On Monday 07 August 2006 23:51, Cornelius Koelbel wrote: > Hello, > > i set up openldap 2.2.29 on FC4. > I guess everything is right, I can access and modify everyting with the > manager. > I setup an object > cn=corny,ou=users,dc=az,dc=local > > as follows: > > dn: cn=corny,ou=users,dc=az,dc=local > objectClass: top > objectClass: person > cn: corny > sn: corny > > I want to have this person access to a subtree of the ldap. > access to dn="ou=cornelius,ou=adressen,dc=az,dc=local" > by dn="cn=corny,ou=users,dc=az,dc=local" write > But for now, I configured everything: > access to * > by dn="cn=corny,ou=users,dc=az,dc=local" write Is this your complete ACL set, or a subset ? If it is complete, you are definitely missing an ACL giving anonymous auth access to userPassword (required for simple bind to work). > > Now I set a password and try to connect: > > corny@schnuck:[/data/down]> ldappasswd -x -D > "cn=Manager,dc=az,dc=local" -W -S "cn=corny,ou=users,dc=az,dc=local" > New password: > Re-enter new password: > Enter LDAP Password: > Result: Success (0) > > everything seems fine, but now: > > corny@schnuck:[/data/down]> ldapsearch -D > 'cn=corny,ou=users,dc=az,dc=local' -W -x -b 'dc=az,dc=local' > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > 1)Test just the authentication bit with ldapwhoami 2)Bump the log level up to include ACL processing (384 might be a reasonable value). > Whats wrong, where can I start to search? Most likely you don't have an ACL allowing anonymous auth access to the userPassword attribute. Logs of the ACL processing will most likely indicate this. If it is not the case, they will help track it down. Regards, Buchan -- Buchan Milne ISP Systems Specialist B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
Attachment:
pgpaeRKVfbTGi.pgp
Description: PGP signature