No need to be sorry...Is that the only ACL you have in the slapd.conf file? The one that says until you authenticate you can't have access to anything. The one that would prevent you from ever being able to authenticate as anything other than the rootdn?
Frank On 8/14/06 11:03 AM, Brian Woods wrote:
Yeah. I did. 1 letter. Sorry. On Aug 14, 2006, at 9:56 AM, Francis Swasey wrote:Brian,I don't know about you, but I find the userPassword of {c2ypt}418llIS/0PwL. (which is what the base64 string you posted decodes as) to be a little suspect.I don't know what the c2ypt method is -- or did you obfuscate that password?On 8/14/06 10:45 AM, Brian Woods wrote:Yes, there is. Here is a sample user to look at plus part of the slapd.conf with the ACL.Here is a sample user: --------------------------------------------------- dn: uid=first.last,o=Organization uid: first.last uidNumber: 51216 creatorName: joshua.jackson createTime: 200608041732Z structuralObjectClass: caseRecord entryUUID: 337ce902-b854-102a-8915-ab9b99587a82 creatorsName: cn=admin,o=Organization createTimestamp: 20060804222747Z objectClass: caseUser objectClass: faculty objectClass: posixAccount objectClass: sambaAccount objectClass: BGIUser objectClass: caseRecord userPassword:: e2MyeXB0fTQxOGxsSVMvMFB3TC4= lmPassword: B4942B3EED537F1E1D71060D896B7A46 ntPassword: 6A223CDEE99D3DFC2C0B20D230E4DDAC sn: Last givenName: First gender: M gidNumber: 123456 loginShell: /bin/false email: [EMAIL PROTECTED] homeDirectory: /Volumes/HomeDir cn: First Last rid: 1 entryCSN: 20060804222844Z#000001#00#000000 modifiersName: cn=admin,o=Organization modifyTimestamp: 20060804222844Z ....portion of slapd.conf ------------------------------------------------------ access to * by self write by users read by * none SIZELIMIT 2000 allow bind_v2 database bdb suffix "o=Organization" rootdn "cn=admin,o=Organization" rootpw xxxxx directory /var/openldap # Indices to maintain index objectClass eq index uid sub index uidNumber eq index attrName eq index objName eq index sessionID eq On Aug 14, 2006, at 9:27 AM, Adam Tauno Williams wrote:On Mon, 2006-08-14 at 09:16 -0500, Brian Woods wrote:I am trying to authenticate users, I am unable to bind using the uid in the dn... # ldapsearch -x -D "uid=user,o=organization" -w pass ldap_bind: Invalid credentials (49)Does "uid=user,o=organization" actually exist?I am sure the password is correct. If i use the rootdn, it works. If anyone could help me here. Would be appreciated.---You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.---You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.--Frank Swasey | http://www.uvm.edu/~fcs Sr Systems Administrator | Always remember: You are UNIQUE, University of Vermont | just like everyone else. "I am not young enough to know everything." - Oscar Wilde (1854-1900)--- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED]To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
-- Frank Swasey | http://www.uvm.edu/~fcs Sr Systems Administrator | Always remember: You are UNIQUE, University of Vermont | just like everyone else. "I am not young enough to know everything." - Oscar Wilde (1854-1900)
smime.p7s
Description: S/MIME Cryptographic Signature
--- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
