Stuart Cherrington wrote:
OK - so I tried
ldapsearch2.4 -h 10.2.250.15 -x -b 'dc=ldn,dc=sw,dc=com'
# extended LDIF
#
# LDAPv3
# base <dc=ldn,dc=sw,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
What I don't understand is 'which' object is missing?
Hi Stuart,
AIUI from reading above then the following LDAP search works:
ldapsearch2.4 -h 10.2.250.15 -x -b 'dc=ldn,dc=sw,dc=com' -D
'cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com'
whereas the following doesn't:
ldapsearch2.4 -h 10.2.250.15 -x -b 'dc=ldn,dc=sw,dc=com'
Since it appears to fail when not specifying a bind DN with -D, this
suggests to me that you have an ACL on 'dc=ldn,dc=sw,dc=com' which does
not allow access to that part of the tree for anonymous binds - hence
the "No such object" message.
For security reasons, we tend to disable anonymous binds on all our
installations; however it seems as if the Solaris libraries require
anonymous access to the 'cn=default,ou=profile...' part of the tree
before they will rebind using proxyDN.
HTH,
Mark.
--
Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk
t: +44 870 608 0063
Sirius Labs: http://www.siriusit.co.uk/labs