[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: invalid credentials (49) for normal user
Am Thu, 30 Dec 2010 15:14:34 +0000
schrieb rui <guideveloper@gmail.com>:
> Hi,
>
> This is the output after doing "-d 128"
> http://pastebin.com/6Jb9j7F7
>
> my latest slapd.conf is this:
> ###########################################################################
> # # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable. #
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/dyngroup.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/misc.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/openldap.schema
>
> #######################################################################
> # bdb database definitions
> #######################################################################
> database bdb
> suffix "o=M1,c=GB"
> rootdn "uid=root,ou=People,o=M1,c=GB"
> rootpw test123
> directory /var/lib/ldap
>
> # Indices to maintain
> index objectClass,uid,uidNumber,gidNumber eq
> index cn,mail,surname,givenname eq,subinitial
>
> ## logging.
> #loglevel acl
>
> access to attrs=userPassword
> by self write
> by dn="uid=root,ou=People,o=M1,c=GB" write
> by * auth
>
> access to *
> by self write
> by users read
> by anonymous auth
The warnings in the debugging output (no by clauses specified) should
have raised your attention.
The way access rules are written, is bogus. Access rules have to be put
on a single line, but this line may have continuations. The manual
page slapd.access(5) and the admin guide
http://www.openldap.org/doc/admin24/access-control.html
give a good idea on how access rules should be written.
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E