[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: The problem of BINDDN/BINDPW in ldap.conf

Tianyin Xu wrote:

Hi, all,

I'm using Ubuntu 10.04 and LDAP 2.4.23. I'm having difficulty with the basic
binding.

I don't want to allow anonymous ldapsearch on the LDAP server so I specify a
dn and password for the bind. If I use the following parameters for ldapsearch
like

          ldapsearch -b "dc=ucsd,dc=edu" -D "cn=admin,dc=ucsd,dc=edu" -w 1234

This works quite fine. Then, I write the parameters into ldap.conf as follows:

-----------------ldap.conf-----------------------
BASE    dc=ucsd,dc=edu
BINDDN  cn=admin,dc=ucsd,dc=edu
BINDPW  12345
-----------------------------------------------------

Then only BASE has effect. According to the ldap.conf manual, BINDDN is a
"user-only" attribute and needs to go in ~/.ldaprc; it doesn't mention BINDPW
at all.

But searching on the web, I found several cases that used "binddn" and
"bindpw" in ldap.conf and worked successfully. So I'm quite confused for these
two directives.
Those were not OpenLDAP's ldap.conf. BINDPW isn't mentioned in OpenLDAP documentation because it does not exist in OpenLDAP. Reading non-OpenLDAP documentation and attempting to apply it to OpenLDAP software is a pretty reliable means of confusing yourself. 

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/