Hi Stef,
olcAccess: to dn.subtree="ou=People,dc=test,dc=intra" attrs=userPassword,shadowLastChange by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * auth olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=test,dc=intra" write by anonymous auth by * none
- I can see here that you somehow changed the olcRootDN in the first ACL which doesn't fit to the baseDN defined - I wouldn't use the 2nd ACL, because all neccessary is done in the first one (as far as userPassword/shadow* is only used in the people subtree)
I'll show you one example from my tree:
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=ldapadm,dc=example,dc=de" write by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=ldapadm,dc=example,dc=de" write by * read
Please check if that is going to work for you.
Bye, Benjamin.
PS: I am doing anonymous binds for logins from the AIX LDAP-Clients to the OpenLDAP-Server. Right now I am fiddling around with SSL und the keydatabases.
On Mon, Nov 15, 2010 at 13:27, Stef Coene stef.coene@docum.org wrote:
On Monday 15 November 2010, Benjamin Griese wrote:
Hello,
I just wanted to point you to the official guides from IBM howto configure your AIX ldap client, which worked fine for me, except für sudo-ldap, but that's another topic.
Section 7: http://www.redbooks.ibm.com/redbooks/pdfs/sg247165.pdf
I have read the redbook. What ldap server are you running? I'm using ubuntu server 10.04.
I think my problem is that I can not bind to the ldap server as a regular user with the ldapsearch command. I can only bind as the admin specfied as olcRootDN with password olcRootPW.
I attached the 2 ldif files I use to configure the ldap server. I hope that someone can find en error in it ....
I also noted that the userPassword entry for cn=admin,dc=axi,dc=intra is not encrypted. How can I generate an encrypted password? Can this be a {SHA} or has it to be a {SSHA}?
Stef
This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________