[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: invalid credentials (49) for normal user
- To: openldap-technical@openldap.org
- Subject: Re: invalid credentials (49) for normal user
- From: rui <guideveloper@gmail.com>
- Date: Wed, 29 Dec 2010 14:52:39 +0000
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type:content-transfer-encoding; bh=wxqNlIUNcM0+ydAFI+U/bRl2MneopyRSlqOdBQXLSRA=; b=AHNCGg4avAjcwoBr8uBY0kdM8JS0AvxgyBhcpo089YH7XGkn2fAiBKtIy6n7xF5V2I QmFOW6/1qZ5q45PB9BD2T+YWe/MmNkqVOnUZcRyDPsicB+KvsBqfw79jApjoZdjYrlv7 2BmqhOeNok3xk8008Q+CJuJoEOEnKYaKlzurw=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=tnSCtmp94FzbZQ4rZ4Qzs8aSCTbsjQZZzcU/s49F3YUEfyCgRs0ju+Hz/vHFrLPsIj Ng485g44/NqJmP/WJHihopyKrSW9Y9tJhdVB+c2V8OD7NPLAyRQck5y2OOY4M4/jYp7l 14wNbx9T7walOFVMCEzKRS01Ydxg/DJOt5wtk=
Hi,
After running slapd with "-d 128" i have found lot of messages like this.
Can somebody point me to standard acl for users, i want to
authenticate for every user using ldap browser or c ldap api with
ldap_simple_bind with binddn
bindn=uid=rui,ou=People,o=m1,c=GB
###############################
Dec 29 14:13:53 m4mrh01 slapd: => acl_mask: access to entry
"cn=rui,ou=Group,o=m1,c=GB", attr "objectClass" requested
Dec 29 14:13:53 m4mrh01 slapd: => acl_mask: to value by "", (=n)
Dec 29 14:13:54 m4mrh01 slapd: <= acl_mask: no more <who> clauses,
returning =n (stop)
Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access denied by =n
Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access to
"cn=m4musers,ou=Group,o=m1,c=GB" "memberUid" requested
Dec 29 14:13:54 m4mrh01 slapd: => acl_get: [2] attr memberUid
Dec 29 14:13:54 m4mrh01 slapd: => acl_mask: access to entry
"cn=m4musers,ou=Group,o=m1,c=GB", attr "memberUid" requested
Dec 29 14:13:54 m4mrh01 slapd: => acl_mask: to value by "", (=n)
Dec 29 14:13:54 m4mrh01 slapd: <= acl_mask: no more <who> clauses,
returning =n (stop)
Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access denied by =n
Dec 29 14:18:04 m4mrh01 slapd: => access_allowed: auth access to
"uid=rui,ou=People,o=m1,c=GB" "userPassword" requested
Dec 29 14:18:04 m4mrh01 slapd: => acl_get: [1] attr userPassword
Dec 29 14:18:04 m4mrh01 slapd: => acl_mask: access to entry
"uid=rui,ou=People,o=m1,c=GB", attr "userPassword" requested
Dec 29 14:18:04 m4mrh01 slapd: => acl_mask: to all values by "", (=n)
Dec 29 14:18:04 m4mrh01 slapd: <= acl_mask: no more <who> clauses,
returning =n (stop)
Dec 29 14:18:04 m4mrh01 slapd: => access_allowed: auth access denied by =n
###############################
I have also changed slapd.conf slightly
#############################
access to attr=userPassword
by self write
by dn="uid=root,ou=People,o=M1,c=GB" write
by * read
access to *
by self write
by users read
by anonymous auth
###############################
Regards,
rui
> 1. invalid credentials (49) for normal user (rui)
> 2. Re: invalid credentials (49) for normal user (Dieter Kluenter)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 24 Dec 2010 10:32:03 +0000
> From: rui <guideveloper@gmail.com>
> To: openldap-technical@openldap.org
> Subject: invalid credentials (49) for normal user
> Message-ID:
> <AANLkTikbS2LTj4D-0WMBdJXzMeBMpb3qO2=Y4wzPLv0G@mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi,
>
> I have imported my passwd and groups file in ldap using
> migrate_all_online.sh script.
>
> I am able to simple bind to ldap using
> binddn= uid=root,ou=People,o=M1,c=GB but i can't seem to bind with any
> other user like rui etc with their linux password. Its says invalid
> credentials.
>
> I need to bind for authentication and then get all the primary and
> secondary groups of a user(how can i do that). Why am i having this
> problem - do i have to do something extra?
>
> When bound as root, if i do "memberUid=root" i get all the secondary
> groups but i want to do it for any user.
>
> I am using c ldap api at the moment.
>
>
> Here is my slapd.conf file:
> ##################################################
> # # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable. #
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/dyngroup.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/misc.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/openldap.schema
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
> database ldbm
> suffix "o=M1,c=GB"
> rootdn "uid=root,ou=People,o=M1,c=GB"
> rootpw abc123
> directory /var/lib/ldap
>
> # Indices to maintain
> index objectClass,uid,uidNumber,gidNumber eq
> index cn,mail,surname,givenname eq,subinitial
>
> # # ACLs #
> #access to dn="ou=People,o=M1,c=GB"
> #attr=userPassword
> #by self write
> #by dn="uid=root,ou=People,o=M1,c=GB" write
> #by * auth access to dn=".*,o=M1,c=GB" by self write
> #by dn="uid=root,ou=People,o=M1,c=GB" write
> #by * read access to dn=".*,o= M1,c=GB"
> #by * read defaultaccess read
>
> access to attr=userpassword
> by self write
> by dn="uid=root,ou=People,o=M1,c=GB" write
> by * read
>
> access to *
> by self write
> by dn=".+" read
> by * read
>
> ###############################################
>
> Regards,
> rui
>
>
> ------------------------------
>
> Message: 2
> Date: Sat, 25 Dec 2010 22:58:14 +0100
> From: "Dieter Kluenter" <dieter@dkluenter.de>
> To: openldap-technical@openldap.org
> Subject: Re: invalid credentials (49) for normal user
> Message-ID: <87d3op1pmx.fsf@rubin.avci.de>
> Content-Type: text/plain; charset=utf-8
>
> rui <guideveloper@gmail.com> writes:
>
>> Hi,
>>
>> I have imported my passwd and groups file in ldap using
>> migrate_all_online.sh script.
>>
>> I am able to simple bind to ldap using
>> binddn= uid=root,ou=People,o=M1,c=GB but i can't seem to bind with any
>> other user like rui etc with their linux password. Its says invalid
>> credentials.
> [...]
>
> run slapd in debugging mode, i.e. -d acl
>
>
> ############
>> # ldbm database definitions
>> #######################################################################
>> database ldbm
>
> ldbm is historic and not supported.
>
> -Dieter
>
> --
> Dieter Kl?nter | Systemberatung
> http://dkluenter.de
> GPG Key ID:DA147B05
> 53?37'09,95"N
> 10?08'02,42"E
>
>
> ------------------------------
>
> _______________________________________________
> openldap-technical mailing list
> openldap-technical@openldap.org
> http://www.openldap.org/lists/mm/listinfo/openldap-technical
>
>
> End of openldap-technical Digest, Vol 37, Issue 22
> **************************************************
>