Obviously there is something that I don't understand because I would expect to be able to bind using CN as well as UID attribute...
version: 2.4.21-0ubuntu5.5
***** this as you can see works ***** # ldapsearch -x -D 'uid=cwhite,ou=people,dc=ttinet,dc=local' -W '(uid=cwhite)' uid, cn Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=ttinet,dc=local> (default) with scope subtree # filter: (uid=cwhite) # requesting: uid, cn #
# cwhite, people, ttinet.local dn: uid=cwhite,ou=people,dc=ttinet,dc=local cn: Craig White
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
***** same as above but using cn instead of uid ***** # ldapsearch -x -D 'cn=Craig White,ou=people,dc=ttinet,dc=local' -W '(uid=cwhite)' uid, cn Enter LDAP Password: ldap_bind: Invalid credentials (49)
I have to believe that if this is an ACL issue, then the very first rule is the problem...
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn.exact="uid=administ rator,ou=people,dc=ttinet,dc=local" write by self write by anonymous auth by * none
What is it that I am missing?
--On Thursday, October 06, 2011 9:50 AM -0700 Craig White craig.white@ttiltd.com wrote:
# cwhite, people, ttinet.local dn: uid=cwhite,ou=people,dc=ttinet,dc=local cn: Craig White
# ldapsearch -x -D 'cn=Craig White,ou=people,dc=ttinet,dc=local' -W What is it that I am missing?
An understanding of LDAP. -D specifies the entry DN. "cn=Craig White,ou=people,dc=ttinet,dc=local" is clearly NOT the DN of the entry as your own search results from the first bind show you.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
On Thu, Oct 6, 2011 at 9:50 AM, Craig White craig.white@ttiltd.com wrote:
Obviously there is something that I don't understand because I would expect to be able to bind using CN as well as UID attribute...
version: 2.4.21-0ubuntu5.5
***** this as you can see works ***** # ldapsearch -x -D 'uid=cwhite,ou=people,dc=ttinet,dc=local' -W '(uid=cwhite)' uid, cn Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=ttinet,dc=local> (default) with scope subtree # filter: (uid=cwhite) # requesting: uid, cn #
# cwhite, people, ttinet.local dn: uid=cwhite,ou=people,dc=ttinet,dc=local cn: Craig White
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
***** same as above but using cn instead of uid ***** # ldapsearch -x -D 'cn=Craig White,ou=people,dc=ttinet,dc=local' -W '(uid=cwhite)' uid, cn Enter LDAP Password: ldap_bind: Invalid credentials (49)
I have to believe that if this is an ACL issue, then the very first rule is the problem...
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn.exact="uid=administ rator,ou=people,dc=ttinet,dc=local" write by self write by anonymous auth by * none
What is it that I am missing?
-- Craig White ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ craig.white@ttiltd.com 1.800.869.6908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ www.ttiassessments.com
Need help communicating between generations at work to achieve your desired success? Let us help!
I guess it not matter of CN or UID, you can only bind using DN and a valid
password. The key is DN, your can search DN using any attribute and then do the bind using DN.
On Oct 7, 2011, at 11:58 AM, sim123 wrote:
On Thu, Oct 6, 2011 at 9:50 AM, Craig White craig.white@ttiltd.com wrote: Obviously there is something that I don't understand because I would expect to be able to bind using CN as well as UID attribute...
version: 2.4.21-0ubuntu5.5
***** this as you can see works ***** # ldapsearch -x -D 'uid=cwhite,ou=people,dc=ttinet,dc=local' -W '(uid=cwhite)' uid, cn Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=ttinet,dc=local> (default) with scope subtree # filter: (uid=cwhite) # requesting: uid, cn #
# cwhite, people, ttinet.local dn: uid=cwhite,ou=people,dc=ttinet,dc=local cn: Craig White
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
***** same as above but using cn instead of uid ***** # ldapsearch -x -D 'cn=Craig White,ou=people,dc=ttinet,dc=local' -W '(uid=cwhite)' uid, cn Enter LDAP Password: ldap_bind: Invalid credentials (49)
I have to believe that if this is an ACL issue, then the very first rule is the problem...
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn.exact="uid=administ rator,ou=people,dc=ttinet,dc=local" write by self write by anonymous auth by * none
What is it that I am missing?
I guess it not matter of CN or UID, you can only bind using DN and a valid password. The key is DN, your can search DN using any attribute and then do the bind using DN.
---- Thanks (also Quanah) for the clue stick.
My issue is that I am dealing with SuperMicro IPMI (embedded BMC) and it is mostly not configurable and uses CN to bind so I am left with only options at the LDAP server level so I gather that this is going to require some type of overlay.
Craig
Craig White writes:
Obviously there is something that I don't understand because I would expect to be able to bind using CN as well as UID attribute...
You are not binding with either CN or UID, you are binding with the DN (Distinguished Name) of your entry:
# ldapsearch -x -D 'uid=cwhite,ou=people,dc=ttinet,dc=local' -W '(uid=cwhite)' uid, cn (...) # cwhite, people, ttinet.local dn: uid=cwhite,ou=people,dc=ttinet,dc=local cn: Craig White
Sure, your DN contains the uid since you (or your admin) picked the uid for naming your entry when it was created. Unlike your cn. See
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol#Directory...
openldap-technical@openldap.org
-
Craig White -
Hallvard B Furuseth -
Quanah Gibson-Mount -
sim123