Am new to ApacheDS - am using apacheds-2.0.0-M17. Followed the instructions to setup an Ubuntu 14.04 LTS machine as a LDAP client from this page:
https://help.ubuntu.com/community/LDAPClientAuthentication Was able to view groups by issuing the following command: getent group I then proceeded by disabling anonymous bind by going into the Ubuntu machine which is running apacheds using ldapmodify: ldapmodify -H ldap://my_target_server:10389 -D "uid=admin,ou=system" -x -W dn: ads-directoryServiceId=default,ou=config changetype: modify replace: ads-dsallowanonymousaccess ads-dsallowanonymousaccess: FALSE After restarting apacheds, I verified that I was not able to login anonymously by using this particular ldapsearch query: ldapsearch -H ldap://my_target_server:10389 -x -b "dc=iam,dc=aws,dc=org" Which resulted in the following output in stdout: ldap_bind: Invalid credentials (49) additional info: INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for Now, when I issue the command for getent group Nothing from my target LDAP server returns! Question(s): 1. Is my ldapmodify process the correct way to turn off / disable anonymous binding? 2. How can I view my groups using getent group (from the client machine) with anonymous binding turned off? Is there a way to specify the password for the LDAP target server when issuing getent group? My /etc/nsswitch.conf looks like this: passwd: compat group: compat shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis When I enabled the anonymous access by setting the ads-dsallowanonymousaccess: TRUE I was able view my LDAP groups by issuing: getent group Need to able to turn off anonymous binding (and still view groups using getent) without using the Apache Directory Studio application. Thank you for taking the time to read this.
