Am Tue, 6 Apr 2010 13:28:27 -0500 schrieb Marcelo de Moraes Serpa <[email protected]>:
> Hello list, > > I have a local OpenLDAP server with a couple of users. I'm using it > for development purposes, here's the ldif: > > #Top level - the organization > dn: dc=site, dc=com > dc: site > description: OneLogin LLC > objectClass: dcObject > objectClass: organization > o: OneLogin LLC > > #Top level - manager > dn: cn=Manager, dc=site, dc=com > objectClass: organizationalRole > cn: Manager > > #Second level - organizational units > dn: ou=people, dc=site, dc=com > ou: people > description: All people in the organization > objectClass: organizationalunit > > dn: ou=groups, dc=site, dc=com > ou: groups > description: All groups in the organization > objectClass: organizationalunit > > #Third level - people > dn: uid=celoserpa, ou=people, dc=site, dc=com > objectclass: pilotPerson > objectclass: uidObject > uid: celoserpa > cn: Marcelo de Moraes Serpa > sn: de Moraes Serpa > userPassword: secret_12345 > mail: [email protected] > > So far, so good. I can bind with "cn=Manager,dc=site,dc=com" and the > 12345678 password (the local server password, setup on slapd.conf). > > However, I would like to bind with any user in under the people OU. > In this case, I'd like to bind with: > dn: uid=celoserpa, ou=people, dc=site, dc=com > userPassword: secret_12345 > > But I'm getting a (49) - Invalid Credentials error everytime. I have > tried through CLI tools (such as ldapadd, ldapwhoami, etc) and also > ruby/ldap. The bind with these credentials fails with a invalid > credentials error. > > I was suspecting that maybe OpenLDAP doesn't compare against > userPassword? Or maybe some ACL configuration I am missing that is > somehow affecting the read access to userPassword for the specific DN. > > I'm really lost here, any suggestion appreciated! You may run slapd in debugging mode, that is slapd(8) -dacl -Dieter -- Dieter Klünter | Systemberatung sip: +49.40.20932173 http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
