[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldap_bind: Insufficient access
Hello,
I set up one LDAP Server on RedHat 8, OpenLDAP Version 2.0.25.
I can only bind the admin user to openldap. With all other users I
receive ldap_bind: Insufficient access.
I search the Database with the follow command:
ldapsearch -x -D cn=user1,ou=People,dc=company,dc=net -W uid=user1
Enter LDAP Password: ******
ldap_bind: Insufficient access
When I connect with the user which i have into the slapd.conf file all
work without problem
The next what i test was getent.
Getent passwd, works fine.
Getent shadow show only the entries from /etc/shadow file.
#############################################################################
When I look to the logfiles I see the follow entries:
Nov 20 14:27:03 groupware slapd[1840]: slapd starting
Nov 20 14:27:03 groupware ldap: Starten von slapd succeeded
Nov 20 14:27:08 groupware slapd[1843]: daemon: conn=0 fd=9 connection
from IP=127.0.0.1:32987 (IP=0.0.0.0:389)
accepted.
Nov 20 14:27:08 groupware slapd[1847]: conn=0 op=0 BIND
dn="CN=USER1,OU=PEOPLE,DC=COPANY,DC=NET" method=128
Nov 20 14:27:08 groupware slapd[1847]: conn=0 op=0 RESULT tag=97 err=50
text=
Nov 20 14:27:08 groupware slapd[1847]: conn=-1 fd=9 closed
##########################################################################
My slapd.conf file lokk like the follow:
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27
20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/trust.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/qmail.schema
include /etc/openldap/schema/goaccount.schema
include /etc/openldap/schema/gofax.schema
include /etc/openldap/schema/gofirewall.schema
include /etc/openldap/schema/gohard.schema
include /etc/openldap/schema/goto.schema
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
access to attribute=userPassword
by self write
by dn="cn=admin,ou=People,dc=company,dc=net" write
by anonymous auth
by * none
access to attribute=lastUser
by dn="cn=ou=People,dc=company,dc=net" write
by dn="cn=admin,ou=People,dc=company,dc=net" write
by * write
# Samba passwords
access to attribute=lmPassword
by dn="cn=ldapadmin,ou=People,dc=company,dc=net" write
by dn="cn=admin,ou=People,dc=company,dc=net" write
by anonymous auth
by self write
by * none
access to attribute=ntPassword
by dn="cn=ldapadmin,ou=People,dc=company,dc=net" write
by dn="cn=admin,ou=People,dc=company,dc=net" write
by anonymous auth
by self write
by * none
access to *
by dn="cn=ldapadmin,ou=People,dc=company,dc=net" write
by dn="cn=admin,ou=People,dc=company,dc=net" write
by * read
access to *
by * read
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=company,dc=net"
rootdn "cn=admin,ou=People,dc=company,dc=net"
rootpw testerpasswd
directory /var/lib/ldap
index objectClass,rid,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
#########################################################################
The /etc/ldap.conf file have the follow entries:
host 127.0.0.1
base ou=People,dc=company,dc=net
uri ldap://127.0.0.1/
pam_password crypt
#########################################################################
the nsswitch.conf the follow.
passwd: files ldap
shadow: files ldap
group: files ldap
#########################################################################
And the last /etc/openldap/ldap.conf
HOST 127.0.0.1
BASE dc=creativix,dc=netz
#########################################################################
I don't know what the problem is, I search two days without a solution.
Thank you and regards Reiner