Date: Wed, 4 Jul 2007 11:41:53 +0200 From: Thierry Lacoste <lacoste@miage.univ-paris12.fr> To: freebsd-questions@freebsd.org Cc: Eric Masson <emss@free.fr> Subject: Re: pam_ldap issues Message-ID: <200707041141.54293.lacoste@miage.univ-paris12.fr> In-Reply-To: <86zm2ctydt.fsf@srvbsdnanssv.interne.kisoft-services.com> References: <86sl85tkvy.fsf@srvbsdnanssv.interne.kisoft-services.com> <200707032342.31435.lacoste@miage.univ-paris12.fr> <86zm2ctydt.fsf@srvbsdnanssv.interne.kisoft-services.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 04 July 2007 09:35, Eric Masson wrote:
> Thierry Lacoste <lacoste@miage.univ-paris12.fr> writes:
>
> Hello,
>
> > I have a very similar setting on 6.1
> > Maybe you have an ACL problem (see below).
> > What does the following command give?
> > ldapsearch -x -D "cn=testuser,ou=people,dc=interne,dc=example,dc=org" -W
>
> The command asks for an ldap password that I type but, the result is :
> ldap_bind: Invalid credentials (49).
>
> I've double checked the password and reinitialized the ldap database,
> but no change atm.
Simplify your slapd.conf as much as possible.
When the above ldapsearch works throw in changes step by step.
In particular you should probably start with ACLs like these:
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to * by * read
Add "loglevel 128" to your slapd.conf to log access control list processing.
BTW what does ldapsearch -x -D "cn=Manager, dc=interne, dc=example, dc=org" -W
give?
Regards,
Thierry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707041141.54293.lacoste>