Hey All,
I seem to be having a problem is binding and userPasswords. I have two admin users (admin1 and admin2) that I want to be able to search and write to the directory. I then have a bunch of other users that I just want to be able to bind to the server (Im using cyrus with PAM-LDAP).
When I try to run:
ldapsearch -b "dc=mydomain,dc=com" -x "uid=someuser" -x -D"uid=admin1,ou=users,dc=mydomain,dc=com" –W
(or when I try to bind with any of the users)
I get a “ldap_bind: Insufficient access” error.
All of the passwords for the admins and users were set with the following type of command:
ldappasswd -D"cn=Manager,dc=mydomain,dc=com" "uid=someuser,ou=users,dc=mydomain,dc=com" -x -W -S
All ldappaswd commands were successful because I binded using the Manager rootdn (as set in the slapd.conf). FYI, the search command above also worked when binding with the Manager userid.
The access section of slapd.conf looks like:
-------------------------------------------------------------------------------
# Define global ACLs to disable default read access.
defaultaccess auth
# Users Modify Thier Information
access to * by self write
# Software Access
access to * by dn="uid=admin1,ou=users,dc=mydomain,dc=com" write
access to * by dn="uid=admin2,ou=users,dc=mydomain,dc=com" read
access to * by * auth
-------------------------------------------------------------------------------
does anyone have any idea why my users/admins can bind and why the admins cant search? Should I not be using ldappassword or something?
Thanks in advance,
Lee