[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Referral (ITS#531)
Full_Name: David Gress
Version: openldap-1.2.9
OS: Sun 5.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (192.135.249.2)
* I am using a "Supplier initiated agreement" to update a replication database.
* The replication database (consumer) is pointed to by the app.
User attempts to change password but fails on authorization.
* Authorization to the "Supplier" database is "Anonymous", no write allowed
* Bind DN not being passed on referral causing the "Anonymous" Access Control
attempt.
Command:
ldapmodify -D "cn=Directory Manager" -p389 -h sgi-supptm1 -w test123 -f
modpass.ldif
..ldap access log (test with ldapmodify across the "supplier" database)
[11/May/2000:12:16:02 -0400] conn=0 fd=63 slot=63 connection from
172.24.160.182
[11/May/2000:12:16:02 -0400] conn=0 op=0 BIND dn="" method=128 version=2
[11/May/2000:12:16:02 -0400] conn=0 op=0 RESULT err=0 tag=97 nentries=0
[11/May/2000:12:16:02 -0400] conn=0 op=1 MOD
dn="billingnumber=8035550001,uniqueidentifier=CiscoTest#0000000005550001,o=CiscoTest,c=US"
[11/May/2000:12:16:02 -0400] conn=0 op=1 RESULT err=50 tag=103 nentries=0
[11/May/2000:12:16:03 -0400] conn=0 op=2 UNBIND
[11/May/2000:12:16:03 -0400] conn=0 op=2 fd=63 closed
This results in :
[11/May/2000:12:16:02 -0400] access denied on
entry:(billingnumber=8035550001,uniquei
dentifier=CiscoTest#0000000005550001,o=CiscoTest,c=US, password, rv:50)
[11/May/2000:12:16:02 -0400] => send_ldap_result 50::Insufficient 'write'
privilege t
o the 'password' attribute of entry
'billingnumber=8035550001,uniqueidentifier=CiscoTest
#0000000005550001,o=CiscoTest,c=US'.
Downloaded and tested Netscape SDK and it works correctly.