[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Can't authenticate with this ACL
I'm using OpenLDAP 2.0.23 on SuSE Linux 8 to authenticate unix and
samba users. If I use this ACL, users are unable to authenticate:
"access to *
by self write
by dn="cn=Manager,dc=bus,dc=okstate,dc=edu" write
by users read
by anonymous auth"
If I change anonymous to read access, they can authenticate. It
fails with anonymous search access also. The log reports errors such
as:
"
Jun 28 12:46:18 morrigan slapd[9453]: => acl_mask: to value by "", (=n)
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: self
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat:
cn=Manager,dc=bus,dc=okstate,dc=edu
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: users
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: anonymous
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_mask: [4] applying auth
(=x) (stop)
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_mask: [4] mask: auth (=x)
Jun 28 12:46:18 morrigan slapd[9453]: => access_allowed: search access
denied by auth (=x)
Jun 28 12:46:18 morrigan slapd[9453]: => access_allowed: search access
to "uid=bogus,dc=bus,dc=okstate,dc=edu" "objectClass" requested
Jun 28 12:46:18 morrigan slapd[9453]: => acl_get: [1] check attr
objectClass
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_get: [1] acl
uid=bogus,dc=bus,dc=okstate,dc=edu attr: objectClass
Jun 28 12:46:18 morrigan slapd[9453]: => acl_mask: access to entry
"uid=bogus,dc=bus,dc=okstate,dc=edu", attr "objectClass" requested
Jun 28 12:46:18 morrigan slapd[9453]: => acl_mask: to value by "", (=n)
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: self
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat:
cn=Manager,dc=bus,dc=okstate,dc=edu
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: users
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: anonymous
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_mask: [4] applying auth
(=x) (stop)
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_mask: [4] mask: auth (=x)
Jun 28 12:46:18 morrigan slapd[9453]: => access_allowed: search access
denied by auth (=x)
Jun 28 12:46:18 morrigan slapd[9453]: => access_allowed: search access
to "uid=bogus,dc=bus,dc=okstate,dc=edu" "uid" requested
Jun 28 12:46:18 morrigan slapd[9453]: => acl_get: [1] check attr uid
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_get: [1] acl
uid=bogus,dc=bus,dc=okstate,dc=edu attr: uid
Jun 28 12:46:18 morrigan slapd[9453]: => acl_mask: access to entry
"uid=bogus,dc=bus,dc=okstate,dc=edu", attr "uid" requested
Jun 28 12:46:18 morrigan slapd[9453]: => acl_mask: to value by "", (=n)
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: self
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat:
cn=Manager,dc=bus,dc=okstate,dc=edu
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: users
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: anonymous
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_mask: [4] applying auth
(=x) (stop)
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_mask: [4] mask: auth (=x)
Jun 28 12:46:18 morrigan slapd[9453]: => access_allowed: search access
denied by auth (=x)"
Any ideas?
Thanks,
Jason Joines
Open Source = Open Minds
=====================