[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Upgrading to 2.1.8 breaks binding
- To: <openldap-software@OpenLDAP.org>
- Subject: Upgrading to 2.1.8 breaks binding
- From: "Mike Denka" <mdenk@whidbey.net>
- Date: Fri, 1 Nov 2002 08:34:31 -0800
- Importance: Normal
- In-reply-to: <007f01c28130$9ebff9f0$72c9a8c0@whidbeytel.com>
Since I upgraded from 2.0.25 to 2.1.8 I can no longer bind from
authentication clients like radius to my openldap server. When I try,
the error reported in my ldap log file is:
Conn=3 op=0 RESULT tag=97 err=49 text=
It turns out that error 49, from ldap.h, means that the credentials are
invalid (LDAP_INVALID_CREDENTIALS). I know I'm using the correct
password of the entry I'm trying to bind as. I've also tried to bind as
that entry to read its own entry using ldapsearch. But version 2.1.8
won't allow me to bind as this (or any other except Manager and Admin)
entry. However, version 2.0.25 did. 2.1.8 will only allow me to bind
as cn=Manager,dc=example,dc=org or as cn=Admin,dc=example,dc=org. It
will not allow binding by any other entry in the database.
I'm using virtually the same config file, the only change being that
I've included "allow bind_v2" and I've changed ldbm to bdb as the
backend database (I also upgraded the Berkeley db to version 4).
My access list is as follows:
access to attr=userPassword
by self write
by anonymous auth
by dn="cn=Admin,dc=example,dc=org write
by * none
access to *
by self write
by dn="cn=Admin,dc=example,dc=org" write
by * read
Can anyone help me figure out what I need to do to recover the lost
functionality?
Thanks,
Mike