> "access to
> attrs=userPassword by * auth" as your first rule.
>
> p.
>
>
>
>
> Ing. Pierangelo Masarati
> Responsabile Open Solution
> OpenLDAP Core Team
>
> SysNet s.n.c.
> Via Dossi, 8 - 27100 Pavia - ITALIA
> http://www.sys-net.it
> ------------------------------------------
> Office:   +39.02.23998309
> Mobile:   +39.333.4963172
> Email:    pierangelo.masarati@sys-net.it
> ------------------------------------------