Earlier thread:
Tianyin Xu asked, Howard Chu answered:
... This works quite fine. Then, I write the parameters into ldap.conf as follows: -----------------ldap.conf----------------------- BASE dc=ucsd,dc=edu BINDDN cn=admin,dc=ucsd,dc=edu BINDPW 12345 ----------------------------------------------------- Then only BASE has effect. According to the ldap.conf manual, BINDDN is a ...Those were not OpenLDAP's ldap.conf. BINDPW isn't mentioned in OpenLDAP documentation because it does not exist in OpenLDAP. Reading non-OpenLDAP documentation and attempting to apply it to OpenLDAP software is a pretty reliable means of confusing yourself.
My question:
It has been clearly stated, that BINDPW cannot be used in ldaprc (at least in the case of openldap).
But it is definitely stated in the manpage of ldap.conf, that BINDDN is a legal user-only option of openldap. My ldaprc says:
BASE ou=madas,dc=something BINDDN cn=admin,dc=something TLS_REQCERT allow URI ldaps://ip1.ip2.ip3.ip4
BASE and URI has its effect, BINDDN has not. Did I make a mistake?
Thank you in advance.
man ldap.conf:
...
AUTHOR Kurt Zeilenga, The OpenLDAP Project
ACKNOWLEDGEMENTS OpenLDAP Software is developed and maintained by The OpenLDAP Project http://www.openldap.org/. OpenLDAP Software is derived from University of Michigan LDAP 3.3 Release.
OpenLDAP 2011/11/24 LDAP.CONF(5)
...
On 05/01/13 11:52 +0200, Madas Pál wrote:
Earlier thread:
Tianyin Xu asked, Howard Chu answered:
...
This works quite fine. Then, I write the parameters into ldap.conf as follows:
Then only BASE has effect. According to the ldap.conf manual, BINDDN is a
Those were not OpenLDAP's ldap.conf. BINDPW isn't mentioned in OpenLDAP documentation because it does not exist in OpenLDAP. Reading non-OpenLDAP documentation and attempting to apply it to OpenLDAP software is a pretty reliable means of confusing yourself.
My question:
It has been clearly stated, that BINDPW cannot be used in ldaprc (at least in the case of openldap).
But it is definitely stated in the manpage of ldap.conf, that BINDDN is a legal user-only option of openldap. My ldaprc says:
BASE ou=madas,dc=something BINDDN cn=admin,dc=something TLS_REQCERT allow URI ldaps://ip1.ip2.ip3.ip4
BASE and URI has its effect, BINDDN has not. Did I make a mistake?
I don't recall the detail of the original thread, and your usage case, but this works for me:
cd `mktemp -d`
cat > ldaprc << EOF BASE uid=user@example.net,ou=people,dc=example,dc=net BINDDN uid=user@example.net,ou=people,dc=example,dc=net URI ldap://ldap.example.net EOF
ldapwhoami -x -W Enter LDAP Password: dn:uid=user@example.net,ou=people,dc=example,dc=net
Adding a '-d -1' option to your command, or enabling a debugging level in your ldap client software may provide help in resolving this problem.
openldap-technical@openldap.org
-
Dan White -
Madas Pál