Hi everyone,
I'm using openldap-2.4.8 and
cyrus-sasl-2.1.22. I've enabled password policy in my OpenLdap Server
and I've seen that when I authenticate myself using SASL DIGEST-MD5 I
can make any searches even if my account is locked.
In fact I have the following results:
./ldapsearch -b
'uid=apatrissi,ou=people,dc=my-domain,dc=com' -D
'uid=apatrissi,ou=people,dc=my-domain,dc=com' -x -W -e ppolicy
'(objectClass=*)'
Enter LDAP Password: ldap_bind: Invalid credentials (49); Account locked ./ldapsearch -b 'uid=apatrissi,ou=people,dc=my-domain,dc=com' -W -Y DIGEST-MD5 -U apatrissi '(objectClass=*)' DIGEST-MD5 -U apatrissi '(objectClass=*)' Enter LDAP Password: SASL/DIGEST-MD5 authentication started SASL username: apatrissi SASL SSF: 128 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <uid=apatrissi,ou=people,dc=my-domain,dc=com> with scope subtree # filter: (objectClass=*) # requesting: ALL # # apatrissi, people, my-domain.com
dn: uid=apatrissi,ou=people,dc=my-domain,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson ou: people cn: Alessandro Patrissi givenName: Alessandro sn: Patrissi uid: apatrissi userPassword:: YWxleA== mail: alessandro.patrissi@commprove.com telephoneNumber: +0039 description: test LDAP # search result
search: 3 result: 0 Success # numResponses: 2
# numEntries: 1 Where I can look to solve the problem?
Thanks a lot,
Alessandro Patrissi
|