Re: Getting Solaris to use Openldap

[Mark Cave-Ayland <mark.cave-ayland@siriusit.co.uk>]

Stuart Cherrington wrote:

> OK - so I tried
>
> ldapsearch2.4 -h 10.2.250.15 -x -b 'dc=ldn,dc=sw,dc=com'
> # extended LDIF
> #
> # LDAPv3
> # base <dc=ldn,dc=sw,dc=com> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object
>
> # numResponses: 1
>
>
> What I don't understand is 'which' object is missing?

Hi Stuart,

AIUI from reading above then the following LDAP search works:

ldapsearch2.4 -h 10.2.250.15 -x -b 'dc=ldn,dc=sw,dc=com' -D 
'cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com'

whereas the following doesn't:

ldapsearch2.4 -h 10.2.250.15 -x -b 'dc=ldn,dc=sw,dc=com'

Since it appears to fail when not specifying a bind DN with -D, this 
suggests to me that you have an ACL on 'dc=ldn,dc=sw,dc=com' which does 
not allow access to that part of the tree for anonymous binds - hence 
the "No such object" message.

For security reasons, we tend to disable anonymous binds on all our 
installations; however it seems as if the Solaris libraries require 
anonymous access to the 'cn=default,ou=profile...' part of the tree 
before they will rebind using proxyDN.


HTH,

Mark.

--
Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk
t: +44 870 608 0063

Sirius Labs: http://www.siriusit.co.uk/labs