[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problem with Roaming access
Hello,
I'm new on the list, I haven't found in the archive the solution of my
problem.
I'm trying to setup roaming access with OpenLDAP. I'm using Mandrake 8.2
with mandrake openldap 2.0.21 packages, PAM LDAP and NSS LDAP are used
on my system and work very well for user authentification on my small
network. As netscape user on a ldap client PC with mandrake 8.1, I can't
bind to the database. Here are some informations on my ldap
configuration
My slapd.conf on my obelix server
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20
23:32:43 kurt Exp $
include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/java.schema
include /usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
pidfile /var/run/ldap/slapd.pid
argsfile /var/run/ldap/slapd.args
modulepath /usr/lib/openldap
lastmod on
loglevel 256
database ldbm
suffix "dc=kervao,dc=fr"
rootdn "cn=Manager,dc=kervao,dc=fr"
rootpw secret
directory /var/lib/ldap
index objectClass,uid,uidNumber,gidNumber eq
index cn,mail,surname,givenname
# Basic ACL
defaultaccess read
access to attr=userPassword
by self write
by anonymous auth
by dn="cn=Manager,dc=kervao,dc=fr" write
by * none
access to *
by dn="cn=Manager,dc=kervao,dc=fr" write
by * read
access to * by * search
Some informations in my database
ldapsearch -x -D "cn=Manager, dc=kervao, dc=fr" -w secret -b
"dc=kervao,dc=fr"
version: 2
#
# filter: (objectclass=*)
# requesting: ALL
#
# kervao, fr
dn: dc=kervao, dc=fr
objectClass: dcObject
objectClass: organization
dc: kervao.fr
o: kervao.fr
# Group, kervao, fr
dn: ou=Group,dc=kervao,dc=fr
ou: Group
objectClass: top
objectClass: organizationalUnit
description: users groups
# People, kervao, fr
dn: ou=People,dc=kervao,dc=fr
ou: People
objectClass: top
objectClass: organizationalUnit
description: system users
# olivier, People, kervao, fr
dn: uid=olivier,ou=People,dc=kervao,dc=fr
uid: olivier
cn: olivier
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJDc2V67MSDhaJEs4cmRVUFJtHv9pT05aUW02aFY0cS4=
shadowLastChange: 11858
shadowMax: 99999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 1081428222
loginShell: /bin/bash
uidNumber: 5001
gidNumber: 5000
homeDirectory: /home/olivier
# hoarau, Group, kervao, fr
dn: cn=hoarau,ou=Group,dc=kervao,dc=fr
objectClass: posixGroup
objectClass: top
cn: hoarau
gidNumber: 5000
memberUid: olivier
# Roaming, kervao, fr
dn: ou=Roaming,dc=kervao,dc=fr
ou: Roaming
objectClass: top
objectClass: organizationalUnit
description: Roaming users
# olivier, Roaming, kervao, fr
dn: nsLIProfileName=olivier,ou=Roaming,dc=kervao,dc=fr
nsLIProfileName: olivier
owner: uid=olivier,ou=People,dc=kervao,dc=fr
objectClass: top
objectClass: nsLIProfile
Netscape setup
LDAP URL:
ldap://obelix/nsLIProfileName=olivier,ou=Roaming,dc=kervao,dc=fr
User DN: uid=olivier,ou=People,dc=kervao,dc=fr
I have an authenfication error
Here is the message log
Jul 6 00:28:19 obelix slapd[4534]: daemon: conn=1 fd=9 connection from
IP=192.168.26.75:33333 (IP=0.0.0.0:34049) accepted.
Jul 6 00:28:19 obelix slapd[4541]: conn=1 op=0 BIND
dn="UID=OLIVIER,OU=PEOPLE,DC=KERVAO,DC=FR" method=128
Jul 6 00:28:19 obelix slapd[4541]: conn=1 op=0 RESULT tag=97 err=49
text=
Jul 6 00:28:19 obelix slapd[4542]: conn=1 op=1 UNBIND
Jul 6 00:28:19 obelix slapd[4542]: conn=-1 fd=9 closed
If I change the User DN: cn=Manager, dc=Kervao, dc=fr it works but I
don't want to be Manager to bind to the database.
Any idea to solve my problem ?
Olivier
--
________________________________
FUNIX - http://www.funix.org
Mettez un pingouin dans votre PC