[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP user cannot login

To: openldap-technical@openldap.org
Subject: LDAP user cannot login
From: Richard Gillman <R.Gillman@nerc.ac.uk>
Date: Wed, 01 Jul 2009 11:05:16 +0100
User-agent: Thunderbird 2.0.0.21 (X11/20090311)

Hi,

I'm moving an LDAP server from one system to another. Data I copiedusing slapcat -l ldapdata; slapadd -c -q -l ldapdata on new system, thenstart ldap. But I can't log in as an ordinary user. I've tried resettingthe user password using JXplorer, but no luck.

Can anyone spot something wrong in what I'm trying to do? Suggestionsappreciated.


thanks in advance, Dick

slapd.conf contains

access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk" attrs=userPassword
by anonymous auth
by self write
by dn.exact="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
by dn.exact="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read


slapd -d acl gives at startup

(#) $OpenLDAP: slapd 2.3.43 (Jan 21 2009 03:59:37) $

mockbuild@builder10.centos.org:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd

Backend ACL: access to attrs=SambaLMPassword,SambaNTPassword
       by dn.base="cn=manager,dc=nerc-sf,dc=ac,dc=uk" write
       by * none

Backend ACL: access to dn.base=""
       by * read

Backend ACL: access to dn.base="cn=subschema"
       by * read

Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
attrs=userPassword
       by anonymous auth
       by self write
       by dn.base="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
       by dn.base="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read

Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
attrs=userPassword,sambaLMPassword,sambaNTPassword
       by anonymous auth
       by self write
       by dn.base="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
       by dn.base="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read

Backend ACL: access to dn.subtree="ou=admins,dc=nerc-sf,dc=ac,dc=uk"
       by dn.regex="cn=[^,]+,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
       by anonymous auth

Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
       by peername.ip="192.171.172.0%255.255.255.0" read
       by peername.ip="192.171.159.192%255.255.255.192" read
       by peername.ip="127.0.0.1" read

=> bdb_entry_get: found entry: "dc=nerc-sf,dc=ac,dc=uk"

=> access_allowed: search access to"uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk" "entryCSN" requested

<= root access granted
slapd starting

When I try to login, slapd gives

=> access_allowed: read access to"uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk" "userPassword" requested

=> dn: [1] dc=nerc-sf,dc=ac,dc=uk
=> acl_get: [1] matched
=> acl_get: [1] attr userPassword
access_allowed: no res from state (userPassword)

=> acl_mask: access to entry"uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk", attr "userPassword" requested

=> acl_mask: to value by "", (=0)
<= check a_dn_pat: anonymous
<= acl_mask: [1] applying auth(=xd) (stop)
<= acl_mask: [1] mask: auth(=xd)
=> access_allowed: read access denied by auth(=xd)

send_search_entry: conn 1 access to attribute userPassword, value #0 notallowed



--
Richard Gillman
ITC UNIX Systems Group, Maclean Building, Wallingford OX10 8BB
Tel: 01491 - 692 339
Fax: 01491 - 692 424

Prev by Date: Re: db_archive: DB_ENV->log_archive: DB_NOTFOUND: No matching key/data pair found
Next by Date: RE: db_archive: DB_ENV->log_archive: DB_NOTFOUND: No matching key/data pair found
Index(es):
- Chronological
- Thread