Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 65666 invoked from network); 12 Apr 2011 06:18:39 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 12 Apr 2011 06:18:39 -0000 Received: (qmail 22807 invoked by uid 500); 12 Apr 2011 06:18:38 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 22791 invoked by uid 500); 12 Apr 2011 06:18:38 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 22783 invoked by uid 99); 12 Apr 2011 06:18:36 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Apr 2011 06:18:36 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.85.210.178] (HELO mail-iy0-f178.google.com) (209.85.210.178) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Apr 2011 06:18:30 +0000 Received: by iyi12 with SMTP id 12so8030224iyi.37 for ; Mon, 11 Apr 2011 23:18:09 -0700 (PDT) MIME-Version: 1.0 Received: by 10.42.229.195 with SMTP id jj3mr9561938icb.231.1302589088417; Mon, 11 Apr 2011 23:18:08 -0700 (PDT) Sender: mail@stefan-seelmann.de Received: by 10.42.154.132 with HTTP; Mon, 11 Apr 2011 23:18:08 -0700 (PDT) In-Reply-To: References: Date: Tue, 12 Apr 2011 08:18:08 +0200 X-Google-Sender-Auth: oGMfvJjlRcnnt0n2-sUCud3LmAg Message-ID: Subject: Re: Search result is empty when authenticating with user's DN From: Stefan Seelmann To: users@directory.apache.org Cc: Mat Gessel Content-Type: text/plain; charset=UTF-8 Hi Mat, I assume you are using Apache Directory Studio 1.5.3 which is bundled with an embedded ApacheDS 1.5.6. It sounds that you enabled access control in server.xml or in the configuration editor. If so then you need setup the ACI subsystem, [1] contains a nice example. Kind Regards Stefan [1] http://directory.apache.org/apacheds/1.5/32-basic-authorization.html On Tue, Apr 12, 2011 at 3:16 AM, Mat Gessel wrote: > Do I need to do something special to allow a given user to search the directory? > > I'm using Directory Studio with the embedded server. Search returns 1 > entry when I bind with the built-in admin (uid=admin,ou=system). > Search returns 0 entries when I bind (successfully) with the DN of > another user. The user and search base are contained by a custom > partition. > > Succeeds: >> ldapsearch -H ldap://localhost:10389 -x -D "uid=admin,ou=system" -w secret -b "ou=people,o=example" -s one "(uid=jdoe)" > > Fails: >> ldapsearch -H ldap://localhost:10389 -x -D "exampleid=20003,ou=people,o=example" -w secret -b "ou=people,o=example" -s one "(uid=jdoe)" > > I experience a similar problem if I create a connection in Directory > Studio using the user's DN. The result is an empty DIT in the LDAP > Browser. > > -- > Mat Gessel > http://www.asquare.net >