[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Authentication
For now add the following to the end of your ACL list:
access to * by * read
See the Admin Guide for info on defining more specific access controls:
http://www.openldap.org/doc/admin/slapdconfig.html#Access Control
> -----Original Message-----
> From: Robert Harris [mailto:rharris@raindance.com]
> Sent: Wednesday, September 05, 2001 4:33 PM
> To: 'oberwetter, josh'
> Subject: RE: Authentication
>
> # Save the time that the entry gets modified
> lastmod on
>
> # By default, only read access is allowed
> defaultaccess read
>
> # The admin dn has full write access
> access to * by dn="cn=manager,dc=raindance,dc=com" write
>
> > -----Original Message-----
> > From: oberwetter, josh [mailto:joberwetter@grownetwork.com]
> > Sent: Wednesday, September 05, 2001 2:35 PM
> > To: 'Robert Harris'
> > Subject: RE: Authentication
> >
> >
> > It looks like an ACL problem. What are your ACLs? Just paste
> > them in from
> > you slapd.conf file.
> >
> > > -----Original Message-----
> > > From: Robert Harris [mailto:rharris@raindance.com]
> > > Sent: Wednesday, September 05, 2001 4:21 PM
> > > To: Openldap-Software (E-mail)
> > > Subject: Authentication
> > >
> > > Ok, I nuked my config and server built the latest stable 2.0
> > > server cleaned
> > > up slapd.conf and imported a base company, makes more sense.
> > >
> > > I tried to login again and get this on my clietns auth.log:
> > > Sep 5 13:27:26 spirit login[3867]: pam_ldap: ldap_simple_bind_s
> > > Insufficient access
> > > Sep 5 13:27:26 spirit PAM_unix[3867]: check pass; user unknown
> > > Sep 5 13:27:26 spirit PAM_unix[3867]: authentication
> > > failure; LOGIN(uid=0)
> > > -> rharris for login service
> > > Sep 5 13:27:29 spirit login[3867]: FAILED LOGIN (1) on `tty1' FOR
> > > `UNKNOWN', Authentication service cannot retrieve
> > authentication info.
> > >
> > > in my debug log on my ldap server I see this:
> > >
> > > Sep 5 13:30:10 ghost slapd[27683]: => access_allowed: auth
> > access to
> > > "uid=rharris,ou=people,dc=raindance,dc=com" "userPassword"
> > requested
> > > Sep 5 13:30:10 ghost slapd[27683]: => acl_get: [1] check
> > > attr userPassword
> > > Sep 5 13:30:10 ghost slapd[27683]: <= acl_get: [1] acl
> > > uid=rharris,ou=people,dc=raindance,dc=com attr: userPassword
> > > Sep 5 13:30:10 ghost slapd[27683]: => acl_mask: access to entry
> > > "uid=rharris,ou=people,dc=raindance,dc=com", attr
> > > "userPassword" requested
> > > Sep 5 13:30:10 ghost slapd[27683]: => acl_mask: to all
> > > values by "", (=n)
> > > Sep 5 13:30:10 ghost slapd[27683]: <= check a_dn_pat:
> > > cn=manager,dc=raindance,dc=com
> > > Sep 5 13:30:10 ghost slapd[27683]: <= acl_mask: no more
> > > <who> clauses,
> > > returning =n (stop)
> > > Sep 5 13:30:10 ghost slapd[27683]: => access_allowed: auth
> > > access denied by
> > > =n
> > >
> > > Of course denied.
> > >
> > > Thoughts?
> > >
> >
>