Re: Bind using a user other than organizationalRole user

On Tue, 2010-04-06 at 13:28 -0500, Marcelo de Moraes Serpa wrote:

Or maybe some ACL configuration I am missing that is somehow affecting the read access to userPassword for the specific DN.

I'd bet this is the case.

In general: if you haven't explicitly defined an ACL, OpenLDAP is configured to allow anonymous reads -- this is *not* sufficient to auth. You will want to allow anonymous auth to the appropriate DNs.

Use ACL debugging (olcLogLevel 128) to verify. Also, slapacl is a useful tool you can use to verify your ACL setup.

Some worked ACL examples can be found here: http://www.zytrax.com/books/ldap/ch6/#access