[Date Prev][Date Next] [Chronological] [Thread] [Top]

Binding Problems with authentication



Greetings All,

I have Openldap 1.2.2 running on Solaris 5.6

The server doesn't seem to bind DN's for authentication (I tried Netscape, Eudora email clients).
Perhaps I'm doing something wrong??



Here is what my log file says (I give to 2 log examples using: Eudora, Netscape mail clients - Latest versions)
--------------------------------------------------------
(Log 1: "Mark" search with Eudora):


Jul 21 11:47:28 pluton.matrox.com slapd[10166]: conn=0 fd=6 connection from dyn-2-30.matrox.com (192.168.2.180) accepted.
Jul 21 11:47:28 pluton.matrox.com slapd[10166]: conn=0 op=0 BIND dn="" method=128
Jul 21 11:47:28 pluton.matrox.com slapd[10166]: conn=0 op=0 RESULT err=0 tag=97 nentries=0
Jul 21 11:47:28 pluton.matrox.com slapd[10166]: conn=0 op=1 SRCH base="LOCATION=DORVAL,O=MATROX,C=CA" scope=2 filter="( | (cn=*MARK*)(SN=*MARK*)(GN=*MARK*)(GIVENNAME=*MARK*))"
Jul 21 11:47:32 pluton.matrox.com slapd[10166]: conn=0 op=1 RESULT err=0 tag=101 nentries=0
Jul 21 11:47:32 pluton.matrox.com slapd[10166]: conn=0 op=3 UNBIND
Jul 21 11:47:32 pluton.matrox.com slapd[10166]: conn=0 op=3 fd=6 closed errno=0


(Log 2: "Mark" search with Netscape's Messager mai client)
Jul 21 11:57:25 pluton.matrox.com slapd[10166]: conn=1 fd=6 connection from dyn-2-30.matrox.com (192.168.2.180) accepted.
Jul 21 11:57:25 pluton.matrox.com slapd[10166]: conn=1 op=0 BIND dn="" method=128
Jul 21 11:57:25 pluton.matrox.com slapd[10166]: conn=1 op=0 RESULT err=0 tag=97 nentries=0
Jul 21 11:57:25 pluton.matrox.com slapd[10166]: conn=1 op=1 SRCH base="LOCATION=DORVAL,O=MATROX,C=CA" scope=2 filter="(mail=JNOVIELL, LOCATION=DORVAL, O=MATROX,C=CA)"
Jul 21 11:57:25 pluton.matrox.com slapd[10166]: conn=1 op=1 RESULT err=0 tag=101 nentries=0
Jul 21 11:57:28 pluton.matrox.com slapd[10166]: conn=1 op=2 UNBIND
Jul 21 11:57:28 pluton.matrox.com slapd[10166]: conn=1 op=2 fd=6 closed errno=0


-------------------------------------------------------------


My slapd.conf file is: ------------------------------------------------------------- include /etc/local/ldap/etc/openldap/slapd.at.conf

schemacheck     off
sizelimit       50

pidfile         /etc/local/ldap/etc/openldap/slapd.pid
argsfile        /etc/local/ldap/etc/openldap/slapd.args

#######################################################################
# ldbm database definitions
#######################################################################
database        ldbm
defaultaccess   read
suffix          "o=Matrox, c=CA"
suffix          "location=Dorval, o=Matrox, c=CA"
suffix          "location=Toronto, o=Matrox, c=CA"
suffix          "location=Boca, o=Matrox, c=CA"
index            username,sn,givenname,mail
directory       /etc/local/ldap/database

#ACL
access to attr=userpassword
 by * compare

access to *
 by group="cn=people_who_have_access,o=Matrox,c=CA" read
 by * none
-------------------------------------------------------------


My LDIF file looks like: ------------------------------------------------------------- dn: o=Matrox,c=CA objectclass: Organization

dn: location=Dorval, o=Matrox, c=CA
objectclass: Location

dn: location=Toronto, o=Matrox, c=CA
objectclass: Location

dn: location=Boca, o=Matrox, c=CA
objectclass: Location

dn: cn=people_who_have_access,o=Matrox,c=CA
objectclass: groupOfnames
objectclass: top
member: cn=jnoviell,location=Dorval,o=Matrox,c=CA

dn: cn=jnoviell, location=Dorval, o=Matrox,c=CA
objectclass: Person
username: jnoviell
cn: Joe Novielli
mail: jnoviell@matrox.com
location: Dorval
givenname: Joe
sn: Novielli
userPassword: {crypt}Wkl0FKoszYu7E
telephoneNumber: xxx-xxx-xxxx ext: zzz
status: Active User

dn: cn=jostiguy, location=Dorval, o=Matrox,c=CA
objectclass: Person
username: jostiguy
cn: John Ostiguy
mail: jostiguy@matrox.com
location: Dorval
givenname: John
sn: Ostiguy
userPassword: {crypt}r5thrF4z/n5JE
telephoneNumber: xxx-xxx-xxxx ext: zzz
status: Active User

etc...
-------------------------------------------------------------
The user name I am using is:  jnoviell, location=Dorval, o=Matrox,c=CA

Eudora does not give me an error message, just no results.
Netscape messager gives: "Mail id invalid or not unique, cannot resolve to directory authorization entry"


Am I doing something wrong, any suggestions would be much appreciated.

Note: If I remove the ACL (and restart slapd of course) it works fine with no authentication.

Thanks in advance. Joe