[Date Prev][Date Next] [Chronological] [Thread] [Top]

Can't authenticate with this ACL



     I'm using OpenLDAP 2.0.23 on SuSE Linux 8 to authenticate unix and 
samba users.  If I use this ACL, users are unable to authenticate:

"access to *
	by self write
	by dn="cn=Manager,dc=bus,dc=okstate,dc=edu" write
        by users read
	by anonymous auth"

     If I change anonymous to read access, they can authenticate.  It 
fails with anonymous search access also.  The log reports errors such 
as:

"

Jun 28 12:46:18 morrigan slapd[9453]: => acl_mask: to value by "", (=n)
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: self
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: 
cn=Manager,dc=bus,dc=okstate,dc=edu
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: users
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: anonymous
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_mask: [4] applying auth 
(=x) (stop)
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_mask: [4] mask: auth (=x)
Jun 28 12:46:18 morrigan slapd[9453]: => access_allowed: search access 
denied by auth (=x)
Jun 28 12:46:18 morrigan slapd[9453]: => access_allowed: search access 
to "uid=bogus,dc=bus,dc=okstate,dc=edu" "objectClass" requested
Jun 28 12:46:18 morrigan slapd[9453]: => acl_get: [1] check attr 
objectClass
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_get: [1] acl 
uid=bogus,dc=bus,dc=okstate,dc=edu attr: objectClass
Jun 28 12:46:18 morrigan slapd[9453]: => acl_mask: access to entry 
"uid=bogus,dc=bus,dc=okstate,dc=edu", attr "objectClass" requested
Jun 28 12:46:18 morrigan slapd[9453]: => acl_mask: to value by "", (=n)
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: self
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: 
cn=Manager,dc=bus,dc=okstate,dc=edu
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: users
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: anonymous
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_mask: [4] applying auth 
(=x) (stop)
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_mask: [4] mask: auth (=x)
Jun 28 12:46:18 morrigan slapd[9453]: => access_allowed: search access 
denied by auth (=x)
Jun 28 12:46:18 morrigan slapd[9453]: => access_allowed: search access 
to "uid=bogus,dc=bus,dc=okstate,dc=edu" "uid" requested
Jun 28 12:46:18 morrigan slapd[9453]: => acl_get: [1] check attr uid
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_get: [1] acl 
uid=bogus,dc=bus,dc=okstate,dc=edu attr: uid
Jun 28 12:46:18 morrigan slapd[9453]: => acl_mask: access to entry 
"uid=bogus,dc=bus,dc=okstate,dc=edu", attr "uid" requested
Jun 28 12:46:18 morrigan slapd[9453]: => acl_mask: to value by "", (=n)
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: self
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: 
cn=Manager,dc=bus,dc=okstate,dc=edu
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: users
Jun 28 12:46:18 morrigan slapd[9453]: <= check a_dn_pat: anonymous
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_mask: [4] applying auth 
(=x) (stop)
Jun 28 12:46:18 morrigan slapd[9453]: <= acl_mask: [4] mask: auth (=x)
Jun 28 12:46:18 morrigan slapd[9453]: => access_allowed: search access 
denied by auth (=x)"


     Any ideas?

Thanks,

Jason Joines
Open Source = Open Minds
=====================