Good point. (I sent these in a follow on post that hasn't shown up yet I'm also having an issue with reloading a slapd .ldif file from the previous server to this one. It's giving me an 'insufficient privileges' access area and telling me I don't have permissions to the parent. So.... I really need to figure this out.... I've done this quite a few times and now I'm having an issue.) I have to assume that I don't have access to example.com or it's children. I just don't understand what I'm missing. TY! P.
Ldap.conf:
BASE dc=example,dc=com Slapd.conf:
access to attrs=userPassword by self write by anonymous auth by dn="uid=syncuser,dc=hq,dc=example,dc=com" read by * compare access to attrs=sambaLMPassword,sambaNTPassword by dn="uid=syncuser,dc=hq,dc=example,dc=com" read by * none access to * by self write by * read
access to dn.subtree="dc=hq,dc=example,dc=com" by self write by set="[cn=itlevel1,ou=Groups,dc=hq,dc=example,dc=com]/member* & user" write by set="[cn=ntadmins,ou=Groups,dc=hq,dc=example,dc=com]/member* & user" write by * break
authz-regexp "gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=root,dc=hq,dc=example,dc=com"
database mdb suffix "dc=hq,dc=example,dc=com" rootdn "cn=root,dc=hq,dc=example,dc=com"
On Tuesday, September 10, 2019, 2:13:01 AM EDT, Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
Paul Pathiakis pathiaki2@yahoo.com schrieb am 09.09.2019 um 16:38 in
Nachricht 337690294.4382558.1568039882472@mail.yahoo.com:
Hi, I am trying to figure out all the various passwords and access controls. I seem unable to get my previously documented systems/configurations to work. I understand that slaptest is supposed to convert my slapd.conf to a new configuration and everything should be fine going forward. However, I'm having various password and access issues. Basically, I use my ldap.conf file and everything seems good. I start slapd and it works fine. I perform an ldap search and everything seems fine as it returns my domain. After that, I try to import my memberof.ldif file and it gives me an access issue. ldapadd -f /etc/openldap/memberof.ldif -v -D "cn=config" -H ldap://192.168.2.113 -W -c
dn: cn=module,cn=config cn: module objectClass: olcModuleList objectclass: top olcModuleLoad: memberof.la olcModulePath: /usr/lib64/openldap
dn: olcOverlay=memberof,olcDatabase={0}config,cn=config objectclass: olcconfig objectclass: olcMemberOf objectclass: olcoverlayconfig objectclass: top olcoverlay: memberof
ldap_initialize( ldap://192.168.2.113:389/??base ) Enter LDAP Password: ldap_bind: Invalid credentials (49)
Obviously, that's a password problem. My question is why? What step did I miss in my documentation?
Hard to say without knowing your ACL rules.
Thank you! P.