bijayant kumar schrieb: > Marc, > I tried it also, but no luck this time also. Also i want to > show you my /var/log/syslog also, which may be useful to rectify my problem :- > > > Aug 28 16:18:01 bijayant slapd[8302]: conn=145 fd=16 ACCEPT from > IP=127.0.0.1:49850 (IP=0.0.0.0:389) > Aug 28 16:18:01 bijayant slapd[8302]: conn=145 op=0 BIND > dn="cn=Manager,dc=kavach,dc=blr" method=128
What is it exactly, you are trying to do with dn="cn=Manager,dc=kavach,dc=blr" ? This is your ldap rootdn. It is not a unix-user. > Marc Blumentritt <[EMAIL PROTECTED]> wrote: > I looked again at your access rules in slapd.conf: try out these rules: > > > ----- > > access to attrs=userPassword,gecos,description,loginShell > by dn="uid=root,ou=people,dc=kavach,dc=blr" write > by anonymous auth > by self write > by * none > > access to * > by dn="uid=root,ou=people,dc=kavach,dc=blr" write > by users read > > ----- Next thing I just realized: in your /etc/ldap.conf you set nss_base_passwd to "ou=People,dc=kavach,dc=blr?one", while above "people" is not starting with a capital letter! Correct this and while you are at it, change the access rules to this: --- access to attrs=userPassword,gecos,description,loginShell by dn="uid=root,ou=people,dc=kavach,dc=blr" write by dn="cn=Manager,dc=kavach,dc=blr" write by anonymous auth by self write by * none access to * by dn="uid=root,ou=people,dc=kavach,dc=blr" write by dn="cn=Manager,dc=kavach,dc=blr" write by users read --- Since manager is your rootdn, he should have access to everything. In fact, do you really want a root account in your ldap? I think you do not need, so if you aggree, delete the root lines in your access rules. How to you plan to add users to ldap? I mean, which tools you use? Regards, Marc -- gentoo-user@gentoo.org mailing list
