[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_bind: Invalid credentials (49)





--On Sunday, August 28, 2005 11:38 AM -0400 alpnet99@netscape.net wrote:

 I'm new to LDAP and just playing around with it. I'm trying to figure
out why ldapsearch fails with the above error when I activate a simple
ACL.

# ldapsearch -x -b 'dc=test,dc=com' -D
# 'mail=Michelle@test.com,ou=michelle,dc=test,dc=com' -w pass123
ldap_bind: Invalid credentials (49)

access to *
        by users read
#       by * read
# uncommenting above line allows ldapsearch to bind OK with
# the *correct* passwd ??
-----

Your ACL rule above only lets authenticated users read the DB. Since your initial connection isn't authenticated yet, it cannot read the user password attribute, so the bind fails.


You probably want something like:

access to userPassword
     by anonymous auth
     by self read

access to *
      by users read

or something like that. Don't quote me on it, because I don't support passwords in my DB. ;)

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin