[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Anonymously binding despite '-U ....' to ldapsearch
- To: openldap-software@OpenLDAP.org
- Subject: Anonymously binding despite '-U ....' to ldapsearch
- From: Turbo Fredriksson <turbo@bayour.com>
- Date: 26 Feb 2003 17:23:38 +0100
- Organization: LDAP/Kerberos expert wannabe
- User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
I don't seem to be able to view 'secret' information in my
new system. Object 'cn=admin' should have a userPassword entry,
but I can't see it (exept from 'slapcat')...
----- s n i p -----
[majorskan.pts/2]$ ldapsearch -U turbo -LLL cn=admin userPassword
SASL/GSSAPI authentication started
SASL username: turbo@BAYOUR.COM
SASL SSF: 56
SASL installing layers
dn: cn=admin,dc=bayour,dc=com
----- s n i p -----
Running slapd with '-d -1' shows:
----- s n i p -----
majorskan:~# egrep 'BIND dn|_sasl_bind' /tmp/slapd-1.out
do_sasl_bind: dn () mech GSSAPI
conn=0 op=1 BIND dn="" method=163
<== slap_sasl_bind: rc=14
do_sasl_bind: dn () mech GSSAPI
conn=0 op=2 BIND dn="" method=163
<== slap_sasl_bind: rc=14
do_sasl_bind: dn () mech GSSAPI
conn=0 op=3 BIND dn="" method=163
<== slap_sasl_bind: rc=0
----- s n i p -----
Where's the DN!? I bind anonymously, why? I know that 2.1 of OpenLDAP
is quite different, but I've looked through the mailarchive, but can't
seem to find anything special...
Softwares:
OpenLDAP v2.1.12
Cyrus SASL v2.1.12
Berkeley DB v4.1.25
Supported SASL Mechanisms:
----- s n i p -----
[majorskan.pts/2]$ ldapsearch -h localhost -x -b "" -s base -LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
----- s n i p -----
ACLs:
----- s n i p -----
access to attribute=userPassword
by dn="cn=admin,dc=bayour,dc=com" write
by dn="uid=turbo\\+realm=BAYOUR.COM" write
by anonymous auth
by self write
by * none
access to *
by dn="cn=admin,dc=bayour,dc=com" write
by dn="uid=turbo\\+realm=BAYOUR.COM" write
by * read
----- s n i p -----
Kerberos ticket:
----- s n i p -----
[majorskan.pts/2]$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: turbo@BAYOUR.COM
Valid starting Expires Service principal
02/26/03 16:24:58 02/27/03 02:24:56 krbtgt/BAYOUR.COM@BAYOUR.COM
02/26/03 16:25:00 02/27/03 02:24:56 ldap/majorskan.bayour.com@BAYOUR.COM
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
----- s n i p -----