debugging LDAP

[Alan Chandler <alan@chandlerfamily.org.uk>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I now have managed to set up an ldap database and use it to look up my account 
when I login. Unfortunately I could only do that by changing the access 
rights so that all users are able to read the database.  The access line with 
the dn= set to the same thing as in my pam_ldap.conf file or my 
libnss-ldap.conf file didn't work.

Also, using gq to access the database, even when I am sure I am binding with 
the correct administrator dn does not allow me to change the passwords - 
saying I have insufficient permission.  

What I suspect is that somehow my passwords in the ldap database are not 
correct (why I don't know), but I can't be sure until I can be 100% certain 
what I am doing is correct.

I tried running logfile set to 128 which is supposed to dump the acl tests on 
the database, but the data is volumous, and I haven't found it indicating 
what dn I am bound with when I do the query.

Attempts to use ldapsearch just fail with an incomprehensible error message

alan@kanger:~$ ldapsearch -h 10.0.10.100 -D \ 
"cn=admin,dc=chandlerfamily.org.uk" -W
Enter LDAP Password:
ldap_sasl_interactive_bind_s: No such attribute (16)
alan@kanger:~$

Can anyone explain what the error message means, and if there is any way to 
get slapd to print in syslog (or elsewhere) the bind dn that its conducting 
the search with.


- -- 
Alan Chandler
alan@chandlerfamily.org.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+pckTuFHxcV2FFoIRAkuvAJ4uLSGZrzQ/Jmj2rZ9jozGAxSNv5QCfRWST
KaITK7SRQ36dSjIqVzVfqvU=
=W9nw
-----END PGP SIGNATURE-----