[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: What's the magic to allowing version 2 binds?
> Yes.. thats a cut and paste from my slapd.conf file.
> I'll check on that man page..
>
> Terrelle
>
> On 25-Nov-2002 Pierangelo Masarati wrote:
>>
>>> Ok, I have installed openldap 2.1.8 running on a linux box at kernel
>>> version 2.4.18 (slackware to be precise)
>>> I'm running bdb:
>>>
>>> Nov 24 21:04:59 belgarath slapd[6129]: bdb_open: Sleepycat Software:
>>> Berkeley DB 4.1.24: (September 13, 2002)
>>> Nov 24 21:04:59 belgarath slapd[6129]: bdb_db_init: Initializing BDB
>>> database Nov 24 21:04:59 belgarath slapd[6129]: slapd starting
>>>
>>> Here is the relavent areas of my slapd.conf file:
>>>
>>> # Sample access control policy:
>>> allow bind_v2
>>
>> Are you sure you added the above reported line to slapd.conf?
I mean: this is correct, you need this with v2 clients
>>
>>> Allow read access of root DSE
>>> Allow self write access
>>> Allow authenticated users read access
>>> Allow anonymous users to authenticate
>>
>> Did you really add the above reported lines to slapd.conf?
This is NOT correct (to my knowledge)
>>
>>> # Directives needed to implement policy:
>>> access to dn.base="" by * read
>>> access to *
>>> by self write
>>> by users read
>>> by anonymous auth
>>> #
>>> # if no access controls are present, the default policy is:
>>> # Allow read by all
>>> #
>>> # rootdn can always write!
>>>
>>> I can connect just fine using GQ and LDAP browswer/editor v2.8.2
>>> using ldap v3. Using the Ldap browser/editor in ldap v2 mode and i
>>> can't connect and get this in the logs (as well as other "ldap aware"
>>> clients that are using ldap v2 protocal):
>>>
>>> Nov 24 21:05:11 belgarath slapd[6129]: daemon: conn=0 fd=10
>>> connection from IP=192.168.0.3:3621 (IP=0.0.0.0:389) accepted.
>>> Nov 24 21:05:11 belgarath slapd[6129]: conn=0 op=0 BIND dn=""
>>> method=128
>>> Nov 24 21:05:11 belgarath slapd[6129]: conn=0 op=0 RESULT tag=97
>>> err=2
>>> text=requested protocol version not allowed
This LDAP_PROTOCOL_ERROR occurs when you DON't SET "allow bind_v2";
this is why I'm asking ...
>>> Nov 24 21:05:11 belgarath slapd[6129]: conn=0 fd=10 closed
>>
>> Then, if your clients are SO hosed, all you can try is:
>> read slapd.conf(5) )(the one that comes with 2.1.8, not
>> earlier ones) and play with other "allow" directives.
There are other directives allowing empty/non empty DN/cred,
but I don't think this is the case.
Be sure the "allow bind_v2" directive is present (e.g.:
[prompt]$ slapd -d -1 2>&1 | grep allow
line 14 (allow bind_v2)
Pierangelo.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it