From owner-freebsd-questions@FreeBSD.ORG  Tue Jul  3 21:46:01 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id AC3F116A400
	for <freebsd-questions@freebsd.org>;
	Tue,  3 Jul 2007 21:46:01 +0000 (UTC)
	(envelope-from lacoste@miage.univ-paris12.fr)
Received: from smtp23.orange.fr (smtp23.orange.fr [193.252.22.126])
	by mx1.freebsd.org (Postfix) with ESMTP id 47F5E13C448
	for <freebsd-questions@freebsd.org>;
	Tue,  3 Jul 2007 21:46:01 +0000 (UTC)
	(envelope-from lacoste@miage.univ-paris12.fr)
Received: from smtp23.orange.fr (mwinf2311 [10.232.4.39])
	by mwinf2325.orange.fr (SMTP Server) with ESMTP id 001981C00EFA
	for <freebsd-questions@freebsd.org>;
	Tue,  3 Jul 2007 23:43:59 +0200 (CEST)
Received: from me-wanadoo.net (localhost [127.0.0.1])
	by mwinf2311.orange.fr (SMTP Server) with ESMTP id CAF7E7000089
	for <freebsd-questions@freebsd.org>;
	Tue,  3 Jul 2007 23:43:58 +0200 (CEST)
Received: from [192.168.1.24]
	(ASte-Genev-Bois-151-1-101-139.w90-3.abo.wanadoo.fr [90.3.182.139])
	by mwinf2311.orange.fr (SMTP Server) with ESMTP id 74F2A7000086;
	Tue,  3 Jul 2007 23:43:58 +0200 (CEST)
X-ME-UUID: 20070703214358479.74F2A7000086@mwinf2311.orange.fr
From: Thierry Lacoste <lacoste@miage.univ-paris12.fr>
Organization: MIAGE
To: freebsd-questions@freebsd.org
Date: Tue, 3 Jul 2007 23:42:30 +0200
User-Agent: KMail/1.9.5
References: <86sl85tkvy.fsf@srvbsdnanssv.interne.kisoft-services.com>
In-Reply-To: <86sl85tkvy.fsf@srvbsdnanssv.interne.kisoft-services.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-6"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200707032342.31435.lacoste@miage.univ-paris12.fr>
Cc: Eric Masson <emss@free.fr>
Subject: Re: pam_ldap issues
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2007 21:46:01 -0000

I have a very similar setting on 6.1
Maybe you have an ACL problem (see below).
What does the following command give?
ldapsearch -x -D "cn=testuser,ou=people,dc=interne,dc=example,dc=org" -W

> </usr/local/etc/ldap.conf>
> base dc=interne,dc=example,dc=org
> uri ldap://127.0.0.1:389/
>
> logdir /var/log/ldap
> #debug 256
>
> timeout 5
> bind_timeout 5
> bind_policy soft
>
> rootbinddn cn=Manager,dc=interne,dc=example,dc=org
BTW I think you can remove this one
>
> nss_base_passwd ou=people,dc=interne,dc=example,dc=org?one
> nss_base_group ou=groups,dc=interne,dc=example,dc=org?one
> </usr/local/etc/ldap.conf>

>
> </usr/local/etc/openldap/slapd.conf>
> include		/usr/local/etc/openldap/schema/core.schema
> include		/usr/local/etc/openldap/schema/cosine.schema
> include		/usr/local/etc/openldap/schema/inetorgperson.schema
> include		/usr/local/etc/openldap/schema/nis.schema
> include		/usr/local/etc/openldap/schema/samba.schema
>
> pidfile		/var/run/openldap/slapd.pid
> argsfile	/var/run/openldap/slapd.args
>
> modulepath	/usr/local/libexec/openldap
> moduleload	back_bdb
>
> access to dn.base=""
> 		by self write
> 		by * auth
>
> access to attrs=userPassword
> 		by self write
> 		by * auth
Replace this one with
 		by anonymous auth
>
> access to attrs=shadowLastChange
> 		by self write
> 		by * auth
>
> access to *
> 		by * read
> 		by anonymous auth
I think you sould also remove all the other above lines containing auth.
>
> schemacheck	on
> idletimeout	30
> backend		bdb
> database	bdb
>
> suffix		"dc=interne, dc=example, dc=org"
> rootdn		"cn=Manager, dc=interne, dc=example, dc=org"
>
> rootpw		password
>
> checkpoint	1024 5
> cachesize	10000
>
> directory	/var/db/openldap-data
>
> # Indices to maintain
> index	objectClass		eq
> index	cn			pres,sub,eq
> index	sn			pres,sub,eq
> index	uid			pres,sub,eq
> index	displayName		pres,sub,eq
> index	uidNumber		eq
> index	gidNumber		eq
> index	memberUID		eq
> index	sambaSID		eq
> index	sambaPrimaryGroupSID	eq
> index	sambaDomainName		eq
> index	default			sub
> </usr/local/etc/openldap/slapd.conf>

HTH,
Thierry.