[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch -D?

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: ldapsearch -D?
From: Geoff Hibble <ghibble@LastFoot.com>
Date: Mon, 02 Aug 1999 11:19:00 -0600
Cc: Samir Desai <samirmdesai@hotmail.com>, openldap-software@OpenLDAP.org
Delivered-to: fixup-openldap-software@OpenLDAP.org@fixme
Organization: LastFoot.com, Inc.
References: <3.0.5.32.19990802084611.00927a80@localhost>

Kurt, I had a similar problem I posted earlier.  Does that mean my problem is
that in 1.2 you can only bind as the administrator?

-----------------------------------------------------------
Hi,

I am using openldap version 1.2.3.
I have used some ldap migrate tool to import the passwords file into LDAP.
I am successfully using pam_ldap.
I am trying  to change the password as me:


      # ldappasswd -D"uid=ghibble,dc=adevice,dc=com" -w abc123
"uid=ghibble,dc=adevice,dc=com".


It prompts for password and I give it something but it comes back with:


      ldap_bind: Invalid credentials


abc123 is the correct current password.  My slapd.conf has the following lines:

      access to attr=userPassword
         by self write
         by * compare

If I bind as ROOTDN, "cn=root,dc=adevice,dc=com" and ROOTPW,  it works fine.

What am I doing wrong?

Thanks
--Geoff Hibble
-------------------------------------------------------------------

"Kurt D. Zeilenga" wrote:

> At 08:12 AM 8/2/99 PDT, Samir Desai wrote:
> >Can anyone tell me what is wrong?  When I try to search using ldap tools, I
> >get a message stating "ldap_bind: Insufficient access".
> >
> >This is my search query;
> >ldapsearch -b "ou=OrgUnit,o=OrgName,c=US" -D
> >"cn=FullName,ou=OrgUnit,o=OrgName,c=US" -w "pwd" objectclass=*
> >
> >Is my slapd.conf file not configured properly;
> >
> >####################################################################
> >
> >include  FullPath\\slapd.at.conf
> >include  FullPath\\slapd.oc.conf
> >schemacheck off
> >referral ldap://ldap.itd.umich.edu
> >
> >database ldbm
> >suffix  "ou=OrgUnit,o=Orgname,c=US"
> >directory FullPath\\db
> >rootdn  "cn=root,ou=OrgUnit,o=Orgname,c=US"
> >rootpw  rootpwd
> >
> >index  cn,ou  eq,sub,approx
> >index  sn,uid  eq,sub,approx
> >index  objectclass pres,eq
> >
> >defaultaccess read
> >
> >access to attr=userpassword
> >       by self write
> >       by dn="cn=root,ou=OrgUnit,o=Orgname,c=US" write
> >       by dn="cn=FullName,ou=OrgUnit,o=Orgname,c=US" write
> >       by * compare
> >
> >access to *
> >       by dn="cn=root,ou=OrgUnit,o=Orgname,c=US" write
> >       by dn="cn=FullName,ou=OrgUnit,o=Orgname,c=US" write
> >       by * none
> >
> >####################################################################
> >
> >"defaultaccess" is set to read then how come it doesn't work.  Any form of
> >help would be greatly appreciated.  Thanks.
>
> First, I don't see any use of defaultaccess, both rules have "by *"
> and the last rule is "to *"...  there is no implicit defaulting if
> you are explicit.
>
> Second, I suspect you are using 2.0-alpha as 1.2 doesn't require
> specific access to bind to an entry.  If so, you must grant "anonymous"
> "auth" access to any entry (and attribute) needed for authentication.
>
> access to attr=userpassword
>         by self write
>         by dn="cn=root,ou=OrgUnit,o=Orgname,c=US" write
>         by dn="cn=FullName,ou=OrgUnit,o=Orgname,c=US" write
>         by * compare
> # "by * compare" includes "by anonymous auth"
>
> access to *
>         by dn="cn=root,ou=OrgUnit,o=Orgname,c=US" write
>         by dn="cn=FullName,ou=OrgUnit,o=Orgname,c=US" write
>         by anonymous auth
>         by * none
>
> Kurt

Follow-Ups:
- Re: ldapsearch -D?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: ldapsearch -D?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: questions on ldap v3
Next by Date: Re: ldapsearch -D?
Index(es):
- Chronological
- Thread