Sun Directory Server Enterprise Edition 7.0 Developer's Guide

ProcedureTo Bind as an Example.com User

  1. Check what happens in the errors log when you bind as Barbara Jensen.


    $ ldapsearch -h localhost -p 1389 -b dc=example,dc=com \
     -D uid=bjensen,ou=people,dc=example,dc=com -w hifalutin uid=bjensen sn
    version: 1
    dn: uid=bjensen, ou=People, dc=example,dc=com
    sn: Jensen
    $ grep test_bind /local/ds/logs/errors
    [04/Jan/2006:11:34:31 +0100] - INFORMATION -
     test_bind in test-bind plug-in
     - conn=4 op=0 msgId=1 - 
     Authenticated: uid=bjensen,ou=people,dc=example,dc=com
    $ 
  2. See what happens when you bind as Barbara Jensen, but get the password wrong.


    $ ldapsearch -h localhost -p 1389 -b dc=example,dc=com \
     -D uid=bjensen,ou=people,dc=example,dc=com -w bogus uid=bjensen sn
    ldap_simple_bind: Invalid credentials
    $ grep test_bind /local/ds/logs/errors | grep -i credentials
    [04/Jan/2006:11:36:07 +0100] - INFORMATION -
     test_bind in test-bind plug-in
     - conn=5 op=0 msgId=1 -  Credentials are not correct.
    $ 

    Here, the LDAP result is interpreted correctly by the command-line client. The plug-in message to the same effect is written to the errors log.

  3. Delete Barbara's password, then try again.


    $ ldapmodify -h localhost -p 1389 \
     -D uid=kvaughan,ou=people,dc=example,dc=com -w bribery
    dn: uid=bjensen,ou=people,dc=example,dc=com
    changetype: modify
    delete: userpassword
    modifying entry uid=bjensen,ou=people,dc=example,dc=com
    ^D
    $ ldapsearch -h localhost -p 1389 -b dc=example,dc=com \
     -D uid=bjensen,ou=people,dc=example,dc=com -w - uid=bjensen sn
    Enter bind password: 
    ldap_simple_bind: Inappropriate authentication
    $ grep test_bind /local/ds/logs/errors | grep -i password
    [04/Jan/2006:11:41:25 +0100] - INFORMATION -
     test_bind in test-bind plug-in
     - conn=8 op=0 msgId=1 - 
     Entry uid=bjensen,ou=people,dc=example,dc=com has no userpassword.
    $ 

    Here, the LDAP result is displayed correctly by the command-line client. The plug-in message will provide more information about what went wrong during Barbara’s attempt to bind, no userpassword attribute values.