[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bind but no succesful search



Hello

You should add a sasl-regexp directive in slapd.conf in order to have
root@dell translated into cn=root,dc=a1informatisering,dc=nl, or use
uid=root,cn=dell,cn=digest-md5,cn=auth in your ACL, instead of
cn=root,dc=a1informatisering,dc=nl

here, the authentication identity is root@dell, and regarding to your ACLs
it has no access to any entry
so you have to give it access, or translate it into another identity that
has access

regards,

Francois

----- Original Message -----
From: "Antoine Maartens" <antoinem@ision.nl>
To: <openldap-software@OpenLDAP.org>
Sent: Wednesday, April 23, 2003 12:28 PM
Subject: Bind but no succesful search


> Dear List,
>
> My problem:
> I can search my ldap database with ldapseach -x etc.
>
> I added sasl-md5 authentication (although by default my server prefers
> OTP for reason or another) and when I search the database,  the logfile
> responds with:
> \Apr 23 12:18:41 DELL slapd[28600]: conn=5 fd=9 ACCEPT from
> IP=10.7.0.3:33224 (IP=0.0.0.0:389)
> Apr 23 12:18:41 DELL slapd[28602]: conn=5 op=0 BIND dn="" method=163
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 op=1 BIND dn="" method=163
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 op=1 BIND authcid="root@dell"
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 op=1 BIND
> dn="uid=root,cn=dell,cn=digest-md5,cn=auth" mech=DIGEST-MD5 ssf=128
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 op=2 SRCH
> base="dc=a1informatisering,dc=nl" scope=2 filter="(objectClass=*)"
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 op=2 SRCH attr=base
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 op=2 SEARCH RESULT tag=101
> err=0 nentries=0 text=
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 op=3 UNBIND
> Apr 23 12:18:43 DELL slapd[28602]: conn=5 fd=9 closed
>
> I have the impression that binding to the database works.
>
> However I get no usuable responds back to my query:
> ldapsearch -U root@dell  -Y digest-md5 '(objectclass=*)' -b
> 'dc=a1informatisering,dc=nl'
>
> Here is my current slapd.conf:
> include         /usr/local/etc/openldap/schema/core.schema
> include         /usr/local/etc/openldap/schema/cosine.schema
> include         /usr/local/etc/openldap/schema/inetorgperson.schema
> include         /usr/local/etc/openldap/schema/misc.schema
> include         /usr/local/etc/openldap/schema/openldap.schema
>
> pidfile         /var/run/slapd.pid
> argsfile        /var/run/slapd.args
>
> access         to attr=userPassword
>                by self write
>                by anonymous auth
>                by dn="cn=root,dc=a1informatisering,dc=nl" write
>                by * none
>
> access         to attr=sn,cn
>                by peername=10.7.0.3 read
>                by * none
>
> access         to * access         to attr=sn,cn
>                by peername=10.7.0.3 read
>                by * none
>
> access         to *
>                by self write
>                by dn="cn=root,dc=a1informatisering,dc=nl" write
>                by anonymous read
> #
> # if no access controls are present, the default is:
>         Allow read by all
> #
> # rootdn can always write!
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> database        ldbm
> suffix          "dc=a1informatisering,dc=nl"
> rootdn          "cn=root,dc=a1informatisering,dc=nl"
> rootpw          {MD5}...... #replaced by dots for newsgroup posting
> directory       /var/lib/ldap
> index           cn,mail,surname,givenname eq,subinitial
>
> I seem to be lacking the brainpower to get this product going properly.
>
> Best regards,
>
> Antoine Maartens
>