[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Binding Problems with authentication
Greetings All,
I have Openldap 1.2.2 running on Solaris 5.6
The server doesn't seem to bind DN's for authentication (I tried Netscape,
Eudora email clients).
Perhaps I'm doing something wrong??
Here is what my log file says (I give to 2 log examples using: Eudora,
Netscape mail clients - Latest versions)
--------------------------------------------------------
(Log 1: "Mark" search with Eudora):
Jul 21 11:47:28 pluton.matrox.com slapd[10166]: conn=0 fd=6 connection from
dyn-2-30.matrox.com (192.168.2.180) accepted.
Jul 21 11:47:28 pluton.matrox.com slapd[10166]: conn=0 op=0 BIND dn=""
method=128
Jul 21 11:47:28 pluton.matrox.com slapd[10166]: conn=0 op=0 RESULT err=0
tag=97 nentries=0
Jul 21 11:47:28 pluton.matrox.com slapd[10166]: conn=0 op=1 SRCH
base="LOCATION=DORVAL,O=MATROX,C=CA" scope=2 filter="( |
(cn=*MARK*)(SN=*MARK*)(GN=*MARK*)(GIVENNAME=*MARK*))"
Jul 21 11:47:32 pluton.matrox.com slapd[10166]: conn=0 op=1 RESULT err=0
tag=101 nentries=0
Jul 21 11:47:32 pluton.matrox.com slapd[10166]: conn=0 op=3 UNBIND
Jul 21 11:47:32 pluton.matrox.com slapd[10166]: conn=0 op=3 fd=6 closed errno=0
(Log 2: "Mark" search with Netscape's Messager mai client)
Jul 21 11:57:25 pluton.matrox.com slapd[10166]: conn=1 fd=6 connection from
dyn-2-30.matrox.com (192.168.2.180) accepted.
Jul 21 11:57:25 pluton.matrox.com slapd[10166]: conn=1 op=0 BIND dn=""
method=128
Jul 21 11:57:25 pluton.matrox.com slapd[10166]: conn=1 op=0 RESULT err=0
tag=97 nentries=0
Jul 21 11:57:25 pluton.matrox.com slapd[10166]: conn=1 op=1 SRCH
base="LOCATION=DORVAL,O=MATROX,C=CA" scope=2 filter="(mail=JNOVIELL,
LOCATION=DORVAL, O=MATROX,C=CA)"
Jul 21 11:57:25 pluton.matrox.com slapd[10166]: conn=1 op=1 RESULT err=0
tag=101 nentries=0
Jul 21 11:57:28 pluton.matrox.com slapd[10166]: conn=1 op=2 UNBIND
Jul 21 11:57:28 pluton.matrox.com slapd[10166]: conn=1 op=2 fd=6 closed errno=0
-------------------------------------------------------------
My slapd.conf file is:
-------------------------------------------------------------
include /etc/local/ldap/etc/openldap/slapd.at.conf
schemacheck off
sizelimit 50
pidfile /etc/local/ldap/etc/openldap/slapd.pid
argsfile /etc/local/ldap/etc/openldap/slapd.args
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
defaultaccess read
suffix "o=Matrox, c=CA"
suffix "location=Dorval, o=Matrox, c=CA"
suffix "location=Toronto, o=Matrox, c=CA"
suffix "location=Boca, o=Matrox, c=CA"
index username,sn,givenname,mail
directory /etc/local/ldap/database
#ACL
access to attr=userpassword
by * compare
access to *
by group="cn=people_who_have_access,o=Matrox,c=CA" read
by * none
-------------------------------------------------------------
My LDIF file looks like:
-------------------------------------------------------------
dn: o=Matrox,c=CA
objectclass: Organization
dn: location=Dorval, o=Matrox, c=CA
objectclass: Location
dn: location=Toronto, o=Matrox, c=CA
objectclass: Location
dn: location=Boca, o=Matrox, c=CA
objectclass: Location
dn: cn=people_who_have_access,o=Matrox,c=CA
objectclass: groupOfnames
objectclass: top
member: cn=jnoviell,location=Dorval,o=Matrox,c=CA
dn: cn=jnoviell, location=Dorval, o=Matrox,c=CA
objectclass: Person
username: jnoviell
cn: Joe Novielli
mail: jnoviell@matrox.com
location: Dorval
givenname: Joe
sn: Novielli
userPassword: {crypt}Wkl0FKoszYu7E
telephoneNumber: xxx-xxx-xxxx ext: zzz
status: Active User
dn: cn=jostiguy, location=Dorval, o=Matrox,c=CA
objectclass: Person
username: jostiguy
cn: John Ostiguy
mail: jostiguy@matrox.com
location: Dorval
givenname: John
sn: Ostiguy
userPassword: {crypt}r5thrF4z/n5JE
telephoneNumber: xxx-xxx-xxxx ext: zzz
status: Active User
etc...
-------------------------------------------------------------
The user name I am using is: jnoviell, location=Dorval, o=Matrox,c=CA
Eudora does not give me an error message, just no results.
Netscape messager gives: "Mail id invalid or not unique, cannot resolve to
directory authorization entry"
Am I doing something wrong, any suggestions would be much appreciated.
Note: If I remove the ACL (and restart slapd of course) it works fine with
no authentication.
Thanks in advance. Joe