Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Jul 2007 23:42:30 +0200
From:      Thierry Lacoste <lacoste@miage.univ-paris12.fr>
To:        freebsd-questions@freebsd.org
Cc:        Eric Masson <emss@free.fr>
Subject:   Re: pam_ldap issues
Message-ID:  <200707032342.31435.lacoste@miage.univ-paris12.fr>
In-Reply-To: <86sl85tkvy.fsf@srvbsdnanssv.interne.kisoft-services.com>
References:  <86sl85tkvy.fsf@srvbsdnanssv.interne.kisoft-services.com>

next in thread | previous in thread | raw e-mail | index | archive | help
I have a very similar setting on 6.1
Maybe you have an ACL problem (see below).
What does the following command give?
ldapsearch -x -D "cn=testuser,ou=people,dc=interne,dc=example,dc=org" -W

> </usr/local/etc/ldap.conf>
> base dc=interne,dc=example,dc=org
> uri ldap://127.0.0.1:389/
>
> logdir /var/log/ldap
> #debug 256
>
> timeout 5
> bind_timeout 5
> bind_policy soft
>
> rootbinddn cn=Manager,dc=interne,dc=example,dc=org
BTW I think you can remove this one
>
> nss_base_passwd ou=people,dc=interne,dc=example,dc=org?one
> nss_base_group ou=groups,dc=interne,dc=example,dc=org?one
> </usr/local/etc/ldap.conf>

>
> </usr/local/etc/openldap/slapd.conf>
> include		/usr/local/etc/openldap/schema/core.schema
> include		/usr/local/etc/openldap/schema/cosine.schema
> include		/usr/local/etc/openldap/schema/inetorgperson.schema
> include		/usr/local/etc/openldap/schema/nis.schema
> include		/usr/local/etc/openldap/schema/samba.schema
>
> pidfile		/var/run/openldap/slapd.pid
> argsfile	/var/run/openldap/slapd.args
>
> modulepath	/usr/local/libexec/openldap
> moduleload	back_bdb
>
> access to dn.base=""
> 		by self write
> 		by * auth
>
> access to attrs=userPassword
> 		by self write
> 		by * auth
Replace this one with
 		by anonymous auth
>
> access to attrs=shadowLastChange
> 		by self write
> 		by * auth
>
> access to *
> 		by * read
> 		by anonymous auth
I think you sould also remove all the other above lines containing auth.
>
> schemacheck	on
> idletimeout	30
> backend		bdb
> database	bdb
>
> suffix		"dc=interne, dc=example, dc=org"
> rootdn		"cn=Manager, dc=interne, dc=example, dc=org"
>
> rootpw		password
>
> checkpoint	1024 5
> cachesize	10000
>
> directory	/var/db/openldap-data
>
> # Indices to maintain
> index	objectClass		eq
> index	cn			pres,sub,eq
> index	sn			pres,sub,eq
> index	uid			pres,sub,eq
> index	displayName		pres,sub,eq
> index	uidNumber		eq
> index	gidNumber		eq
> index	memberUID		eq
> index	sambaSID		eq
> index	sambaPrimaryGroupSID	eq
> index	sambaDomainName		eq
> index	default			sub
> </usr/local/etc/openldap/slapd.conf>

HTH,
Thierry.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707032342.31435.lacoste>