RE: iPlanet 4.1 and OpenLDAP 2.1.12

[Tony Earnshaw <tonni@billy.demon.nl>]

fre, 2003-03-14 kl. 03:25 skrev Mudry, Robert (N-aerotek):

> ====> bdb_cache_find_entry_id( 6719 )
> "uid=XXXXX,ou=People,dc=ddddd,dc=ccccc,dc
> =bbbbb,dc=aaaaa,dc=com" (found) (1 tries)
> => access_allowed: auth access to
> "uid=XXXXX,ou=People,dc=ddddd,dc=ccccc,dc=bbbbb
> ,dc=aaaaa,dc=com" "userPassword" requested
> => access_allowed: backend default auth access granted to ""
> send_ldap_result: conn=0 op=23 p=3
> send_ldap_result: err=49 matched="" text=""
> send_ldap_response: msgid=173 tag=97 err=49
> ber_flush: 15 bytes to sd 10
>   0000:  30 0d 02 02 00 ad 61 07  0a 01 31 04 00 04 00      0.....a...1....
> ldap_write: want=15, written=15
>   0000:  30 0d 02 02 00 ad 61 07  0a 01 31 04 00 04 00      0.....a...1....
> conn=0 op=23 RESULT tag=97 err=49 text=
> ====> bdb_cache_return_entry_r( 6719 ): returned (0)
> 
> This trace resulted from the client's request for user authentication
> information from slapd. Would it be possible for you to take a moment to
> explain what the various codes are implying about the tail end of this
> particular transaction, and how you believe a properly functioning client
> would interpret this information?

Augmenting Howard's explanation, it's telling you you're trying to do an
anonymous bind and without proper ACL permissions/authenticating trying
to read the userPassword attribute for uid=XXXXX.

Somewhere near the top of your Openldap slapd.access/conf ACL you should
allow anonymous authentication: "by anonymous auth". I suppose it might
help too, if there really were a dn:
"uid=XXXXX,ou=People,dc=ddddd,dc=ccccc,dc=bbbbb,dc=aaaaa,dc=com" with a
valid userPassword attribute.

Best,

Tony

-- 

Tony Earnshaw

247,035 lemmings can't be wrong ...
Ask the man from Framfjord

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl