Changing the login method in the server profile's general settings to a
fixed list instead of LDAP search seems to have resolved the issue.
On Thu, Jul 8, 2010 at 11:57 AM, delpheye <[email protected]> wrote:
> That makes sense to me, now that you've pointed it out. Here's my
> slapd.conf:
>
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/samba.schema
> allow bind_v2
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
> database bdb
> suffix "dc=domain,dc=com"
> rootdn "cn=root,dc=domain,dc=com"
> rootpw {SSHA}IMAPASSWORD!
> password-hash {SSHA}
> directory /var/lib/ldap
> index objectClass eq,pres
> index ou,cn,mail,surname,givenname eq,pres,sub
> index uidNumber,gidNumber,loginShell eq,pres
> index uid,memberUid eq,pres,sub
> index nisMapName,nisMapEntry eq,pres,sub
>
>
>
>
>
>
>
> On Wed, Jul 7, 2010 at 5:48 PM, Tim Rice <[email protected]> wrote:
>
>> On Wed, 7 Jul 2010, delpheye wrote:
>>
>> > Just realized I didn't reply to the list...
>> >
>> > LAM doesn't report any errors after login, and the root user is listed
>> in
>> > the Domain Admins group. So far it and nobody are the only two users in
>> > LDAP.
>>
>> The "Domain Admins group" really doesn't have anything to to with
>> OpenLDAP allowing writes to the ldap database. You've got an LDAP
>> issue not a LAM issue.
>>
>> Perhaps send your slapd.conf to the list so we can see what's going on.
>> Be sure to sanitize the password.
>>
>> > Also, I'm running LAM 2.9.0 on CentOS 5.5. I tried to install 3.0 and
>> 3.1,
>> > but there were pcre compatibility issues that I couldn't resolve.
>> >
>> > On Wed, Jul 7, 2010 at 12:54 PM, Roland Gruber <[email protected]>
>> wrote:
>> >
>> > > Am 07.07.2010 18:31, schrieb delpheye:
>> > > > Whenever I try to save a new user in LAM, it returns "Insufficient
>> > > access."
>> > > > The server logs say:
>> > > >
>> > > > ERROR: [uid=root,ou=Users,dc=domain,dc=com] Unable to create DN:
>> > > > uid=testuser,ou=Users,dc=domain,dc=com (Insufficient access).
>> > > >
>> > > > However I can add users manually with smbldap-useradd. I've looked
>> at
>> > > ldap
>> > > > and LAM directory permissions and they're both correct(ldap and
>> apache,
>> > > > respectively).
>> > >
>> > > insufficient access usually means that either the LDAP user that you
>> use
>> > > for LAM is not the admin or that you try to create entries in
>> > > non-existing parts of the LDAP tree.
>> > > Does LAM report any missing suffixes after login? Is
>> "dc=domain,dc=com"
>> > > your right LDAP suffix?
>> > >
>> > > - --
>> > >
>> > > Best regards
>> > >
>> > > Roland Gruber
>>
>> --
>> Tim Rice Multitalents (707) 887-1469
>> [email protected]
>>
>>
>>
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
