From: Quanah Gibson-Mount <quanah@zimbra.com>
To: espeake@oreillyauto.com
Cc: openldap-technical@openldap.org,
openldap-technical-bounces@OpenLDAP.org, Ulrich Windl
<Ulrich.Windl@rz.uni-regensburg.de>
Date: 08/30/2013 12:37 PM
Subject: Re: Antw: Re: Object not found
--On Friday, August 30, 2013 10:55 AM -0500 espeake@oreillyauto.com wrote:
Quanah,
I tried this morning to change the password:
ldappasswd -s <password> -Wx -D "uid=admin,dc=<domain>,dc=com"
"uid=readOnlyUser,ou=system,dc=<domain>,dc=com"
I confirmed that the hashed password changed. I still get invalid
credentials. I am betting that there is some little simple thing that is
holding this up.
Ok, so error (49) means one of two things:
a) Password is incorrect
b) No such object
No such object means either the entry you are attempting to bind as does
not exist in the LDAP DB, or ACLs prevent reading it, so it appears not to
exist.
My guess is this ACL is blocking access to the entry:
olcAccess: {5}to dn.subtree="ou=System,dc=oreillyauto,dc=com" by
dn.subtree="ou=Users,dc=oreillyauto,dc=com" none by users read
--Quanah
--
Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
Wouldn't the following control grant the access first since it is the
first in the list.
olcAccess: {0}to *
by dn.base="uid=syncrepl,ou=System,dc=oreillyauto,dc=com" read
by dn.base="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" read
by dn.base="uid=ldapAdmin,ou=System,dc=oreillyauto,dc=com" write
by dn.base="uid=newUserAdmin,ou=System,dc=oreillyauto,dc=com" write
by dn.base="uid=passwordAdmin,ou=System,dc=oreillyauto,dc=com" write