This is probably trivial but I can't figure it out:
my OpenLDAP entry has an attribute of cn=My Name, an attribute of uid=myname and a password.
I can successfully log in using JXplorer using
cn=My Name,ou=people,o=my company
but not using
uid=myname,ou=people,o=my company (error code 49 - Invalid Credentials)
However searching with that dn is successful and returns 1 entry, so the uid attribute is in fact there.
Please advise how I could enable the second login method which I need for exim authentication.
Thanks!
Arne Schirmacher wrote:
This is probably trivial but I can't figure it out:
my OpenLDAP entry has an attribute of cn=My Name, an attribute of uid=myname and a password.
I can successfully log in using JXplorer using
cn=My Name,ou=people,o=my company
but not using
uid=myname,ou=people,o=my company (error code 49 - Invalid Credentials)
However searching with that dn is successful and returns 1 entry, so the uid attribute is in fact there.
You have to simply use the DN of an existing entry within a simple bind request. So if your entry looks like
dn: cn=My Name,ou=people,o=my company objectClass: inetOrgPerson cn: My Name uid: myname
you have to use cn=My Name,ou=people,o=my company as bind-DN. Most LDAP-enabled software which checks username/password with a simple bind request first searches for the entry with filter (uid=username) and then uses the DN of the entry found as bind-DN.
Ciao, Michael.
Arne Schirmacher nn4l@yahoo.de writes:
This is probably trivial but I can't figure it out:
my OpenLDAP entry has an attribute of cn=My Name, an attribute of uid=myname and a password.
I can successfully log in using JXplorer using
cn=My Name,ou=people,o=my company
but not using
uid=myname,ou=people,o=my company (error code 49 - Invalid Credentials)
However searching with that dn is successful and returns 1 entry, so the uid attribute is in fact there.
Please advise how I could enable the second login method which I need for exim authentication.
Your example is a simple bind, which requires a DN and a password, uid=myname,o=people,o=my company is not a DN. If you want to bind with the uid attribute you try a strong bind based on a sasl mechanism. For this to enable you have to enable an authz-regexp in cn=config and only allow plaintext passwords.
olcPasswordHash: {CLEARTEXT} olcAuthzRegexp: {0}"uid=(.*),cn=.*,cn=auth" "ldap:///o=my company??sub?uid=$1"
-Dieter
openldap-technical@openldap.org