[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: confused: after PADL migration, can only search as Manager?

To: "Brian K. Jones" <jonesy@CS.Princeton.EDU>
Subject: Re: confused: after PADL migration, can only search as Manager?
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: 21 Jan 2003 07:28:47 +0100
Cc: ldap list <openldap-software@OpenLDAP.org>
In-reply-to: <1043091580.23849.14.camel@newhotness>
Organization:
References: <1043091580.23849.14.camel@newhotness>

man, 2003-01-20 kl. 20:39 skrev Brian K. Jones:

> Here's what I'm getting:
> 
>  > ldapsearch -L -W -D "uid=jonesy,ou=People,dc=my,dc=domain,dc=com"
> 'uid=jonesy' -x
> ldap_bind: Invalid credentials (49)
>  >

> However, if I use "cn=Manager,dc=my,dc=domain,dc=com" everything is fine
> - using all of the same flags and everything.  

> How does LDAP check if you're a valid user?  Does it not use the
> password that's in the user's entry in the directory itself?  The
> authentication stuff is really cloudy for me right now, so excuse my
> ignorance.  

It uses the dn. From your example, I'd guess you are using cn for the
first dn rdn, with uid as a complementary attribute. slapd will not
verify the node this way. If you use the uid instead of cn in the dn, it
will. But to my mind, this is not a Good Idea, nor does it agree with
the relevant rfc(s, haven't the number in my head, but they're all
packed with the Openldap tar distros)

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl

Follow-Ups:
- RE ldapadd -D "cn=root" -h ????
  - From: "Lim Pey Foong" <lim@tssb.com.my>

References:
- confused: after PADL migration, can only search as Manager?
  - From: "Brian K. Jones" <jonesy@CS.Princeton.EDU>

Prev by Date: Re: Please help
Next by Date: Re: Certificate in openldap
Index(es):
- Chronological
- Thread