[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unable to run ldapsearch



This is output for ldapsearch, I am not sure it's much different from the previous post.
=> access_allowed: auth access to "uid=testuser,ou=People,dc=myorg,dc=com" "userPassword" requested
=> acl_get: [1] attr userPassword
=> slap_access_allowed: result not in cache (userPassword)
=> acl_mask: access to entry "uid=testuser,ou=People,dc=myorg,dc=com", attr "userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: *
<= acl_mask: [1] applying write(=wrscxd) (stop)
<= acl_mask: [1] mask: write(=wrscxd)
=> slap_access_allowed: auth access granted by write(=wrscxd)
=> access_allowed: auth access granted by write(=wrscxd)
send_ldap_result: conn=0 op=1 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=2 tag=97 err=49
Here is my ACL now:
access  to attrs=userPassword
        by *         write
        by *           read
access  to *
        by *            read
This is my LDAP build options:
./configure --prefix=/opt --enable-bdb --enable-crypt --enable-spasswd  --with-threads --with-tls --with-cyrus-sasl --without-kerberos --disable-ipv6 --enable-slurpd --enable-cleartext --enable-wrappers
I am not sure this info will help anything :
LDFLAGS=-L/opt/lib -L/usr/local/BerkeleyDB.4.6/lib -L/opt/ssl/lib -L/opt/lib/sasl2 -L/usr/lib -R/opt/ssl/lib -R/opt/lib/sasl -L/usr/local/ssl/lib
CPPFLAGS=-I/opt/lib -I/opt/ssl/include -I/usr/local/BerkeleyDB.4.6/include -I/opt/include/sasl

Thanks,
 
 
On Wed, Mar 19, 2008 at 10:23 AM, Buchan Milne <bgmilne@staff.telkomsa.net> wrote:
On Wednesday 19 March 2008 15:40:13 Kevin Kim wrote:
> I did same option as ldapadd, but I am not getting any output.
>
> /opt/bin/ldapsearch -Z -x -W -D "ou=People,dc=myorg,dc=com"
> "(objectclass=*)"
> Enter LDAP Password:

Generally, debugging at the client side is not useful if you know exactly what
the client was trying, the error:

> ldap_bind: Invalid credentials (49)

is sufficient.

So, to me it looks like ou=People,dc=myorg,dc=com does not have the password
you think it does, or the access controls to userPassword are too strict, or
the password hash you are using is not supported by your build.

At this point it's probably best asking how you compiled slapd (what configure
options, what linker flags you used).

Regards,
Buchan