Re: pam_ldap issues

Tue, 03 Jul 2007 14:46:19 -0700 

I have a very similar setting on 6.1
Maybe you have an ACL problem (see below).
What does the following command give?
ldapsearch -x -D "cn=testuser,ou=people,dc=interne,dc=example,dc=org" -W

> </usr/local/etc/ldap.conf>
> base dc=interne,dc=example,dc=org
> uri ldap://127.0.0.1:389/
>
> logdir /var/log/ldap
> #debug 256
>
> timeout 5
> bind_timeout 5
> bind_policy soft
>
> rootbinddn cn=Manager,dc=interne,dc=example,dc=org
BTW I think you can remove this one
>
> nss_base_passwd ou=people,dc=interne,dc=example,dc=org?one
> nss_base_group ou=groups,dc=interne,dc=example,dc=org?one
> </usr/local/etc/ldap.conf>

>
> </usr/local/etc/openldap/slapd.conf>
> include               /usr/local/etc/openldap/schema/core.schema
> include               /usr/local/etc/openldap/schema/cosine.schema
> include               /usr/local/etc/openldap/schema/inetorgperson.schema
> include               /usr/local/etc/openldap/schema/nis.schema
> include               /usr/local/etc/openldap/schema/samba.schema
>
> pidfile               /var/run/openldap/slapd.pid
> argsfile      /var/run/openldap/slapd.args
>
> modulepath    /usr/local/libexec/openldap
> moduleload    back_bdb
>
> access to dn.base=""
>               by self write
>               by * auth
>
> access to attrs=userPassword
>               by self write
>               by * auth
Replace this one with
                by anonymous auth
>
> access to attrs=shadowLastChange
>               by self write
>               by * auth
>
> access to *
>               by * read
>               by anonymous auth
I think you sould also remove all the other above lines containing auth.
>
> schemacheck   on
> idletimeout   30
> backend               bdb
> database      bdb
>
> suffix                "dc=interne, dc=example, dc=org"
> rootdn                "cn=Manager, dc=interne, dc=example, dc=org"
>
> rootpw                password
>
> checkpoint    1024 5
> cachesize     10000
>
> directory     /var/db/openldap-data
>
> # Indices to maintain
> index objectClass             eq
> index cn                      pres,sub,eq
> index sn                      pres,sub,eq
> index uid                     pres,sub,eq
> index displayName             pres,sub,eq
> index uidNumber               eq
> index gidNumber               eq
> index memberUID               eq
> index sambaSID                eq
> index sambaPrimaryGroupSID    eq
> index sambaDomainName         eq
> index default                 sub
> </usr/local/etc/openldap/slapd.conf>

HTH,
Thierry.

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to