[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap_bind: Insufficient access



Hello,

I set up one LDAP Server on RedHat 8, OpenLDAP Version 2.0.25.

I can only bind the admin user to openldap. With all other users I
receive ldap_bind: Insufficient access.

I search the Database with the follow command: 

ldapsearch -x -D cn=user1,ou=People,dc=company,dc=net -W uid=user1  
Enter LDAP Password: ******
ldap_bind: Insufficient access

When I connect with the user which i have into the slapd.conf file all
work without problem

The next what i test was getent. 
Getent passwd, works fine.
Getent shadow show only the entries from /etc/shadow file.

#############################################################################

When I look to the logfiles I see the follow entries:

Nov 20 14:27:03 groupware slapd[1840]: slapd starting
Nov 20 14:27:03 groupware ldap: Starten von slapd succeeded
Nov 20 14:27:08 groupware slapd[1843]: daemon: conn=0 fd=9 connection
from IP=127.0.0.1:32987 (IP=0.0.0.0:389)
accepted.
Nov 20 14:27:08 groupware slapd[1847]: conn=0 op=0 BIND
dn="CN=USER1,OU=PEOPLE,DC=COPANY,DC=NET" method=128
Nov 20 14:27:08 groupware slapd[1847]: conn=0 op=0 RESULT tag=97 err=50
text=
Nov 20 14:27:08 groupware slapd[1847]: conn=-1 fd=9 closed


##########################################################################
My slapd.conf file lokk like the follow:

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27
20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/trust.schema
include         /etc/openldap/schema/redhat/autofs.schema
include         /etc/openldap/schema/redhat/kerberosobject.schema
include         /etc/openldap/schema/samba.schema
include         /etc/openldap/schema/qmail.schema
include         /etc/openldap/schema/goaccount.schema
include         /etc/openldap/schema/gofax.schema
include         /etc/openldap/schema/gofirewall.schema
include         /etc/openldap/schema/gohard.schema
include         /etc/openldap/schema/goto.schema

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

access to attribute=userPassword
        by self write
        by dn="cn=admin,ou=People,dc=company,dc=net" write
        by anonymous auth
        by * none

access to attribute=lastUser
        by dn="cn=ou=People,dc=company,dc=net" write
        by dn="cn=admin,ou=People,dc=company,dc=net" write
        by * write


# Samba passwords
access to attribute=lmPassword
        by dn="cn=ldapadmin,ou=People,dc=company,dc=net" write
        by dn="cn=admin,ou=People,dc=company,dc=net" write
        by anonymous auth
        by self write
        by * none

access to attribute=ntPassword
        by dn="cn=ldapadmin,ou=People,dc=company,dc=net" write
        by dn="cn=admin,ou=People,dc=company,dc=net" write
        by anonymous auth
        by self write
        by * none

access to *
        by dn="cn=ldapadmin,ou=People,dc=company,dc=net" write
        by dn="cn=admin,ou=People,dc=company,dc=net" write
        by * read

access to *
       by * read

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=company,dc=net"
rootdn          "cn=admin,ou=People,dc=company,dc=net"
rootpw          testerpasswd
directory       /var/lib/ldap

index   objectClass,rid,uid,uidNumber,gidNumber,memberUid       eq
index   cn,mail,surname,givenname                       eq,subinitial


#########################################################################

The /etc/ldap.conf file have the follow entries:

host 127.0.0.1
base ou=People,dc=company,dc=net
uri ldap://127.0.0.1/
pam_password crypt


#########################################################################

the nsswitch.conf the follow. 

passwd:     files ldap
shadow:     files ldap
group:      files ldap

#########################################################################

And the last /etc/openldap/ldap.conf

HOST 127.0.0.1
BASE dc=creativix,dc=netz

#########################################################################

I don't know what the problem is, I search two days without a solution.


Thank you and regards Reiner