Dear gentleman,
i have installed and configured a fully environment containg debian, openldap, cyrus-sasl and bdb. I am facing a curious problem in my environment:
With a ldif file i had inserted a set of user (replacing nis with openldap). When i perform a ldapsearch on the tree whe field userPassword is not shown (or it was not added when importing with ldapadd).
Did anybody already face such scenario? I am losing my hairs ....
Thanks a lot for your time and cooperation.
Best regards.
John Nietzsche wrote:
Dear gentleman,
i have installed and configured a fully environment containg debian, openldap, cyrus-sasl and bdb. I am facing a curious problem in my environment:
With a ldif file i had inserted a set of user (replacing nis with openldap). When i perform a ldapsearch on the tree whe field userPassword is not shown (or it was not added when importing with ldapadd).
Did anybody already face such scenario? I am losing my hairs ....
Chances are that a rather standard ACL blocks anyone from reading the userPassword attribute. Try doing an ldapsearch while authenticated as your admin user instead.
Also, the command "slapcat" (run as root or as the openldap user account) will give you a complete dump of the database, with no access lists filtering out certain information.
Please take the time to read the slapd.conf configuration file, pretty much is documented there (including the ACLs).
Thank you, you were to the point.
Best regards.
On Sat, Nov 1, 2008 at 7:15 PM, Bjørn Ruberg bjorn@ruberg.no wrote:
John Nietzsche wrote:
Dear gentleman,
i have installed and configured a fully environment containg debian, openldap, cyrus-sasl and bdb. I am facing a curious problem in my environment:
With a ldif file i had inserted a set of user (replacing nis with openldap). When i perform a ldapsearch on the tree whe field userPassword is not shown (or it was not added when importing with ldapadd).
Did anybody already face such scenario? I am losing my hairs ....
Chances are that a rather standard ACL blocks anyone from reading the userPassword attribute. Try doing an ldapsearch while authenticated as your admin user instead.
Also, the command "slapcat" (run as root or as the openldap user account) will give you a complete dump of the database, with no access lists filtering out certain information.
Please take the time to read the slapd.conf configuration file, pretty much is documented there (including the ACLs).
-- Bjørn
openldap-software@openldap.org
-
Bjørn Ruberg -
John Nietzsche