Re: Possible ACL Issue while try to read Root DSE

[Raffael Sahli <public@raffaelsahli.com>]

On 11/29/2011 09:13 AM, Axel Birndt wrote:
> Hi Ondrej,
>
> Am 29.11.2011 08:37, schrieb Ondrej Kuznik:
> > Make sure you check your ldap.conf or explicitly say you require a
> > simple bind using the "-x" command line switch. What you're receiving
> > seems more like a bind failure (after which the client bails) than a
> > search failure.
> >
> > Try this:
> > ldapsearch -x -D "" -s base -b "" -h localhost
> >
> > If this does not print the RootDSE or returns anything other than a
> > success, your server ACL or other settings are most likely 
> > misconfigured.
>
> I tried the command from above:
>
>  ldapsearch -x -D "" -s base -b "" -h localhost
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope baseObject
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 1
>
> With your description, i should got a little bit more, right?
>
> I'll try to fix my acl's and test it again.
>
> Could you tell me please, which output i could expect? Maybe you are 
> able to give me an example, so i could verify it by myself?

>ldapsearch -x -D "" -s base -b "" -h localhost
Set -D to your admin DN  and set -W to get a password prompt.

You should get the following lines (I have SASL not simpleBind!)
(Simplebind like this: ldapsearch -b "" -s base -xD 
cn=admin,dc=mydomain,dc=com -W)

[raffael.sahli@ldap-master001 ~]#--> ldapsearch -b "" -s base
SASL/GSSAPI authentication started
SASL username: raffael.sahli@MY_REALM
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#

#
dn:
objectClass: top
objectClass: OpenLDAProotDSE

# search result
search: 5
result: 0 Success

# numResponses: 2
# numEntries: 1


--
Raffael Sahli
public@raffaelsahli.com