[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: bind using CN instead of UID

On Thu, Oct 6, 2011 at 9:50 AM, Craig White <craig.white@ttiltd.com> wrote:
Obviously there is something that I don't understand because I would expect to be able to bind using CN as well as UID attribute...

version: 2.4.21-0ubuntu5.5

***** this as you can see works *****
# ldapsearch -x -D 'uid=cwhite,ou=people,dc=ttinet,dc=local' -W '(uid=cwhite)' uid, cn
Enter LDAP Password:
# extended LDIF
# LDAPv3
# base <dc=ttinet,dc=local> (default) with scope subtree
# filter: (uid=cwhite)
# requesting: uid, cn

# cwhite, people, ttinet.local
dn: uid=cwhite,ou=people,dc=ttinet,dc=local
cn: Craig White

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

***** same as above but using cn instead of uid *****
# ldapsearch -x -D 'cn=Craig White,ou=people,dc=ttinet,dc=local' -W '(uid=cwhite)' uid, cn
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

I have to believe that if this is an ACL issue, then the very first rule is the problem...

olcAccess: {0}to attrs=userPassword,shadowLastChange by dn.exact="uid=administ
 rator,ou=people,dc=ttinet,dc=local" write  by self write  by anonymous auth
 by * none

What is it that I am missing?

Craig White ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ craig.white@ttiltd.com
1.800.869.6908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ www.ttiassessments.com

Need help communicating between generations at work to achieve your desired success? Let us help!

I guess it not matter of CN or UID, you can only bind using DN and a valid password. The key is DN, your can search DN using any attribute and then do the bind using DN.