On Fri, Aug 31, 2018 at 11:33:59AM -0700, Quanah Gibson-Mount wrote:
This has nothing to do with ACLs. You failed to even bind to the
server. This means that either:
(a) The user DN provided to the -D option does not exist on the ldapserver
(b) you provided the wrong password for the user
So this apparently boils down to something wrong with how I created the new
account. No idea why I could bind w/ADS but not ldapsearch, but anyway:
When I added an ACL for *my* user account to be able to read everything,
and bound using MY account and password (instead of the new account),
EVERYTHING works as expected - full access to other user's password hashes,
but no ability to make changes.
So I just need to figure out what went wrong there and fix it, and that's
all on my end.
Thanks again everyone for your help.
Houston, Texas USA