From owner-freebsd-questions@FreeBSD.ORG  Wed Jul  4 09:43:22 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 603E516A400
	for <freebsd-questions@freebsd.org>;
	Wed,  4 Jul 2007 09:43:22 +0000 (UTC)
	(envelope-from lacoste@miage.univ-paris12.fr)
Received: from smtp23.orange.fr (smtp23.orange.fr [193.252.22.30])
	by mx1.freebsd.org (Postfix) with ESMTP id 2424513C480
	for <freebsd-questions@freebsd.org>;
	Wed,  4 Jul 2007 09:43:22 +0000 (UTC)
	(envelope-from lacoste@miage.univ-paris12.fr)
Received: from me-wanadoo.net (localhost [127.0.0.1])
	by mwinf2338.orange.fr (SMTP Server) with ESMTP id 48F441C0008C
	for <freebsd-questions@freebsd.org>;
	Wed,  4 Jul 2007 11:43:21 +0200 (CEST)
Received: from [192.168.1.24]
	(ASte-Genev-Bois-151-1-80-198.w81-48.abo.wanadoo.fr [81.48.109.198])
	by mwinf2338.orange.fr (SMTP Server) with ESMTP id 1F2711C00085;
	Wed,  4 Jul 2007 11:43:21 +0200 (CEST)
X-ME-UUID: 20070704094321127.1F2711C00085@mwinf2338.orange.fr
From: Thierry Lacoste <lacoste@miage.univ-paris12.fr>
Organization: MIAGE
To: freebsd-questions@freebsd.org
Date: Wed, 4 Jul 2007 11:41:53 +0200
User-Agent: KMail/1.9.5
References: <86sl85tkvy.fsf@srvbsdnanssv.interne.kisoft-services.com>
	<200707032342.31435.lacoste@miage.univ-paris12.fr>
	<86zm2ctydt.fsf@srvbsdnanssv.interne.kisoft-services.com>
In-Reply-To: <86zm2ctydt.fsf@srvbsdnanssv.interne.kisoft-services.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200707041141.54293.lacoste@miage.univ-paris12.fr>
Cc: Eric Masson <emss@free.fr>
Subject: Re: pam_ldap issues
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2007 09:43:22 -0000

On Wednesday 04 July 2007 09:35, Eric Masson wrote:
> Thierry Lacoste <lacoste@miage.univ-paris12.fr> writes:
>
> Hello,
>
> > I have a very similar setting on 6.1
> > Maybe you have an ACL problem (see below).
> > What does the following command give?
> > ldapsearch -x -D "cn=testuser,ou=people,dc=interne,dc=example,dc=org" -W
>
> The command asks for an ldap password that I type but, the result is :
> ldap_bind: Invalid credentials (49).
>
> I've double checked the password and reinitialized the ldap database,
> but no change atm.
Simplify your slapd.conf as much as possible.
When the above ldapsearch works throw in changes step by step.
In particular you should probably start with ACLs like these:

access to attrs=userPassword
       by anonymous auth
       by self write
       by * none

access to * by * read

Add "loglevel 128" to your slapd.conf to log access control list processing.

BTW what does ldapsearch -x -D "cn=Manager, dc=interne, dc=example, dc=org" -W
give?

Regards,
Thierry