[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAP user cannot login
Hi,
I'm moving an LDAP server from one system to another. Data I copied
using slapcat -l ldapdata; slapadd -c -q -l ldapdata on new system, then
start ldap. But I can't log in as an ordinary user. I've tried resetting
the user password using JXplorer, but no luck.
Can anyone spot something wrong in what I'm trying to do? Suggestions
appreciated.
thanks in advance, Dick
slapd.conf contains
access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk" attrs=userPassword
by anonymous auth
by self write
by dn.exact="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
by dn.exact="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read
slapd -d acl gives at startup
(#) $OpenLDAP: slapd 2.3.43 (Jan 21 2009 03:59:37) $
mockbuild@builder10.centos.org:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd
Backend ACL: access to attrs=SambaLMPassword,SambaNTPassword
by dn.base="cn=manager,dc=nerc-sf,dc=ac,dc=uk" write
by * none
Backend ACL: access to dn.base=""
by * read
Backend ACL: access to dn.base="cn=subschema"
by * read
Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
attrs=userPassword
by anonymous auth
by self write
by dn.base="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
by dn.base="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read
Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
attrs=userPassword,sambaLMPassword,sambaNTPassword
by anonymous auth
by self write
by dn.base="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
by dn.base="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read
Backend ACL: access to dn.subtree="ou=admins,dc=nerc-sf,dc=ac,dc=uk"
by dn.regex="cn=[^,]+,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
by anonymous auth
Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
by peername.ip="192.171.172.0%255.255.255.0" read
by peername.ip="192.171.159.192%255.255.255.192" read
by peername.ip="127.0.0.1" read
=> bdb_entry_get: found entry: "dc=nerc-sf,dc=ac,dc=uk"
=> access_allowed: search access to
"uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk" "entryCSN" requested
<= root access granted
slapd starting
When I try to login, slapd gives
=> access_allowed: read access to
"uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk" "userPassword" requested
=> dn: [1] dc=nerc-sf,dc=ac,dc=uk
=> acl_get: [1] matched
=> acl_get: [1] attr userPassword
access_allowed: no res from state (userPassword)
=> acl_mask: access to entry
"uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk", attr "userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: anonymous
<= acl_mask: [1] applying auth(=xd) (stop)
<= acl_mask: [1] mask: auth(=xd)
=> access_allowed: read access denied by auth(=xd)
send_search_entry: conn 1 access to attribute userPassword, value #0 not
allowed
--
Richard Gillman
ITC UNIX Systems Group, Maclean Building, Wallingford OX10 8BB
Tel: 01491 - 692 339
Fax: 01491 - 692 424