Security Software

Greetings,

I have been using a personal DSCC login rather than the default 'admin' login in order to make it possible to trace directory operations to a real person. To do this, I add a user (object class "person") to the cn=cn=Administrators,cn=config subtree. For example:

dn: cn=test-adm,cn=Administrators,cn=config
cn: test-adm
objectclass: person
objectclass: top
sn: test-adm
userpassword: {SSHA}blahblahblah==


I was able to log in as this user up until some configuration change I made recently (I'm assuming it was me!) that I can not seem to identify. I can still log in as 'admin' with no issues, just not as any other user in the Adminsitrators subtree. I can also authenticate to the directory using ldapsearch using these accounts so I know that the user/password combination is good.

$ ldapsearch ldapsearch -h server.example.com -p 389 \
-b "dc=foo,dc=example,dc=com" \
-D cn=test-adm,cn=Administrators,cn=config -w password \
-s base '(objectclass=top)'
version: 1
dn: dc=foo,dc=example,dc=com
objectClass: domain
objectClass: top
objectClass: nisDomainObject
dc: foo
nisDomain: foo.example.com

Can anyone provide a suggestion as to what may be breaking this functionality or how to attack the troubleshooting?

Thanks in advance,
Chris