[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Strange things in LDAP
Hello this is my first post so sorry if this is obsolete or similar,
I've have some strange things concerning my LDAP setup.
1. I cannot change password via ldappasswd, or any web ldap change
password program:
anubis@topaz anubis]$ ldappasswd -A -S -h ldap.domain.org -x -D
"dc=domain,dc=org" igor
Old password:
Re-enter old password:
New password:
Re-enter new password:
Result: Strong authentication required (8)
Additional info: only authenicated users may change passwords
2. Also, I cannot search LDAP base:
[anubis@topaz anubis]$ ldapsearch -x -h ldap.domain.org -b
'dc=domain,dc=org' '(objectclass=*)'
version: 2
#
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
3. I cannot bind with superuser-ldap (Manager) account, I have invalid
credentials:
$ ldapsearch -x -h ldap.domain.org -b 'dc=domain,dc=org' -D
'dc=Manager,dc=domain,dc=org' '(objectclass=*)' -w xyz
ldap_bind: Invalid credentials
What's working is authenticating users via pam_ldap users, so, when my
dial in users log in everyuthing is ok.
Also, noone LDAP browser (gq, directory_search,...) doesn't work as
predicted. ( connot broswe, search, change).
I'm using Red Hat 7.1 and following packages:
openldap-2.0.7-14
nss_ldap-149-1
openldap-devel-2.0.7-14
openldap-servers-2.0.7-14
openldap-clients-2.0.7-14
slapd.conf contains:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
database ldbm
suffix "dc=domain, dc=org"
rootdn "cn=Manager, dc=domain, dc=org"
rootpw {crypt}xyxcsxMxhjeti
access to attr=userPassword
by self write
by anonymous auth
by dn="cn=Admin,dc=domain,dc=org" write
by * none
access to *
by self write
by dn="cn=Admin,dc=domain,dc=org" write
by * read
index objectClass,uid,uidNumber,gidNumber eq
index cn,mail,surname,givenname eq,subinitial
What I want to have workable is, to give users to change password on
LDAP.
Is cn=Manager same as cn=Admin?
Thanx very much for your answers,
Igor