I have a ldap server with olc (slapd.d directory instead of a static file : the server contains its own config !).
I want to perform search operation on it, without furnishing any credentials.
The object is only to fetch the dn (and maybe mail) of a user inside, and then AFTER, auth along this precise dn with the correct creds.
When I look at the config, it seems such operation is well allowed :
# {1}hdb, config
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=22decembre,dc=eu
olcAccess: {0}to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by dn="cn=admin,dc=22decembre,dc=eu" write
by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to *
by self write
by dn="cn=admin,dc=22decembre,dc=eu" write
by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=22decembre,dc=eu
olcRootPW: {SSHA}cgcKtuYqJpUxLIgbCwWgLRgQv0VNIPzN
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
Eventhough, when I run ldapsearch, it continue to ask me for a password with sasl auth method.
Actually, the main purpose is with php, but I think it has to work at least in command line, otherwise in php, I won't guess anything.