[Date Prev][Date Next] [Chronological] [Thread] [Top]

Bind/Ldappasswd



Title: Bind/Ldappasswd

Hey All,

I seem to be having a problem is binding and userPasswords. I have two admin users (admin1 and admin2) that I want to be able to search and write to the directory. I then have a bunch of other users that I just want to be able to bind to the server (Im using cyrus with PAM-LDAP).

When I try to run:

ldapsearch -b "dc=mydomain,dc=com" -x "uid=someuser" -x -D"uid=admin1,ou=users,dc=mydomain,dc=com" W

(or when I try to bind with any of the users)

I get a ldap_bind: Insufficient access error.

All of the passwords for the admins and users were set with the following type of command:

ldappasswd -D"cn=Manager,dc=mydomain,dc=com" "uid=someuser,ou=users,dc=mydomain,dc=com" -x -W -S

All ldappaswd commands were successful because I binded using the Manager rootdn (as set in the slapd.conf). FYI, the search command above also worked when binding with the Manager userid.

The access section of slapd.conf looks like:

-------------------------------------------------------------------------------

# Define global ACLs to disable default read access.

defaultaccess auth

# Users Modify Thier Information

access to * by self write

# Software Access

access to * by dn="uid=admin1,ou=users,dc=mydomain,dc=com" write

access to * by dn="uid=admin2,ou=users,dc=mydomain,dc=com" read

access to * by * auth

-------------------------------------------------------------------------------

does anyone have any idea why my users/admins can bind and why the admins cant search? Should I not be using ldappassword or something?


Thanks in advance,

Lee