[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Access Control
Howdy folks,
I am trying to get Solaris 9 to authenticate users through OpenLDAP. After
reading though the documentation at:
http://docs.sun.com/db/doc/806-4077/6jd6blbeo?a=view
I seem to have a debacle. The file "ldap_client_cred" contains the rootdn
and rootpw that should when looking up accounts. When a user
attempts to login, does the PAM LDAP module bind as the rootdn, anonymous
or the userid that the user passed to "login:?" I am also curious how to
interpret the logfile entries below [Exhibit A]. Is there a any docs on
how to interpret the diff logfile results? I am trying to figure out what
user binds to the directory, and why my ACLs are failing. I assume that
the "to value by ""\" means anonymous, but thought I would ask the gurus.
Thanks for any insight,
Matty
[Exhibit A]
<= bdb_equality_candidates: index_param failed (18)
=> access_allowed: search access to
"uid=testuser,ou=People,dc=test,dc=com" "objectClass" requested
=> dn: [1]
=> acl_get: [2] check attr objectClass
<= acl_get: [2] acl uid=testuser,ou=People,dc=test,dc=com attr:
objectClass
=> acl_mask: access to entry "uid=testuser,ou=People,dc=test,dc=com", attr
"objectClass" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth(=x) (stop)
<= acl_mask: [2] mask: auth(=x)
=> access_allowed: search access denied by auth(=x)
=> access_allowed: search access to
"uid=testuser,ou=People,dc=test,dc=com" "uid" requested
=> dn: [1]
=> acl_get: [2] check attr uid
<= acl_get: [2] acl uid=testuser,ou=People,dc=test,dc=com attr: uid
=> acl_mask: access to entry "uid=testuser,ou=People,dc=test,dc=com", attr
"uid" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth(=x) (stop)
<= acl_mask: [2] mask: auth(=x)
=> access_allowed: search access denied by auth(=x)
ber_flush: 14 bytes to sd 12
=> access_allowed: search access to "" "objectClass" requested
=> dn: [1]
=> acl_get: [1] matched
=> acl_get: [1] check attr objectClass
<= acl_get: [1] acl attr: objectClass
=> acl_mask: access to entry "", attr "objectClass" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: *
<= acl_mask: [1] applying read(=rscx) (stop)
<= acl_mask: [1] mask: read(=rscx)
=> access_allowed: search access granted by read(=rscx)
=> access_allowed: read access to "" "entry" requested
=> dn: [1]
=> acl_get: [1] matched
=> acl_get: [1] check attr entry
<= acl_get: [1] acl attr: entry
=> acl_mask: access to entry "", attr "entry" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: *
<= acl_mask: [1] applying read(=rscx) (stop)
<= acl_mask: [1] mask: read(=rscx)
=> access_allowed: read access granted by read(=rscx)
=> access_allowed: read access to "" "supportedControl" requested
=> dn: [1]
=> acl_get: [1] matched
=> acl_get: [1] check attr supportedControl
<= acl_get: [1] acl attr: supportedControl
=> acl_mask: access to entry "", attr "supportedControl" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: *
<= acl_mask: [1] applying read(=rscx) (stop)
<= acl_mask: [1] mask: read(=rscx)
=> access_allowed: read access granted by read(=rscx)
ber_flush: 107 bytes to sd 12
ber_flush: 14 bytes to sd 12
^Cslapd shutdown: waiting for 0 threads to terminate
slapd stopped.