LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-18-2012, 02:00 AM   #16
xintzi
LQ Newbie
 
Registered: Apr 2012
Posts: 19

Original Poster
Rep: Reputation: Disabled

This is the command i can accomplish with search. When i change cn=ldap it wont work.

ldapsearch -H ldap://fw1:389 -D 'cn=admin,dc=local' -w secret -b "ou=People,dc=local"
 
Old 04-18-2012, 02:03 AM   #17
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
but the new account is cn=ldap,dc=local, no?
 
Old 04-18-2012, 02:09 AM   #18
xintzi
LQ Newbie
 
Registered: Apr 2012
Posts: 19

Original Poster
Rep: Reputation: Disabled
Yes. The new account is ldap.
 
Old 04-18-2012, 02:12 AM   #19
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
right... so can you ldapsearch with it?
 
Old 04-18-2012, 02:17 AM   #20
xintzi
LQ Newbie
 
Registered: Apr 2012
Posts: 19

Original Poster
Rep: Reputation: Disabled
The dn in my new account is "dn: uid=ldap,ou=People,dc=local" . I update the ACL accordingly but still not working.
 
Old 04-18-2012, 02:20 AM   #21
xintzi
LQ Newbie
 
Registered: Apr 2012
Posts: 19

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by acid_kewpie View Post
right... so can you ldapsearch with it?
No, I can't ldapsearch with cn=ldap,ou=People,dc=local nor cn=ldap,dc=local . Error is ldap_bind: Invalid credentials (49) .
 
Old 04-18-2012, 02:22 AM   #22
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
right, so there must be something not set up right with that account. Note again though, that it's pretty common to do an anonymous bind for posix account details. It's not frowned on too much, esp if you were to do STARTTLS as well.
 
Old 04-18-2012, 02:24 AM   #23
xintzi
LQ Newbie
 
Registered: Apr 2012
Posts: 19

Original Poster
Rep: Reputation: Disabled
I just add the account using ldapadd with the exact same directive with other user account through ldif file. Does that make sense?
 
Old 04-18-2012, 02:29 AM   #24
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
with the admin account, do a search for the ldap account and see what it looks like.

Oh, and it IS set up for an anonymous bind already... just do that!

Last edited by acid_kewpie; 04-18-2012 at 02:31 AM.
 
Old 04-18-2012, 02:46 AM   #25
xintzi
LQ Newbie
 
Registered: Apr 2012
Posts: 19

Original Poster
Rep: Reputation: Disabled
This is what i get from the ldapsearch.

# ldap, People, local
dn: uid=ldap,ou=People,dc=local
uid: ldap
cn: Ldap User
givenName: User
sn: Ldap
mail: colin@novocraft.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 2202
gidNumber: 100
homeDirectory: /export/home/ldap
gecos: Ldap User,,,,
userPassword::

How to setup anonymous bind? What directive should i use?
 
Old 04-18-2012, 02:49 AM   #26
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
so where's the userPassword string? Kinda helps.

To make it anonymous, you just don't use a password / binddn in the search.
 
Old 04-18-2012, 02:53 AM   #27
xintzi
LQ Newbie
 
Registered: Apr 2012
Posts: 19

Original Poster
Rep: Reputation: Disabled
userPassword:: e1NTSEF9Wmo3RDBzV0JPVktCUFFWaXVVQ3FmMzF2QzhrNjBKbWI=

Do you mean that i just leave the userPassword empty for this account?
 
Old 04-18-2012, 02:56 AM   #28
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
so that password WAS in the account, but you removed it? please actually explain what you're posting...

no, you wouldn't not use the password, you just don't mention the account at all:


ldapsearch -x -H ldap://fw1:389 -b "ou=People,dc=local"

Last edited by acid_kewpie; 04-18-2012 at 02:57 AM.
 
Old 04-18-2012, 03:06 AM   #29
xintzi
LQ Newbie
 
Registered: Apr 2012
Posts: 19

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by acid_kewpie View Post
so that password WAS in the account, but you removed it? please actually explain what you're posting...

no, you wouldn't not use the password, you just don't mention the account at all:


ldapsearch -x -H ldap://fw1:389 -b "ou=People,dc=local"
The userPassword string is exist in that account just i take off when i post.

I tried the ldapsearch without using the account but it prompted me for password. Either i type in the rootdn password or leave it empty, it gives me an error.

Code:
SASL/DIGEST-MD5 authentication started
Please enter your password: 
ldap_sasl_interactive_bind_s: Invalid credentials (49)
	additional info: SASL(-13): user not found: no secret in database
 
Old 04-18-2012, 03:09 AM   #30
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
don't use SASL binds. That's what the -x prevents, so clearly you're not actually using that command I typed.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ldap password reset BFCsaus Linux - Newbie 14 05-25-2012 09:28 AM
[SOLVED] Getting RHEL 4 to allow LDAP password changes trekgirl Linux - Server 3 03-27-2012 10:51 AM
Squirrelmail Ldap Password moekad Linux - Server 1 09-15-2010 07:51 PM
LDAP password naivelinux Linux - General 2 07-04-2008 03:41 AM
Compare LDAP password with php crypt password coolamit78 Linux - Networking 1 01-30-2006 05:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration