[KLUG Members] Users stored in OpenLDAP accessing and changing
their data
Komal
agencies_ad1 at sancharnet.in
Tue Jul 26 13:45:43 EDT 2005
Hi,
I would like to allow the users stored in my OpenLDAP server to be
able to access (read) and change (write) their own data. However, I am
getting an 'invalid credentials' error.
Portions of my slapd.conf look like so:
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword
by dn="cn=admin,dc=comat,dc=com" write
by anonymous auth
by self write
by * none
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=foo,dc=com" write
by * read
When I run ldapsearch as cn=admin,dc=foo,dc=com, the entries are
printed just fine.
jupiter:~# ldapsearch -x -D "cn=admin,dc=foo,dc=com" -W -h localhost
"(objectclass=inetOrgPerson)" *|more
Enter LDAP Password:
...
# numResponses: 203
# numEntries: 202
However, when I run this binding as some user in LDAP I get an
"Invalid credentials" error message.
jupiter:~# ldapsearch -x -D
"cn=sudhakar.chandra,ou=people,dc=foo,dc=com" -W -h localhost
"(objectclass=inetOrgPerson)" *Enter LDAP Password:
ldap_bind: Invalid credentials (49)
Any help appreciated.
Regards,
Komal
More information about the Members
mailing list