I just set up OpenLDAP authentication on ubuntu linux. Linux authenticates against the LDAP database just fine.
The only thing that seems odd is trying to bind to the ldap server using the following search
ldapsearch -x -h localhost -b "dc=private,dc=biz" -D "uid=someuser,ou=people,dc=private,dc=biz" -w xxxxxx uid=anotheruser
ldap_bind: Invalid credentials (49)
But if I try the search using the cn, instead of uid, i can bind just fine:
ldapsearch -x -h localhost -b "dc=private,dc=biz" -D "cn=Some User,ou=people,dc=private,dc=biz" -w xxxxxx uid=anotheruser # extended LDIF # # LDAPv3 # base <dc=private,dc=biz> with scope subtree # filter: uid=Beth # requesting: ALL
......
I am trying to figure out why I can not bind using uid? Any ideas?
I can provide more information if needed.
Thanks,
Randall
Hello,
Svancara, Randall wrote:
I just set up OpenLDAP authentication on ubuntu linux. Linux authenticates against the LDAP database just fine.
[ bind with dn: cn=... works while bind with dn: uid=... doesn't work. ]
I am trying to figure out why I can not bind using uid? Any ideas?
Simple: The entry you are authenticating with has the dn "cn=..." and you can only bind with the dn, not with any attribute of an entry.
If have an application where uid is given for authentication you first have to search the directory (presumably authenticated as a different dn) for the dn of the entry containing that uid. Then you can bind with the dn found and the password submitted.
And "linux" (you probably mean some combination of pam_ldap and nss_ldap) does just that.
bye Christian
openldap-software@openldap.org