Date: Tue, 3 Jul 2007 23:42:30 +0200 From: Thierry Lacoste <lacoste@miage.univ-paris12.fr> To: freebsd-questions@freebsd.org Cc: Eric Masson <emss@free.fr> Subject: Re: pam_ldap issues Message-ID: <200707032342.31435.lacoste@miage.univ-paris12.fr> In-Reply-To: <86sl85tkvy.fsf@srvbsdnanssv.interne.kisoft-services.com> References: <86sl85tkvy.fsf@srvbsdnanssv.interne.kisoft-services.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have a very similar setting on 6.1 Maybe you have an ACL problem (see below). What does the following command give? ldapsearch -x -D "cn=testuser,ou=people,dc=interne,dc=example,dc=org" -W > </usr/local/etc/ldap.conf> > base dc=interne,dc=example,dc=org > uri ldap://127.0.0.1:389/ > > logdir /var/log/ldap > #debug 256 > > timeout 5 > bind_timeout 5 > bind_policy soft > > rootbinddn cn=Manager,dc=interne,dc=example,dc=org BTW I think you can remove this one > > nss_base_passwd ou=people,dc=interne,dc=example,dc=org?one > nss_base_group ou=groups,dc=interne,dc=example,dc=org?one > </usr/local/etc/ldap.conf> > > </usr/local/etc/openldap/slapd.conf> > include /usr/local/etc/openldap/schema/core.schema > include /usr/local/etc/openldap/schema/cosine.schema > include /usr/local/etc/openldap/schema/inetorgperson.schema > include /usr/local/etc/openldap/schema/nis.schema > include /usr/local/etc/openldap/schema/samba.schema > > pidfile /var/run/openldap/slapd.pid > argsfile /var/run/openldap/slapd.args > > modulepath /usr/local/libexec/openldap > moduleload back_bdb > > access to dn.base="" > by self write > by * auth > > access to attrs=userPassword > by self write > by * auth Replace this one with by anonymous auth > > access to attrs=shadowLastChange > by self write > by * auth > > access to * > by * read > by anonymous auth I think you sould also remove all the other above lines containing auth. > > schemacheck on > idletimeout 30 > backend bdb > database bdb > > suffix "dc=interne, dc=example, dc=org" > rootdn "cn=Manager, dc=interne, dc=example, dc=org" > > rootpw password > > checkpoint 1024 5 > cachesize 10000 > > directory /var/db/openldap-data > > # Indices to maintain > index objectClass eq > index cn pres,sub,eq > index sn pres,sub,eq > index uid pres,sub,eq > index displayName pres,sub,eq > index uidNumber eq > index gidNumber eq > index memberUID eq > index sambaSID eq > index sambaPrimaryGroupSID eq > index sambaDomainName eq > index default sub > </usr/local/etc/openldap/slapd.conf> HTH, Thierry.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707032342.31435.lacoste>