[Ltb-users] Help with OpenDirectory / OpenLDAP

Jared Schwartz jared.schwartz at gmail.com
Tue Nov 24 00:08:19 CET 2015


Just a quick update - I dug into the slapd.conf and linked files and found they use The basedn starting with uid=root (not diradmin) but I have no idea how to find the secret / password



-Jared

On Mon, Nov 23, 2015 at 3:33 PM, Jared Schwartz <jared.schwartz at gmail.com>
wrote:

> Hello All,
> We are attempting to setup self service that connects to an
> OpenDirectory server (that is a Apple fork of OpenLDAP)
> I am close to getting it to work, but I think I am overlooking
> something obvious..
> I have configured my settings as:
> (diradmin in the directory admin)
> (snipped server names below)
> # LDAP
> $ldap_url = "ldap://servername.network.lan:389";
> $ldap_starttls = false;
> $ldap_binddn = "uid=diradmin,cn=users,dc=servername,dc=network,dc=lan";
> $ldap_bindpw = "password";
> $ldap_base = "cn=users,dc=servername,dc=network,dc=lan";
> $ldap_login_attribute = "uid";
> $ldap_fullname_attribute = "cn";
> $ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";
> I am not quite sure I understand the below option as it is not
> explained in detail on the website, or what to set it to:
> # Who changes the password?
> # Also applicable for question/answer save
> # user: the user itself
> # manager: the above binddn
> $who_change_password = "user";
> Another issue is I don't fully understand how to build the ldap_filter
> for open directory.  $ldap_filter =
> "(&(objectClass=person)(uid={login}))";   I verified that the
> objectClass person exists but I am not sure where to find uid=login
> The error I get on the webpage is "Login or password incorrect"
> In the PHP error logs i see:
> [23-Nov-2015 21:25:47 Europe/Berlin] PHP Warning:  ldap_bind(): Unable
> to bind to server: Insufficient access in
> /Applications/MAMP/htdocs/pages/change.php on line 141
> [23-Nov-2015 21:25:47 Europe/Berlin] LDAP - Bind user error 50
> (Insufficient access)
> I have verified that the username and password are valid for the
> highest level open directory user - so I am confused on how to fix
> this issue.
> Any help is greatly appreciated.
> -Jared
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-users/attachments/20151123/34ac76f3/attachment.htm>


More information about the ltb-users mailing list