[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: confusion...
--On Friday, December 31, 2004 12:19 PM -0700 Craig White
<craigwhite@azapple.com> wrote:
Trying to log in via ssh on new 2.2.19 installation, I get authenticated
and dropped. This worked in 2.0.27 and I'm not certain how to fix these
things showing in the log...
Dec 31 12:12:29 srv1 slapd[7192]: conn=2 op=2 SRCH
base="ou=Group,dc=tobyhouse,dc=com" scope=1 deref=0 filter="(&
(objectClass=posixGroup)(|
(memberUid=craig)(uniqueMember=uid=craig,ou=people,dc=tobyhouse,dc=com)))"
Dec 31 12:12:29 srv1 slapd[7192]: conn=2 op=2 SRCH attr=cn userPassword
memberUid uniqueMember gidNumber
Dec 31 12:12:29 srv1 slapd[7192]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18)
Dec 31 12:12:29 srv1 slapd[7192]: conn=2 op=2 SEARCH RESULT tag=101
err=0 nentries=13 text=
Dec 31 12:12:29 srv1 slapd[7192]: conn=2 op=3 UNBIND
Dec 31 12:12:29 srv1 slapd[7192]: conn=2 fd=14 closed
Dec 31 12:12:29 srv1 slapd[7192]: conn=3 fd=14 ACCEPT from
IP=127.0.0.1:41904 (IP=0.0.0.0:389)
Dec 31 12:12:29 srv1 slapd[7192]: conn=3 op=0 BIND
dn="dc=tobyhouse,dc=com" method=128
Dec 31 12:12:29 srv1 slapd[7192]: conn=3 op=0 RESULT tag=97 err=53
text=unauthenticated bind (DN with no password) disallowed
Dec 31 12:12:29 srv1 slapd[7192]: conn=3 op=1 UNBIND
1 - I don't have an index for uniqueMember...is that something that I
need?
It likely would help things.
2- Unauthenticated bind (DN with no password) disallowed - I gather that
is something that I got away with the RHEL/2.0.27 Is this a padl
software issue with my configuration?
From slapd.conf:
allow <features>
Specify a set of features (separated by white space) to
allow (default none). bind_v2 allows acceptance of
LDAPv2 bind requests. Note that slapd(8) does not
truly implement LDAPv2 (RFC 1777), now Historic (RFC
3494). bind_anon_cred allows anonymous bind when
credentials are not empty (e.g. when DN is empty).
bind_anon_dn allows unauthenticated (anonymous) bind
when DN is not empty. update_anon allow unauthenti-
cated (anonymous) update operations to be processed
(subject to access controls and other administrative
limits).
add "allow bind_anon_dn" to your slapd.conf file.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin