Try:
access to attrs=userPassword by dn="uid=root,ou=People,o=M1,c=GB" write by self write by anonymous auth by * none
access to * by self write by users read by anonymous auth
-----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Dieter Kluenter Sent: Thursday, December 30, 2010 7:56 AM To: openldap-technical@openldap.org Subject: Re: invalid credentials (49) for normal user
Am Thu, 30 Dec 2010 15:14:34 +0000 schrieb rui guideveloper@gmail.com:
Hi,
This is the output after doing "-d 128" http://pastebin.com/6Jb9j7F7
my latest slapd.conf is this: ########################################################################### # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema
####################################################################### # bdb database definitions ####################################################################### database bdb suffix "o=M1,c=GB" rootdn "uid=root,ou=People,o=M1,c=GB" rootpw test123 directory /var/lib/ldap
# Indices to maintain index objectClass,uid,uidNumber,gidNumber eq index cn,mail,surname,givenname eq,subinitial
## logging. #loglevel acl
access to attrs=userPassword by self write by dn="uid=root,ou=People,o=M1,c=GB" write by * auth
access to * by self write by users read by anonymous auth
The warnings in the debugging output (no by clauses specified) should have raised your attention. The way access rules are written, is bogus. Access rules have to be put on a single line, but this line may have continuations. The manual page slapd.access(5) and the admin guide http://www.openldap.org/doc/admin24/access-control.html give a good idea on how access rules should be written.
-Dieter
-- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.