Hi, all,
I'm using Ubuntu 10.04 and LDAP 2.4.23. I'm having difficulty with the basic binding.
I don't want to allow anonymous ldapsearch on the LDAP server so I specify a dn and password for the bind. If I use the following parameters for ldapsearch like
ldapsearch -b "dc=ucsd,dc=edu" -D "cn=admin,dc=ucsd,dc=edu" -w 1234
This works quite fine. Then, I write the parameters into ldap.conf as follows:
-----------------ldap.conf----------------------- BASE dc=ucsd,dc=edu BINDDN cn=admin,dc=ucsd,dc=edu BINDPW 12345 -----------------------------------------------------
Then only BASE has effect. According to the ldap.conf manual, BINDDN is a "user-only" attribute and needs to go in ~/.ldaprc; it doesn't mention BINDPW at all.
But searching on the web, I found several cases that used "binddn" and "bindpw" in ldap.conf and worked successfully. So I'm quite confused for these two directives.
Could anyone explain a little bit to me on BINDDN and BINDPW?
Thanks a lot!! Tianyin
Tianyin Xu wrote:
Hi, all,
I'm using Ubuntu 10.04 and LDAP 2.4.23. I'm having difficulty with the basic binding.
I don't want to allow anonymous ldapsearch on the LDAP server so I specify a dn and password for the bind. If I use the following parameters for ldapsearch like
ldapsearch -b "dc=ucsd,dc=edu" -D "cn=admin,dc=ucsd,dc=edu" -w 1234This works quite fine. Then, I write the parameters into ldap.conf as follows:
-----------------ldap.conf----------------------- BASE dc=ucsd,dc=edu BINDDN cn=admin,dc=ucsd,dc=edu BINDPW 12345
Then only BASE has effect. According to the ldap.conf manual, BINDDN is a "user-only" attribute and needs to go in ~/.ldaprc; it doesn't mention BINDPW at all.
But searching on the web, I found several cases that used "binddn" and "bindpw" in ldap.conf and worked successfully. So I'm quite confused for these two directives.
Those were not OpenLDAP's ldap.conf. BINDPW isn't mentioned in OpenLDAP documentation because it does not exist in OpenLDAP. Reading non-OpenLDAP documentation and attempting to apply it to OpenLDAP software is a pretty reliable means of confusing yourself.
thx, Howard!
that makes sense! but if bindpw is not an OpenLDAP directive, why OpenLDAP is so quite to accept it? It should tell the configuration errors in the conf file, right? :P
btw, do you know what are those configuration files using BINDPW for? actually I'm trying to reply the configuration error reported.
Best, Tianyin
On Mon, Jan 16, 2012 at 5:42 PM, Howard Chu hyc@symas.com wrote:
Tianyin Xu wrote:
Hi, all,
I'm using Ubuntu 10.04 and LDAP 2.4.23. I'm having difficulty with the basic binding.
I don't want to allow anonymous ldapsearch on the LDAP server so I specify a dn and password for the bind. If I use the following parameters for ldapsearch like
ldapsearch -b "dc=ucsd,dc=edu" -D "cn=admin,dc=ucsd,dc=edu" -w1234
This works quite fine. Then, I write the parameters into ldap.conf as follows:
-----------------ldap.conf----**------------------- BASE dc=ucsd,dc=edu BINDDN cn=admin,dc=ucsd,dc=edu BINDPW 12345 ------------------------------**-----------------------
Then only BASE has effect. According to the ldap.conf manual, BINDDN is a "user-only" attribute and needs to go in ~/.ldaprc; it doesn't mention BINDPW at all.
But searching on the web, I found several cases that used "binddn" and "bindpw" in ldap.conf and worked successfully. So I'm quite confused for these two directives.
Those were not OpenLDAP's ldap.conf. BINDPW isn't mentioned in OpenLDAP documentation because it does not exist in OpenLDAP. Reading non-OpenLDAP documentation and attempting to apply it to OpenLDAP software is a pretty reliable means of confusing yourself.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/**project/http://www.openldap.org/project/
Am Mon, 16 Jan 2012 17:59:52 -0800 schrieb Tianyin Xu tixu@cs.ucsd.edu:
thx, Howard!
that makes sense! but if bindpw is not an OpenLDAP directive, why OpenLDAP is so quite to accept it? It should tell the configuration errors in the conf file, right? :P
btw, do you know what are those configuration files using BINDPW for? actually I'm trying to reply the configuration error reported.
It is most likely the configuration for nss_ldap, found in /etc/ldap.conf, while openLDAP clients are configured in /etc/openldap/ldap.conf.
-Dieter
openldap-technical@openldap.org
-
Dieter Klünter -
Howard Chu -
Tianyin Xu