why ldap anonymous search request doesn't work whereas allowed?

Question

I have a ldap server with olc (slapd.d directory instead of a static file : the server contains its own config !).

I want to perform search operation on it, without furnishing any credentials.

The object is only to fetch the dn (and maybe mail) of a user inside, and then AFTER, auth along this precise dn with the correct creds.

When I look at the config, it seems such operation is well allowed :

# {1}hdb, config
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=22decembre,dc=eu
olcAccess: {0}to attrs=userPassword,shadowLastChange 
    by self write 
    by anonymous auth
    by dn="cn=admin,dc=22decembre,dc=eu" write
    by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to *
    by self write
    by dn="cn=admin,dc=22decembre,dc=eu" write 
    by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=22decembre,dc=eu
olcRootPW: {SSHA}cgcKtuYqJpUxLIgbCwWgLRgQv0VNIPzN
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq

Eventhough, when I run ldapsearch, it continue to ask me for a password with sasl auth method.

Actually, the main purpose is with php, but I think it has to work at least in command line, otherwise in php, I won't guess anything.

Answer 1

Solved. Even if anonymous bind allowed, you need to say you'll auth with -x option (absurd isn't something we count !).

So for ex :

ldapsearch -x -H ldap://blackblock "uid=stephane" -b "dc=22decembre,dc=eu"

And ok ! You don't need to type your password.