Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Unable to bind to directory as any user.

9 views
Skip to first unread message

Chuck Koleczek

unread,
Mar 16, 2002, 6:20:56 AM3/16/02
to

I am unable to bind to the directory as any user.
This is via the very useful Java LDAP browser/editor
(http://www.iit.edu/~gawojar/ldap/)
*or* via OpenLDAP's ldapsearch client.

Either of these clients search properly with an anonymous bind, but I cannot
get either to connect as any user, even the postmaster. Directory Access
Rights settings are the defaults.

> # ldapsearch -h localhost -D "uid=postmaster,cn=primary.domain.com" \
> -w "password"
>
>ldap_bind: Invalid credentials
> additional info: incorrect password or account name

Technical Support

unread,
Mar 16, 2002, 6:28:18 AM3/16/02
to
Hello,

>> From SystemLogs:
>
>> 03:11:01.28 4 DIRECTORY(Main) 'uid=postmaster,cn=primary.domain.com'(18)
> retrieved
>> 03:11:01.28 1 LDAP-00043([206.169.163.206]) BIND failed: incorrect password
>> or
> account name
>
> Must something in the Directory Access Rights be changed from the defaults
> for this to be allowed? Previous discussion and the documentation indicate
> that a bind as a "master" such as postmaster will bypass Access Rights
> rules.

What is the CGPro version?
Are you positive the password is correct?
Try binding with BindDN of just 'postmaster' (not the full DN)

--
Best regards,
Dmitry Akindinov

=======================================================================
When answering to letters sent to you by the tech.support staff, make
sure the original message you have received is included into your reply.


#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGat...@mail.stalker.com>.
To unsubscribe, E-mail to: <CGateP...@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePr...@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePr...@mail.stalker.com>
Send administrative queries to <CGatePro...@mail.stalker.com>

Chuck Koleczek

unread,
Mar 16, 2002, 7:17:48 AM3/16/02
to
<snip>

> What is the CGPro version?

3.5.6 FreeBSD

> Are you positive the password is correct?

Da.

> Try binding with BindDN of just 'postmaster' (not the full DN)

Aha. This works.

># ldapsearch -h localhost -D "postmaster" -w "password"

This wasn't clear from the docs. My assumption was that the DN for
postmaster would be "uid=postmaster,cn=primary.domain.com"

As DN="postmaster" I am able to access and edit the directory.

Now, still I am unable to bind as a regular user.
I created a new account "uid=diradmin,cn=secondary.domain.com" (created via
WebAdmin) for directory administration of the hosted domain.
This account is not a "master" (whatever that means), and I have even gone
so far as to give it full Access Rights for the domain.

Tried permutations of the query...

ldapsearch -h localhost -D "uid=diradmin,cn=secondary.domain.com" -w "pass"

ldapsearch -h localhost -D "uid=diradmin" -w "pass" \
-b "cn=secondary.domain.com"

ldapsearch -h localhost -D "diradmin" -w "pass" \
-b "cn=secondary.domain.com"

I continue to get "incorrect password or account name" on ldapsearch
connection attempts.

I am operating with the default directory Access Rules of "HidePas" and
"ReadAll" in place. No others.

Does this work in the lab? Can you bind to directories as non-postmaster
users?

Technical Support

unread,
Mar 16, 2002, 2:07:49 PM3/16/02
to
Hello, on 16.03.2002 15:17, Chuck Koleczek at ch...@koleczek.com wrote:

> <snip>
>> What is the CGPro version?
>
> 3.5.6 FreeBSD
>
>> Are you positive the password is correct?
>
> Da.
>
>> Try binding with BindDN of just 'postmaster' (not the full DN)
>
> Aha. This works.
>
>> # ldapsearch -h localhost -D "postmaster" -w "password"
>
> This wasn't clear from the docs. My assumption was that the DN for
> postmaster would be "uid=postmaster,cn=primary.domain.com"

<http://www.stalker.com/CommuniGatePro/Directory.html#Binding>


> As DN="postmaster" I am able to access and edit the directory.
>
> Now, still I am unable to bind as a regular user.
> I created a new account "uid=diradmin,cn=secondary.domain.com" (created via
> WebAdmin) for directory administration of the hosted domain.
> This account is not a "master" (whatever that means), and I have even gone
> so far as to give it full Access Rights for the domain.
>
> Tried permutations of the query...
>
> ldapsearch -h localhost -D "uid=diradmin,cn=secondary.domain.com" -w "pass"
>
> ldapsearch -h localhost -D "uid=diradmin" -w "pass" \
> -b "cn=secondary.domain.com"
>
> ldapsearch -h localhost -D "diradmin" -w "pass" \
> -b "cn=secondary.domain.com"

For secondary domains that will be

ldapsearch -h localhost -D "diradmin@ secondary.domain.com" -w "pass" \
-b "cn=secondary.domain.com"

=======================================================================


When answering to letters sent to you by the tech.support staff, make
sure the original message you have received is included into your reply.

0 new messages