LinuxQuestions.org
Page 2 of 3 1 2 3
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   LDAP password (https://www.linuxquestions.org/questions/linux-newbie-8/ldap-password-938449/)

xintzi 04-18-2012 02:00 AM
This is the command i can accomplish with search. When i change cn=ldap it wont work.

ldapsearch -H ldap://fw1:389 -D 'cn=admin,dc=local' -w secret -b "ou=People,dc=local"

acid_kewpie 04-18-2012 02:03 AM
but the new account is cn=ldap,dc=local, no?

xintzi 04-18-2012 02:09 AM
Yes. The new account is ldap.

acid_kewpie 04-18-2012 02:12 AM
right... so can you ldapsearch with it?

xintzi 04-18-2012 02:17 AM
The dn in my new account is "dn: uid=ldap,ou=People,dc=local" . I update the ACL accordingly but still not working.

xintzi 04-18-2012 02:20 AM
Quote:
Originally Posted by acid_kewpie (Post 4655807)
right... so can you ldapsearch with it?
No, I can't ldapsearch with cn=ldap,ou=People,dc=local nor cn=ldap,dc=local . Error is ldap_bind: Invalid credentials (49) .

acid_kewpie 04-18-2012 02:22 AM
right, so there must be something not set up right with that account. Note again though, that it's pretty common to do an anonymous bind for posix account details. It's not frowned on too much, esp if you were to do STARTTLS as well.

xintzi 04-18-2012 02:24 AM
I just add the account using ldapadd with the exact same directive with other user account through ldif file. Does that make sense?

acid_kewpie 04-18-2012 02:29 AM
with the admin account, do a search for the ldap account and see what it looks like.

Oh, and it IS set up for an anonymous bind already... just do that!

xintzi 04-18-2012 02:46 AM
This is what i get from the ldapsearch.

# ldap, People, local
dn: uid=ldap,ou=People,dc=local
uid: ldap
cn: Ldap User
givenName: User
sn: Ldap
mail: colin@novocraft.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 2202
gidNumber: 100
homeDirectory: /export/home/ldap
gecos: Ldap User,,,,
userPassword::

How to setup anonymous bind? What directive should i use?

acid_kewpie 04-18-2012 02:49 AM
so where's the userPassword string? Kinda helps.

To make it anonymous, you just don't use a password / binddn in the search.

xintzi 04-18-2012 02:53 AM
userPassword:: e1NTSEF9Wmo3RDBzV0JPVktCUFFWaXVVQ3FmMzF2QzhrNjBKbWI=

Do you mean that i just leave the userPassword empty for this account?

acid_kewpie 04-18-2012 02:56 AM
so that password WAS in the account, but you removed it? please actually explain what you're posting...

no, you wouldn't not use the password, you just don't mention the account at all:


ldapsearch -x -H ldap://fw1:389 -b "ou=People,dc=local"

xintzi 04-18-2012 03:06 AM
Quote:
Originally Posted by acid_kewpie (Post 4655860)
so that password WAS in the account, but you removed it? please actually explain what you're posting...

no, you wouldn't not use the password, you just don't mention the account at all:


ldapsearch -x -H ldap://fw1:389 -b "ou=People,dc=local"
The userPassword string is exist in that account just i take off when i post.

I tried the ldapsearch without using the account but it prompted me for password. Either i type in the rootdn password or leave it empty, it gives me an error.

Code:
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): user not found: no secret in database

acid_kewpie 04-18-2012 03:09 AM
don't use SASL binds. That's what the -x prevents, so clearly you're not actually using that command I typed.


All times are GMT -5. The time now is 01:35 PM.
Page 2 of 3 1 2 3
Show 50 post(s) from this thread on one page