|
Hello, I have a working openLDAP server version 2.3.43. My configuration there works : the correct users have the correct access. I have set up a new openLDAP-server with newer version 2.3.43. I have no working openLDAP on version 2.3.43. I have tried with the new syntax and with the command /usr/sbin/slaptest -f /etc/openldap/slapd.conf -v to use the build in converion tool, but I always got : ldap_bind: Invalid credentials (49) So I forgot this conversion and continued with the "old" slapd.conf file. But in this configuration (which is just a copy/paste of my openLDAP 2.3.43) no user can query the LDAP entries. So this is the setup : I have a user : cn=U101001,ou=101001,dc=mydomain This user is member of the group : cn=tbook1,ou=gebruikers,ou=101001,dc=mydomain These members can read entries in the tree : ou=tbook1,ou=contacten,ou=101001,dc=mydomain I have in slapd.conf : access to dn. by group.exact="cn=admins,ou=101001,dc=mydomain" write by group.exact="cn=tbook1,ou=gebruikers,ou=101001,dc=mydomain" read This user cn=U101001,ou=101001,dc=mydomain really exists (if you should doubt) : # extended LDIF # # LDAPv3 # base <cn=U101001,ou=101001,dc=mydomain> with scope subtree # filter: (objectclass=*) # requesting: ALL # # U101001, 101001, mydomain dn: cn=U101001,ou=101001,dc=mydomain cn: U101001 sn: U101001 objectClass: inetOrgPerson objectClass: top userPassword:: e1NTSEF9OVBTNmltR3ZpUEhzK1JRQVpickNVdVR5cS9Iejg5TzY= # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 The group cn=tbook1,ou=gebruikers,ou=101001,dc=mydomain also really exists (if you should doubt) : # tbook1, gebruikers, 101001, mydomain dn: cn=tbook1,ou=gebruikers,ou=101001,dc=mydomain cn: tbook1 member: cn=U101001,ou=101001,dc=mydomain objectClass: groupOfNames objectClass: top # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 When I query the LDAP-tree ou=tbook1,ou=contacten,ou=101001,dc=mydomain with my root-account (cn=Manager,dc=mydomain), the I get results : [root@ldap1 ]# ldapsearch -x -D 'cn=Manager,dc=mydomain' -b "ou=tbook1,ou=contacten,ou=101001,dc=mydomain" -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <ou=tbook1,ou=contacten,ou=101001,dc=mydomain> with scope subtree # filter: (objectclass=*) # requesting: ALL # # tbook1, contacten, 101001, mydomain dn: ou=tbook1,ou=contacten,ou=101001,dc=mydomain ou: tbook1 objectClass: organizationalUnit objectClass: top ...<cut>... # search result search: 2 result: 0 Success # numResponses: 5 # numEntries: 4 But when I query this same LDAP-tree with my user cn=U101001,ou=101001,dc=mydomain, I get : [root@ldap1 openldap]# ldapsearch -x -D 'cn=U101001,ou=101001,dc=mydomain' -b "dc=mydomain" -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=mydomain> with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object # numResponses: 1 I also have phpLDAPadmin installed and there I see that there are definitely enries in the LDAP-directory ou=tbook1,ou=contacten,ou=101001,dc=mydomain. So why does my user cn=U101001,ou=101001,dc=mydomain fails to get results ?? Kind regards, Jonas. |