Re: ldap_bind: Invalid credentials (49)

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Sunday, August 28, 2005 11:38 AM -0400 alpnet99@netscape.net wrote:

>  I'm new to LDAP and just playing around with it. I'm trying to figure
> out why ldapsearch fails with the above error when I activate a simple
> ACL.
>
> # ldapsearch -x -b 'dc=test,dc=com' -D
> # 'mail=Michelle@test.com,ou=michelle,dc=test,dc=com' -w pass123
> ldap_bind: Invalid credentials (49)

> access to *
>         by users read
> #       by * read
> # uncommenting above line allows ldapsearch to bind OK with
> # the *correct* passwd ??
> -----

Your ACL rule above only lets authenticated users read the DB.  Since your 
initial connection isn't authenticated yet, it cannot read the user 
password attribute, so the bind fails.

You probably want something like:

access to userPassword
     by anonymous auth
     by self read

access to *
      by users read

or something like that.  Don't quote me on it, because I don't support 
passwords in my DB. ;)

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin