How to enable anonymous ldap

Hello,

i would like to auth reddoxx against ucs OpenLDAP.

I think i need to enable anonymous ldap auth.

I did:
univention-config-registry set ldap/acl/read/anonymous=yes
/etc/init.d/slapd restart

root@ucs:~# univention-config-registry get ldap/acl/read/anonymous
=> yes

But from an external ip i still get:


# ldapsearch -x -b dc=hq,dc=example,dc=net -h <ucs-server-ip>
# extended LDIF
#
# LDAPv3
# base <dc=hq,dc=example,dc=net> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 1 Operations error
text: 00002020: Operation unavailable without authentication

# numResponses: 1

The ldap log shows:

Jan 28 16:02:52 ucs slapd[1409]: conn=1034 op=57 SRCH base="dc=hq,dc=example,dc=net" scope=2 deref=0 filter="(&(&(kopanoAccount=1)(|(objectClass=kopano-user)))(|(uid=reddoxx)))"
Jan 28 16:02:52 ucs slapd[1409]: conn=1034 op=57 SRCH attr=objectClass kopanoSharedStoreOnly kopanoResourceType kopanoSecurityGroup entryUUID gidNumber ou cn cn modifyTimestamp
Jan 28 16:02:52 ucs slapd[1409]: conn=1034 op=57 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 28 16:02:52 ucs slapd[1409]: conn=1034 op=58 SRCH base="dc=hq,dc=example,dc=net" scope=2 deref=0 filter="(&(&(kopanoAccount=1)(|(objectClass=kopano-user)))(entryUUID=32c11582-d628-1039-9c27-250afbec7288))"
Jan 28 16:02:52 ucs slapd[1409]: conn=1034 op=58 SRCH attr=dn
Jan 28 16:02:52 ucs slapd[1409]: conn=1034 op=58 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 28 16:02:52 ucs slapd[1409]: conn=1212 fd=22 ACCEPT from IP=192.168.150.7:54574 (IP=0.0.0.0:7389)
Jan 28 16:02:52 ucs slapd[1409]: conn=1212 op=0 BIND dn="uid=reddoxx,cn=users,dc=hq,dc=example,dc=net" method=128
Jan 28 16:02:52 ucs slapd[1409]: conn=1212 op=0 BIND dn="uid=reddoxx,cn=users,dc=hq,dc=example,dc=net" mech=SIMPLE ssf=0
Jan 28 16:02:52 ucs slapd[1409]: conn=1212 op=0 RESULT tag=97 err=0 text=
Jan 28 16:02:52 ucs slapd[1409]: conn=1212 op=1 UNBIND
Jan 28 16:02:52 ucs slapd[1409]: conn=1212 fd=22 closed

Here they write: REDDOXX Anmeldung an UCS

...dass REDDOXX bei der Authentifizierung ein “Anonymous bind” erwartet.

Thanks,
Michael

Argh, i need to query port 7389 for direct ldap access.
Port 378 seems to be samba.

I still cant auth, though :unamused: