[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Possible ACL Issue while try to read Root DSE

Hash: SHA1

On 11/28/2011 09:34 PM, Axel Birndt wrote:
> Hi @All,
> i'am new on this list and i have a question.
> While i'am using the tool web2ldap from Michael Stroeder and try to 
> create a new entry with this tool.
> I'am using openldap with cn=config backend on ubuntu 10.04
> Michael mentioned it could be a acl problem, because his tool couldn't 
> read the Root DSE
> If i specify the search base and the adminuser i could see the content 
> of the Tree root.
> ldapsearch -b "dc=2axels-company,dc=de" -s base 'objectclass=*' -h 
> localhost -D cn=admin,dc=2axels-company,dc=de  -W
> But if i use ldapsearch with the following command i got nothing:
> ldapsearch -b "" -s base 'objectclass=*'
> ldap_sasl_interactive_bind_s: No such object (32)

Make sure you check your ldap.conf or explicitly say you require a
simple bind using the "-x" command line switch. What you're receiving
seems more like a bind failure (after which the client bails) than a
search failure.

Try this:
ldapsearch -x -D "" -s base -b "" -h localhost

If this does not print the RootDSE or returns anything other than a
success, your server ACL or other settings are most likely misconfigured.

> Could you help me please to identify if there is a problem with reading 
> the Root DSE?

- -- 
Ondrej Kuznik
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.