This is the command i can accomplish with search. When i change cn=ldap it wont work.
ldapsearch -H ldap://fw1:389 -D 'cn=admin,dc=local' -w secret -b "ou=People,dc=local" |
but the new account is cn=ldap,dc=local, no?
|
Yes. The new account is ldap.
|
right... so can you ldapsearch with it?
|
The dn in my new account is "dn: uid=ldap,ou=People,dc=local" . I update the ACL accordingly but still not working.
|
Quote:
|
right, so there must be something not set up right with that account. Note again though, that it's pretty common to do an anonymous bind for posix account details. It's not frowned on too much, esp if you were to do STARTTLS as well.
|
I just add the account using ldapadd with the exact same directive with other user account through ldif file. Does that make sense?
|
with the admin account, do a search for the ldap account and see what it looks like.
Oh, and it IS set up for an anonymous bind already... just do that! |
This is what i get from the ldapsearch.
# ldap, People, local dn: uid=ldap,ou=People,dc=local uid: ldap cn: Ldap User givenName: User sn: Ldap mail: colin@novocraft.com objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top loginShell: /bin/bash uidNumber: 2202 gidNumber: 100 homeDirectory: /export/home/ldap gecos: Ldap User,,,, userPassword:: How to setup anonymous bind? What directive should i use? |
so where's the userPassword string? Kinda helps.
To make it anonymous, you just don't use a password / binddn in the search. |
userPassword:: e1NTSEF9Wmo3RDBzV0JPVktCUFFWaXVVQ3FmMzF2QzhrNjBKbWI=
Do you mean that i just leave the userPassword empty for this account? |
so that password WAS in the account, but you removed it? please actually explain what you're posting...
no, you wouldn't not use the password, you just don't mention the account at all: ldapsearch -x -H ldap://fw1:389 -b "ou=People,dc=local" |
Quote:
I tried the ldapsearch without using the account but it prompted me for password. Either i type in the rootdn password or leave it empty, it gives me an error. Code:
SASL/DIGEST-MD5 authentication started |
don't use SASL binds. That's what the -x prevents, so clearly you're not actually using that command I typed.
|
All times are GMT -5. The time now is 01:35 PM. |