[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with Roaming access



Hello,

I'm new on the list, I haven't found in the archive the solution of my
problem.

I'm trying to setup roaming access with OpenLDAP. I'm using Mandrake 8.2

with  mandrake openldap 2.0.21 packages, PAM LDAP and NSS LDAP are used
on my system and work very well for  user authentification on my small
network. As netscape user on a ldap client PC with mandrake 8.1, I can't

bind to the database. Here are some informations on my ldap
configuration

My slapd.conf on my obelix server

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20
23:32:43 kurt Exp $

include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/java.schema
include /usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema

pidfile         /var/run/ldap/slapd.pid
argsfile        /var/run/ldap/slapd.args

modulepath      /usr/lib/openldap

lastmod on
loglevel 256

database        ldbm
suffix          "dc=kervao,dc=fr"
rootdn          "cn=Manager,dc=kervao,dc=fr"
rootpw          secret

directory       /var/lib/ldap

index   objectClass,uid,uidNumber,gidNumber     eq
index   cn,mail,surname,givenname

# Basic ACL
defaultaccess read

access to attr=userPassword
        by self write
        by anonymous auth
        by dn="cn=Manager,dc=kervao,dc=fr" write
        by * none

access to *
        by dn="cn=Manager,dc=kervao,dc=fr" write
        by * read

access to * by * search


Some informations in my database

ldapsearch -x -D "cn=Manager, dc=kervao, dc=fr" -w secret  -b
"dc=kervao,dc=fr"

version: 2

#
# filter: (objectclass=*)
# requesting: ALL
#

# kervao, fr
dn: dc=kervao, dc=fr
objectClass: dcObject
objectClass: organization
dc: kervao.fr
o: kervao.fr

# Group, kervao, fr
dn: ou=Group,dc=kervao,dc=fr
ou: Group
objectClass: top
objectClass: organizationalUnit
description: users groups

# People, kervao, fr
dn: ou=People,dc=kervao,dc=fr
ou: People
objectClass: top
objectClass: organizationalUnit
description: system users

# olivier, People, kervao, fr
dn: uid=olivier,ou=People,dc=kervao,dc=fr
uid: olivier
cn: olivier
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJDc2V67MSDhaJEs4cmRVUFJtHv9pT05aUW02aFY0cS4=
shadowLastChange: 11858
shadowMax: 99999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 1081428222
loginShell: /bin/bash
uidNumber: 5001
gidNumber: 5000
homeDirectory: /home/olivier

# hoarau, Group, kervao, fr
dn: cn=hoarau,ou=Group,dc=kervao,dc=fr
objectClass: posixGroup
objectClass: top
cn: hoarau
gidNumber: 5000
memberUid: olivier

# Roaming, kervao, fr
dn: ou=Roaming,dc=kervao,dc=fr
ou: Roaming
objectClass: top
objectClass: organizationalUnit
description: Roaming users

# olivier, Roaming, kervao, fr
dn: nsLIProfileName=olivier,ou=Roaming,dc=kervao,dc=fr
nsLIProfileName: olivier
owner: uid=olivier,ou=People,dc=kervao,dc=fr
objectClass: top
objectClass: nsLIProfile


Netscape setup

LDAP URL:
ldap://obelix/nsLIProfileName=olivier,ou=Roaming,dc=kervao,dc=fr
User DN: uid=olivier,ou=People,dc=kervao,dc=fr

I have an authenfication error

Here is the message log

Jul  6 00:28:19 obelix slapd[4534]: daemon: conn=1 fd=9 connection from
IP=192.168.26.75:33333 (IP=0.0.0.0:34049) accepted.
Jul  6 00:28:19 obelix slapd[4541]: conn=1 op=0 BIND
dn="UID=OLIVIER,OU=PEOPLE,DC=KERVAO,DC=FR" method=128
Jul  6 00:28:19 obelix slapd[4541]: conn=1 op=0 RESULT tag=97 err=49
text=
Jul  6 00:28:19 obelix slapd[4542]: conn=1 op=1 UNBIND
Jul  6 00:28:19 obelix slapd[4542]: conn=-1 fd=9 closed

If I change the User DN: cn=Manager, dc=Kervao, dc=fr it works but I
don't want to be Manager to bind to the database.

Any idea to solve my problem ?

Olivier

--
________________________________
FUNIX - http://www.funix.org
Mettez un pingouin dans votre PC