[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AIX as openldap client

On Monday 15 November 2010, Benjamin Griese wrote:
> Hello,
> I just wanted to point you to the official guides from IBM howto
> configure your AIX ldap client, which worked fine for me, except für
> sudo-ldap, but that's another topic.
> Section 7: http://www.redbooks.ibm.com/redbooks/pdfs/sg247165.pdf
I have read the redbook.  
What ldap server are you running?  I'm using ubuntu server 10.04.

I think my problem is that I can not bind to the ldap server as a regular user 
with the ldapsearch command.  I can only bind as the admin specfied as 
olcRootDN with password olcRootPW.

I attached the 2 ldif files I use to configure the ldap server.  I hope that 
someone can find en error in it ....

I also noted that the  userPassword entry for cn=admin,dc=axi,dc=intra is not 
encrypted.  How can I generate an encrypted password?  Can this be a {SHA} or 
has it to be a {SSHA}?


This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
# Create top-level object in domain dn: dc=test,dc=intra
dn: dc=test,dc=intra
objectClass: top
objectClass: dcObject
objectclass: organization
o: Test organization
dc: Test

# Admin user.
dn: cn=admin,dc=test,dc=intra
cn: admin
objectClass: simpleSecurityObject
objectClass: organizationalRole
description: LDAP administrator
userPassword: secret

dn: ou=People,dc=test,dc=intra
objectClass: organizationalUnit
ou: People

dn: ou=Groups,dc=test,dc=intra
objectClass: organizationalUnit
ou: Groups
# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb
olcModuleLoad: back_monitor

# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=test,dc=intra
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=test,dc=intra
olcRootPW: secret
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcDbIndex: uid eq
olcDbIndex: cn eq
olcDbIndex: ou eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: memberUid eq
olcDbIndex: uniqueMember eq
olcLastMod: TRUE
olcMonitoring: TRUE
olcDbCheckpoint: 512 30

# Van http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html
#olcAccess: to attrs=userPassword 
   by dn="cn=admin,dc=example,dc=com" write 
   by anonymous auth 
   by self write 
   by * none
#olcAccess: to attrs=shadowLastChange 
   by self write 
   by * read
#olcAccess: to dn.base="" 
   by * read
#olcAccess: to * 
   by dn="cn=admin,dc=example,dc=com" write 
   by * read

# Van http://blogger.ziesemer.com/2010/05/openldap-ubuntu-linux.html
olcAccess: to dn.subtree="ou=People,dc=test,dc=intra" attrs=userPassword,shadowLastChange 
   by dn="cn=admin,dc=example,dc=com" write 
   by anonymous auth 
   by self write 
   by * auth
olcAccess: to attrs=userPassword,shadowLastChange 
   by dn="cn=admin,dc=test,dc=intra" write 
   by anonymous auth 
   by * none
# Below line should already exist by default in frontend
# Idd, zie file /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif
#olcAccess: to dn.base="" 
   by * read
# Below line modified from "*" to "users" to prevent anonymous access.
olcAccess: to * 
   by dn="cn=admin,dc=test,dc=intra" write 
   by users read