Bruno Lamps lampss@gmail.com writes:
Hi,
Thanks Dieter Kluenter and Buchan Milne for answering to this, and everyone else that is reading this topic. =D
It seems your ACLs are not sufficient for *any* simple binds to this DN. Please test the following on your LDAP server: $ ldapwhoami -x -D uid=lamps,ou=usuarios,dc=pisolar -W Until this command works, please don't bother with anything related to squid.
Right, this command isn't working for any user, except cn=admin,dc=pisolar. I'm struggling with /etc/ldap/slapd.conf, to solve this. I probably tried to make the ACLs a bit too tight, and now they're choking me. =p
Did you ever test simple binds to your LDAP server as these users except from squid? It doesn't seem like it ...
I use this ldap base to authenticate my GLPI () system. But I think GLPI just grab all my base, using the ldap admin password, and transports it to it's mysql database. =/
I'm currently testing different ACLs in /etc/ldap/slapd.conf. Right now, these are the rules:
access to * by dn="cn=admin,dc=pisolar" write #by anonymous none #by self none by * read
access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=pisolar" write by anonymous auth by self write by * none
access to dn.base="" by * read
What kind of mistake am I doing there? =S
man slapd.access(5) http://www.openldap.org/doc/admin24/access-control.html http://www.openldap.org/faq/data/cache/189.html
-Dieter