Chris Jacobs wrote:
You need to specify a DN (that has at least read access).
It could be a DN within the scope of the server, or root/manager/etc DN's specified
in your slapd.conf (which would give you write access).
For example, use the rootdn entry from your slapd.conf:
Remember: You /may/ have several accounts with the same name in your LDAP tree - so you
need to specify /exactly/ which one.
For example, in our implementation, we have subtrees used for authentication for specific
systems - and there are CN's that are the same between them and the 'default'
user branches. If someone who should have rights to one of the subtrees wants to connect,
then can - but they have to specify a DN they know the creds to, and the Base DN they want
to use as a Base:
Base DN: dc=dev,dc=subtree,dc=example,dc=net
That DN is granted full rights to the tree based at 'Base DN'.
It might seem annoying, but 'root' doesn't mean anything specific. Use the
[mailto:openldap-technical-bounces+chris.jacobs=apollogrp.edu@OpenLDAP.org] On Behalf Of
Sent: Monday, June 21, 2010 6:42 AM
Subject: What DN (user name) I should use for connecting to ldap server?
I have ldap server started up in freebsd.
I tried to test it with Apache Directory Studio.
When I open a New Connection in the Studio, it asks for User name.
I entered "root" as user name, then go for the connection...
However I got following error message in ldap log file:
Jun 21 23:14:51 hometest slapd: conn=1005 fd=11 ACCEPT from IP=192.168.1.100:57297
Jun 21 23:14:51 hometest slapd: conn=1005 op=0 do_bind: invalid dn (root)
Jun 21 23:14:51 hometest slapd: conn=1005 op=0 RESULT tag=97 err=34 text=invalid
Jun 21 23:14:51 hometest slapd: conn=1005 fd=11 closed (connection lost)
What value of DN I should enter in the ldap browser (Apache Directory Studio) in order to
connect to the ldap server?
I have ldap listening to the following ports:
hometest:openldap # netstat -an | egrep '389|636'
tcp4 0 0 192.168.1.20.636 *.* LISTEN
tcp4 0 0 192.168.1.20.389 *.* LISTEN
Your help is much appreciated
This message is private and confidential. If you have received it in error, please notify
the sender and remove it from your system.
that works, I use cn=Manager,dc=ip6,dc=com,dc=au as defined in my
thanks for everyone's great help.