[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Useless ldapwhoami behavior?

To: Jaap Winius <jwinius@umrk.nl>
Subject: Re: Useless ldapwhoami behavior?
From: Luca Scamoni <luca.scamoni@gruppopa.it>
Date: Mon, 14 Dec 2009 14:28:35 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <20091214020423.db9isp17sf4kgkko@www.umrk.nl>
References: <20091214020423.db9isp17sf4kgkko@www.umrk.nl>
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

As stated by ldap* tools... error 49 Invalid credentials
so you're misstyping either the DN or the password (or both)

Jaap Winius wrote:
> Hi all,
>
> The utility of the "ldapwhoami" tool is a mystery to me. As opposed to
> the usual Unix "whoami" command, which prints the effective userid,
> "ldapwhoami" doesn't seem to print the matching LDAP DN... at least
> not for me.
>
> My test setup includes an OpenLDAP server and a separate client. The
> server's slapd.conf includes these ACLs:
>
>    access to attrs=userPassword,shadowLastChange
>            by dn="cn=admin,dc=umrk,dc=nl" write
>            by anonymous auth
>            by self write
>            by * none
>
>    access to dn.base=""
>            by * read
>
>    access to *
>            by dn="cn=admin,dc=umrk,dc=nl" write
>            by * read
>
> My LDAP DIT includes an account for a normal user with a password.
> Without any problem I can use this to login to the client host, but
> when I want to test, or verify, the account's LDAP DN, all I get is this:
>
>    ~$ ldapwhoami -x
>    anonymous
>    ~$ _
>
> Even stranger, if I supply the account's DN and password (although
> this would seem a useless thing to do, since it's the very same info
> I'm asking for), I get this error:
>
>    ~$ ldapwhoami -x -D "cn=testuser,dc=umrk,dc=nl" -w testpass
>    ldap_bind: Invalid credentials (49)
>    ~$ _
>
> On the other hand, this does work if I supply the admin DN and password:
>
>    ~$ ldapwhoami -x -D "cn=admin,dc=umrk,dc=nl" -w adminpass
>    dn:cn=admin,dc=umrk,dc=nl
>    ~$ _
>
> The "ldapsearch" command is the same: I can get a response when
> binding anonymously ("-x"), as well as when binding as the admin user,
> but not when I use a normal user account, which results in the same
> error 49 as above.
>
> This behavior seems rather useless to me. Surely I've made a mistake
> somewhere. Can anyone say what it might be?
>
> Thanks,
>
> Jaap
>


-- 

/Luca Scamoni
/
*Gruppo Partners Associates*
Tel. Milano +39 02 67380435* *- Udine +39 0432 689815 - Roma +39 06 54832300
Fax Milano +39 02 67386214 - Udine +39 0432 570120 - Roma +39 06 91659273
Cell. +39 348 0471710
Email: Luca.Scamoni@GruppoPA.it <mailto:Luca.Scamoni@GruppoPA.it>
Sito: _www.GruppoPA.it_ <http://www.GruppoPA.it> 


Prima di stampare, pensa all'ambiente ** Think about the environment
before printing

References:
- Useless ldapwhoami behavior?
  - From: Jaap Winius <jwinius@umrk.nl>

Prev by Date: ApacheDS + openLDAP
Next by Date: Many TCP connections
Index(es):
- Chronological
- Thread