[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Anonymous can't browse...
Hi,
I'm running OpenLDAP 2.0.10 on a Debian SID distribution
The package installed a default database looking like this:
NB: my machine name is "foobar"
foobar.domain.com
dc=foobar
|
+-ou=People
| |
| +-cn=admin
|
+-ou=Roaming
Everything works perfectly.
I've changed a bit the structure to suit my needs.
1/ I've set up a rootdn/rootpw in slapd.conf (cn=ldapadmin,dc=foobar)
and I removed "cn=admin,ou=People,dc=foobar" within the database.
2/ I've removed "ou=Roaming" and "ou=People"
3/ I've creating 2 new "ou", now the base look like this
foobar.domain.com
dc=foobar
|
+-ou=AddressBook
| |
| +-uid=joe
| +-uid=sam
|
+-ou=LDAPUsers
Here the problems begin :( I don't know if "ou=People" is a mandatory
OrganisationalUnit or what but now, I can only browse the database using
the "rootdn" binding. Try to browse with bind Anonymous just display
this : NB: I use PHP LDAP Explorer 1.16
foobar.domain.com
dc=foobar
I have no error message but I can only see the "dc=foobar" level and
that's all. Nothing more. I don't know what I did wrong that lead to
this issue.
Here is my slapd.conf in case something is badly done.
# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck off
# Where clients are refered to if no
# match is found locally
#referral ldap://ldap.four11.com
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Read slapd.conf(5) for possible values
loglevel 0
#######################################################################
# ldbm database definitions
#######################################################################
# The backend type, ldbm, is the default standard
database ldbm
# The base of your directory
suffix "dc=foobar"
# Where the database file are physically stored
directory "/var/lib/ldap"
# Save the time that the entry gets modified
lastmod on
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
access to dn=".*,dc=foobar"
by dnattr=owner write
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
by dn="cn=ldapadmin,dc=foobar" write
by anonymous auth
by self write
by * none
# The admin dn has full write access
access to *
by dn="cn=ldapadmin,dc=foobar" write
by * read
# Example replication using admin account. This will require taking the
# out put of this database using slapcat(8C), and then importing that into
# the replica using slapadd(8C).
#
# replogfile /var/lib/slurp/replog
# replica host=ldap-rep.foo.com bindmethod=simple
# binddn="cn=ldapadmin,dc=foobar"
# credentials="XXXXXX"
# End of ldapd configuration file
#-- Added by Verbal Kint
# Root access
rootdn "cn=ldapadmin,dc=foobar"
rootpw {SSHA}l6Ta8zF/nfmolLiaMuyQnlqFe4mZv3E0
# Access to the LDAPUsers list
#access to dn="ou=LDAPUsers,dc=foobar"
# by dn="cn=ldapadmin,dc=foobar" write
# by * none
--
Georges 'Verbal Kint' Goncalves <verbal.kint@bigfoot.com>
And then, he's gone... like that...