[Date Prev][Date Next] [Chronological] [Thread] [Top]

Anonymous can't browse...



Hi,

I'm running OpenLDAP 2.0.10 on a Debian SID distribution

The package installed a default database looking like this:
NB: my machine name is "foobar"

foobar.domain.com
dc=foobar
 |
 +-ou=People
 |  |
 |  +-cn=admin
 |   
 +-ou=Roaming 

Everything works perfectly.

I've changed a bit the structure to suit my needs.

1/ I've set up a rootdn/rootpw in slapd.conf (cn=ldapadmin,dc=foobar)
   and I removed "cn=admin,ou=People,dc=foobar" within the database.
   
2/ I've removed "ou=Roaming" and "ou=People"

3/ I've creating 2 new "ou", now the base look like this

foobar.domain.com
dc=foobar
 |
 +-ou=AddressBook
 |  |
 |  +-uid=joe
 |  +-uid=sam
 |
 +-ou=LDAPUsers

Here the problems begin :( I don't know if "ou=People" is a mandatory
OrganisationalUnit or what but now, I can only browse the database using
the "rootdn" binding. Try to browse with bind Anonymous just display
this : NB: I use PHP LDAP Explorer 1.16

foobar.domain.com
dc=foobar

I have no error message but I can only see the "dc=foobar" level and
that's all. Nothing more. I don't know what I did wrong that lead to
this issue.

Here is my slapd.conf in case something is badly done.

# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

# Schema and objectClass definitions
include		/etc/ldap/schema/core.schema

# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck	off

# Where clients are refered to if no
# match is found locally
#referral	ldap://ldap.four11.com

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile		/var/run/slapd.pid

# List of arguments that were passed to the server
argsfile	/var/run/slapd.args

# Read slapd.conf(5) for possible values
loglevel	0

#######################################################################
# ldbm database definitions
#######################################################################

# The backend type, ldbm, is the default standard
database	ldbm

# The base of your directory
suffix		"dc=foobar"

# Where the database file are physically stored
directory	"/var/lib/ldap"

# Save the time that the entry gets modified
lastmod on

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
access to dn=".*,dc=foobar"
	by dnattr=owner write

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
	by dn="cn=ldapadmin,dc=foobar" write
	by anonymous auth
	by self write
	by * none

# The admin dn has full write access
access to *
	by dn="cn=ldapadmin,dc=foobar" write
	by * read

# Example replication using admin account. This will require taking the
# out put of this database using slapcat(8C), and then importing that into
# the replica using slapadd(8C).
#
# replogfile /var/lib/slurp/replog
# replica host=ldap-rep.foo.com bindmethod=simple
#	binddn="cn=ldapadmin,dc=foobar"
#	credentials="XXXXXX"

# End of ldapd configuration file

#-- Added by Verbal Kint

# Root access
rootdn "cn=ldapadmin,dc=foobar"
rootpw {SSHA}l6Ta8zF/nfmolLiaMuyQnlqFe4mZv3E0

# Access to the LDAPUsers list
#access to dn="ou=LDAPUsers,dc=foobar"
#        by dn="cn=ldapadmin,dc=foobar" write
#	by * none


-- 
Georges 'Verbal Kint' Goncalves <verbal.kint@bigfoot.com>
And then, he's gone... like that...