[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: bind using CN instead of UID
On Oct 7, 2011, at 11:58 AM, sim123 wrote:
>
>
> On Thu, Oct 6, 2011 at 9:50 AM, Craig White <craig.white@ttiltd.com> wrote:
> Obviously there is something that I don't understand because I would expect to be able to bind using CN as well as UID attribute...
>
> version: 2.4.21-0ubuntu5.5
>
> ***** this as you can see works *****
> # ldapsearch -x -D 'uid=cwhite,ou=people,dc=ttinet,dc=local' -W '(uid=cwhite)' uid, cn
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=ttinet,dc=local> (default) with scope subtree
> # filter: (uid=cwhite)
> # requesting: uid, cn
> #
>
> # cwhite, people, ttinet.local
> dn: uid=cwhite,ou=people,dc=ttinet,dc=local
> cn: Craig White
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> ***** same as above but using cn instead of uid *****
> # ldapsearch -x -D 'cn=Craig White,ou=people,dc=ttinet,dc=local' -W '(uid=cwhite)' uid, cn
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> I have to believe that if this is an ACL issue, then the very first rule is the problem...
>
> olcAccess: {0}to attrs=userPassword,shadowLastChange by dn.exact="uid=administ
> rator,ou=people,dc=ttinet,dc=local" write by self write by anonymous auth
> by * none
>
> What is it that I am missing?
>
> I guess it not matter of CN or UID, you can only bind using DN and a valid password. The key is DN, your can search DN using any attribute and then do the bind using DN.
----
Thanks (also Quanah) for the clue stick.
My issue is that I am dealing with SuperMicro IPMI (embedded BMC) and it is mostly not configurable and uses CN to bind so I am left with only options at the LDAP server level so I gather that this is going to require some type of overlay.
Craig