[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Possible ACL Issue while try to read Root DSE

To: <openldap-technical@openldap.org>
Subject: Re: Possible ACL Issue while try to read Root DSE
From: Ondrej Kuznik <ondrej.kuznik@acision.com>
Date: Tue, 29 Nov 2011 08:37:38 +0100
In-reply-to: <4ED3F04D.8060404@gmx.de>
Organization: Acision
References: <4ED3F04D.8060404@gmx.de>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111114 Iceowl/1.0b2 Icedove/3.1.16

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/28/2011 09:34 PM, Axel Birndt wrote:
> Hi @All,
> 
> i'am new on this list and i have a question.
> 
> While i'am using the tool web2ldap from Michael Stroeder and try to 
> create a new entry with this tool.
> 
> I'am using openldap with cn=config backend on ubuntu 10.04
> 
> Michael mentioned it could be a acl problem, because his tool couldn't 
> read the Root DSE
> 
> If i specify the search base and the adminuser i could see the content 
> of the Tree root.
> 
> ldapsearch -b "dc=2axels-company,dc=de" -s base 'objectclass=*' -h 
> localhost -D cn=admin,dc=2axels-company,dc=de  -W
> 
> But if i use ldapsearch with the following command i got nothing:
> 
> ldapsearch -b "" -s base 'objectclass=*'
> 
> ldap_sasl_interactive_bind_s: No such object (32)

Make sure you check your ldap.conf or explicitly say you require a
simple bind using the "-x" command line switch. What you're receiving
seems more like a bind failure (after which the client bails) than a
search failure.

Try this:
ldapsearch -x -D "" -s base -b "" -h localhost

If this does not print the RootDSE or returns anything other than a
success, your server ACL or other settings are most likely misconfigured.

> Could you help me please to identify if there is a problem with reading 
> the Root DSE?

- -- 
Ondrej Kuznik
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7Ui78ACgkQ9GWxeeH+cXvkTQCeI4LSS8cs3/DuX9L1Cmhkqkbi
aNgAnjVyyR2fix2v9iDhxSl0H6BH+aXg
=O/4e
-----END PGP SIGNATURE-----

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

Follow-Ups:
- Re: Possible ACL Issue while try to read Root DSE
  - From: Axel Birndt <towerlexa@gmx.de>

References:
- Possible ACL Issue while try to read Root DSE
  - From: Axel Birndt <towerlexa@gmx.de>

Prev by Date: Re: Unable to login on client nodes.
Next by Date: Re: Changing schema OID values in cn=config
Index(es):
- Chronological
- Thread