[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: What DN (user name) I should use for connecting to ldap server?

To: sam <sam@ip6.com.au>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: RE: What DN (user name) I should use for connecting to ldap server?
From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>
Date: Mon, 21 Jun 2010 11:41:06 -0700
Accept-language: en-US
Acceptlanguage: en-US
Content-language: en-US
In-reply-to: <4C1F6C2D.5050109@ip6.com.au>
References: <4C1F6C2D.5050109@ip6.com.au>
Thread-index: AcsRcBZ2PMBWnydGQ1azLR/1X8p3lwAABHAA
Thread-topic: What DN (user name) I should use for connecting to ldap server?

Sam,

You need to specify a DN (that has at least read access).

It could be a DN within the scope of the server, or root/manager/etc DN's specified in your slapd.conf (which would give you write access).

For example, use the rootdn entry from your slapd.conf:
rootdn          "cn=root,dc=example,dc=net"

Remember: You /may/ have several accounts with the same name in your LDAP tree - so you need to specify /exactly/ which one.

For example, in our implementation, we have subtrees used for authentication for specific systems - and there are CN's that are the same between them and the 'default' user branches.  If someone who should have rights to one of the subtrees wants to connect, then can - but they have to specify a DN they know the creds to, and the Base DN they want to use as a Base:
        DN:             cn=DevMgr,dc=dev,dc=subtree,dc=example,dc=net
        Base DN:        dc=dev,dc=subtree,dc=example,dc=net

That DN is granted full rights to the tree based at 'Base DN'.

It might seem annoying, but 'root' doesn't mean anything specific.  Use the full DN.

- chris

-----Original Message-----
From: openldap-technical-bounces+chris.jacobs=apollogrp.edu@OpenLDAP.org [mailto:openldap-technical-bounces+chris.jacobs=apollogrp.edu@OpenLDAP.org] On Behalf Of sam
Sent: Monday, June 21, 2010 6:42 AM
To: openldap-technical@openldap.org
Subject: What DN (user name) I should use for connecting to ldap server?

Hi,

I have ldap server started up in freebsd.
I tried to test it with Apache Directory Studio.
When I open a New Connection in the Studio, it asks for User name.
I entered "root" as user name, then go for the connection...

However I got following error message in ldap log file:


Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 ACCEPT from IP=192.168.1.100:57297 (IP=192.168.1.20:389)
Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 do_bind: invalid dn (root)
Jun 21 23:14:51 hometest slapd[2417]: conn=1005 op=0 RESULT tag=97 err=34 text=invalid DN
Jun 21 23:14:51 hometest slapd[2417]: conn=1005 fd=11 closed (connection lost)


What value of DN I should enter in the ldap browser (Apache Directory Studio) in order to connect to the ldap server?

I have ldap listening to the following ports:
hometest:openldap # netstat -an | egrep '389|636'
tcp4       0      0 192.168.1.20.636       *.*                    LISTEN
tcp4       0      0 192.168.1.20.389       *.*                    LISTEN


Your help is much appreciated

Thanks
Sam




This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.

Follow-Ups:
- Re: What DN (user name) I should use for connecting to ldap server?
  - From: sam <sam@ip6.com.au>

References:
- What DN (user name) I should use for connecting to ldap server?
  - From: sam <sam@ip6.com.au>

Prev by Date: Re: PROBLEM: can't use SASL to authentication openldap client
Next by Date: Re: What DN (user name) I should use for connecting to ldap server?
Index(es):
- Chronological
- Thread