thx, Howard!<div><br></div><div>that makes sense!<br></div><div>but if bindpw is not an OpenLDAP directive, why OpenLDAP is so quite to accept it? It should tell the configuration errors in the conf file, right? :P</div><div>
<br></div><div>btw, do you know what are those configuration files using BINDPW for? actually I&#39;m trying to reply the configuration error reported.</div><div><br></div><div>Best,</div><div>Tianyin</div><div><br></div>
<div><br><br><div class="gmail_quote">On Mon, Jan 16, 2012 at 5:42 PM, Howard Chu <span dir="ltr">&lt;<a href="mailto:hyc@symas.com">hyc@symas.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">Tianyin Xu wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi, all,<br>
<br>
I&#39;m using Ubuntu 10.04 and LDAP 2.4.23. I&#39;m having difficulty with the basic<br>
binding.<br>
<br>
I don&#39;t want to allow anonymous ldapsearch on the LDAP server so I specify a<br>
dn and password for the bind. If I use the following parameters for ldapsearch<br>
like<br>
<br>
          ldapsearch -b &quot;dc=ucsd,dc=edu&quot; -D &quot;cn=admin,dc=ucsd,dc=edu&quot; -w 1234<br>
<br>
This works quite fine. Then, I write the parameters into ldap.conf as follows:<br>
<br>
-----------------ldap.conf----<u></u>-------------------<br>
BASE    dc=ucsd,dc=edu<br>
BINDDN  cn=admin,dc=ucsd,dc=edu<br>
BINDPW  12345<br>
------------------------------<u></u>-----------------------<br>
<br>
Then only BASE has effect. According to the ldap.conf manual, BINDDN is a<br>
&quot;user-only&quot; attribute and needs to go in ~/.ldaprc; it doesn&#39;t mention BINDPW<br>
at all.<br>
<br>
But searching on the web, I found several cases that used &quot;binddn&quot; and<br>
&quot;bindpw&quot; in ldap.conf and worked successfully. So I&#39;m quite confused for these<br>
two directives.<br>
</blockquote>
<br></div>
Those were not OpenLDAP&#39;s ldap.conf. BINDPW isn&#39;t mentioned in OpenLDAP documentation because it does not exist in OpenLDAP. Reading non-OpenLDAP documentation and attempting to apply it to OpenLDAP software is a pretty reliable means of confusing yourself.<span class="HOEnZb"><font color="#888888"><br>

<br>
-- <br>
  -- Howard Chu<br>
  CTO, Symas Corp.           <a href="http://www.symas.com" target="_blank">http://www.symas.com</a><br>
  Director, Highland Sun     <a href="http://highlandsun.com/hyc/" target="_blank">http://highlandsun.com/hyc/</a><br>
  Chief Architect, OpenLDAP  <a href="http://www.openldap.org/project/" target="_blank">http://www.openldap.org/<u></u>project/</a><br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><span style="border-collapse:separate;color:rgb(0,0,0);font-family:&#39;Times New Roman&#39;;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-size:medium"><span style="color:rgb(102,102,102);font-family:arial;font-size:small">Tianyin XU,<br>
<a href="http://cseweb.ucsd.edu/%7Etixu/" target="_blank">http://cseweb.ucsd.edu/~tixu/</a></span></span><br>
</div>