[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: simple bind ldapsearch invalid credentials

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: simple bind ldapsearch invalid credentials
From: Cornelius Koelbel <cornelius.koelbel@gmx.de>
Date: Thu, 10 Aug 2006 08:04:07 +0200
In-reply-to: <BAY122-F5CEE64A35B59C052E91FAA7540@phx.gbl>
References: <BAY122-F5CEE64A35B59C052E91FAA7540@phx.gbl>
User-agent: Thunderbird 1.5.0.5 (X11/20060719)

Hi there,

obiously this problem was due to my acls.

I missed three important points:

1. I need a anonymous auth for userPassword
2. The first matching acl wins.
3. The default last line of an acl is:
	by * none.

I had an acl

access to "dn-A" by "user-b" write
access to "dn-A" by "user-a" read

Thus the user a was not able to read.

Kind regards
Cornelius

Chechu . schrieb:
> 
> 
> 
>> From: Cornelius Koelbel <cornelius.koelbel@gmx.de>
>> To: openldap-software@OpenLDAP.org
>> Subject: simple bind ldapsearch invalid credentials
>> Date: Mon, 07 Aug 2006 23:51:37 +0200
>>
>> Hello,
>>
>> i set up openldap 2.2.29 on FC4.
>> I guess everything is right, I can access and modify everyting with the
>> manager.
>> I setup an object
>>     cn=corny,ou=users,dc=az,dc=local
>>
>> as follows:
>>
>>     dn: cn=corny,ou=users,dc=az,dc=local
>>     objectClass: top
>>     objectClass: person
>>     cn: corny
>>     sn: corny
>>
>> I want to have this person access to a subtree of the ldap.
>>     access to dn="ou=cornelius,ou=adressen,dc=az,dc=local"
>>         by dn="cn=corny,ou=users,dc=az,dc=local" write
>> But for now, I configured everything:
>>     access to *
>>         by dn="cn=corny,ou=users,dc=az,dc=local" write
>>
>> Now I set a password and try to connect:
>>
>> corny@schnuck:[/data/down]> ldappasswd  -x -D
>> "cn=Manager,dc=az,dc=local" -W -S  "cn=corny,ou=users,dc=az,dc=local"
>> New password:
>> Re-enter new password:
>> Enter LDAP Password:
>> Result: Success (0)
>>
>> everything seems fine, but now:
>>
>> corny@schnuck:[/data/down]> ldapsearch   -D
>> 'cn=corny,ou=users,dc=az,dc=local' -W  -x -b 'dc=az,dc=local'
>> Enter LDAP Password:
>> ldap_bind: Invalid credentials (49)
>>
>>
>> Whats wrong, where can I start to search?
>>
>> Kind regards
>> Cornelius
> 
> 
>> << smime.p7s >>
> try this
> 
> ldapsearch   -D "cn=corny,ou=users,dc=az,dc=local" -W  -x
> 
> 
> 
> -- 
> Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
> und ist - aktuelle Virenscanner vorausgesetzt - sauber.
> MailScanner dankt transtec Computer für die freundliche Unterstützung.
> 
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Prev by Date: Re: effect of --disable-debug configure option
Next by Date: Segmentation fault and perl backend...
Index(es):
- Chronological
- Thread