Re: The problem of BINDDN/BINDPW in ldap.conf

[Tianyin Xu <tixu@cs.ucsd.edu>]

thx, Howard!

that makes sense!

but if bindpw is not an OpenLDAP directive, why OpenLDAP is so quite to accept it? It should tell the configuration errors in the conf file, right? :P

btw, do you know what are those configuration files using BINDPW for? actually I'm trying to reply the configuration error reported.

Best,

Tianyin

On Mon, Jan 16, 2012 at 5:42 PM, Howard Chu <hyc@symas.com> wrote:

Tianyin Xu wrote:

Hi, all,

I'm using Ubuntu 10.04 and LDAP 2.4.23. I'm having difficulty with the basic
binding.

I don't want to allow anonymous ldapsearch on the LDAP server so I specify a
dn and password for the bind. If I use the following parameters for ldapsearch
like

         ldapsearch -b "dc=ucsd,dc=edu" -D "cn=admin,dc=ucsd,dc=edu" -w 1234

This works quite fine. Then, I write the parameters into ldap.conf as follows:

-----------------ldap.conf-----------------------
BASE    dc=ucsd,dc=edu
BINDDN  cn=admin,dc=ucsd,dc=edu
BINDPW  12345
-----------------------------------------------------

Then only BASE has effect. According to the ldap.conf manual, BINDDN is a
"user-only" attribute and needs to go in ~/.ldaprc; it doesn't mention BINDPW
at all.

But searching on the web, I found several cases that used "binddn" and
"bindpw" in ldap.conf and worked successfully. So I'm quite confused for these
two directives.

Those were not OpenLDAP's ldap.conf. BINDPW isn't mentioned in OpenLDAP documentation because it does not exist in OpenLDAP. Reading non-OpenLDAP documentation and attempting to apply it to OpenLDAP software is a pretty reliable means of confusing yourself.

--
 -- Howard Chu
 CTO, Symas Corp.           http://www.symas.com
 Director, Highland Sun     http://highlandsun.com/hyc/
 Chief Architect, OpenLDAP  http://www.openldap.org/project/

--
Tianyin XU,
http://cseweb.ucsd.edu/~tixu/