Hello folks,
I think I misunderstood something, but I can't make ldapwhoami working.
Mu openldap server work perfectly I and all my users can connect using it. But whe I try to use ldapwhoami I get an error:
ldapwhoami -x -D uid=jfoucry,ou=people,dc=example,dc=com -W Enter LDAP Password: ldap_bind: Invalid credentials (49)
I am sure to use my LDAP password.
I try with -d1 to have debug, and I reach to right server.
What's going wrong?
Thanks in advance for your help, regards, Jacques
On 05/30/13 16:10 +0200, Jacques Foucry wrote:
Hello folks,
I think I misunderstood something, but I can't make ldapwhoami working.
Mu openldap server work perfectly I and all my users can connect using it. But whe I try to use ldapwhoami I get an error:
ldapwhoami -x -D uid=jfoucry,ou=people,dc=example,dc=com -W Enter LDAP Password: ldap_bind: Invalid credentials (49)
I am sure to use my LDAP password.
I try with -d1 to have debug, and I reach to right server.
What's going wrong?
Does ldapsearch work using the same credentials?
Le 30/05/2013 16:50, Dan White a écrit : Hello Dan,
Does ldapsearch work using the same credentials?
Definitely no.
It work with the rootdn:
ldapsearch -x -D cn=admin,dc=example,dc=com -W
but it did not work with a user. Sound like an acl issue.
Here is my ACL
access to attrs=userPassword by self write by dn="cn=syncuser,dc=example,dc=com" read by anonymous auth by * none
access to attrs=userPassword by self write by anonymous auth by * none
access to * by self write by * read
access to dn.base="" by * read
Jacques
On 05/31/13 15:30 +0200, Jacques Foucry wrote:
Le 30/05/2013 16:50, Dan White a écrit : Hello Dan,
Does ldapsearch work using the same credentials?
Definitely no.
It work with the rootdn:
ldapsearch -x -D cn=admin,dc=example,dc=com -W
but it did not work with a user. Sound like an acl issue.
Here is my ACL
access to attrs=userPassword by self write by dn="cn=syncuser,dc=example,dc=com" read by anonymous auth by * none
access to attrs=userPassword by self write by anonymous auth by * none
access to * by self write by * read
access to dn.base="" by * read
Try increasing your loglevel to trouble shoot an ACL issue.
Jacques Foucry wrote:
Le 30/05/2013 16:50, Dan White a écrit : Hello Dan,
Does ldapsearch work using the same credentials?
Definitely no.
It work with the rootdn:
ldapsearch -x -D cn=admin,dc=example,dc=com -W
but it did not work with a user. Sound like an acl issue.
Here is my ACL
access to attrs=userPassword by self write by dn="cn=syncuser,dc=example,dc=com" read by anonymous auth by * none
access to attrs=userPassword by self write by anonymous auth by * none
Do you really have two clauses for 'userPassword'? Why?
You can find some ACL recipes in the FAQ: http://www.openldap.org/faq/data/cache/189.html
Also see man page slapd.access(5): http://www.openldap.org/software/man.cgi?query=slapd.access
I'd just go for:
access to attrs=userPassword by self write by dn="cn=syncuser,dc=example,dc=com" read by * auth
Ciao, Michael.
Jacques Foucry wrote:
I think I misunderstood something, but I can't make ldapwhoami working.
Mu openldap server work perfectly I and all my users can connect using it. But whe I try to use ldapwhoami I get an error:
ldapwhoami -x -D uid=jfoucry,ou=people,dc=example,dc=com -W Enter LDAP Password: ldap_bind: Invalid credentials (49)
I am sure to use my LDAP password.
I try with -d1 to have debug, and I reach to right server.
What's going wrong?
Without seeing your configuration or at least seeing relevant excerpts noone can tell what's going on.
First I'd increase slapd loglevel and see whether any ACLs are in the way denying auth-level access to attribute userPassword.
Ciao, Michael.
openldap-technical@openldap.org
-
Dan White -
Jacques Foucry -
Michael Ströder