On Wed, Feb 16, 2011 at 04:37:45PM -0200, Leonardo Carneiro wrote:
The new slapd.d was created successfully and now i can do searches anonymously. Searches like:
ldapsearch -x -h server -D cn=config -w [passwd] -b cn=config ldapsearch -x -h server -b "dc=dominio,dc=com,dc=br"
are working ok now. Unfortunally, services are not able to do the search yet. At least with the configuration that was working before the upgrade.
OK - at least you now have some control over the server.
I notice some of my services do bind as cn=root,dc=dominio,dc=com,dc=br.
That may not be best practice, but I would leave it as-is for now.
Here it is a example of the apache:
AuthBasicProvider ldap AuthName "who are you?" AuthzLDAPAuthoritative OFF AuthLDAPURL "ldap://192.168.0.2/ou=users,dc=dominio,dc=com,dc=br?uid" AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN OFF AuthLDAPBindDN "cn=root,dc=dominio,dc=com,dc=br" AuthLDAPBindPassword "[password]" Require ldap-group cn=devteam,ou=groups,dc=dominio,dc=com,dc=br
In the apache log, it just seams that the apache did bind it to ldap, but the search results were null. It should work ok know, since i can even bind anonymous, write?
That depends on what searches Apache is issuing, and what data is really in the LDAP server. One way to find out is to turn up the logging in slapd. Something like:
loglevel 768
This will cause LDAP requests and results to be logged - probably to /var/log/syslog
Andrew