[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL issue

Hello,  I could please use your help regarding issues I am seeing with user access authenticating to my new LDAP server.

I am new to LDAP, and am building my first server.

 

I have created a new user (lou) and client (ldapServer) and am trying to authenticate the user through the client.

I have configured the LDAP server to also be the LDAP test client.

 

I am seeing the following errors in the /var/log/sssd/sssd_default.log when I run:

 

getent passwd lou

or

su - lou

 

(Fri Sep 25 16:43:15 2015) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP'

(Fri Sep 25 16:43:15 2015) [sssd[be[default]]] [sdap_get_rootdse_done] (0x0040): RootDSE could not be retrieved. Please check that anonymous access to RootDSE is allowed

(Fri Sep 25 16:43:15 2015) [sssd[be[default]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900

(Fri Sep 25 16:43:15 2015) [sssd[be[default]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'IP_Address' as 'working'

(Fri Sep 25 16:43:15 2015) [sssd[be[default]]] [set_server_common_status] (0x0100): Marking server 'IP_Address' as 'working'

(Fri Sep 25 16:43:15 2015) [sssd[be[default]]] [sdap_get_generic_op_finished] (0x0040): Unexpected result from ldap: Insufficient access(50), no errmsg set

(Fri Sep 25 16:43:15 2015) [sssd[be[default]]] [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [5]: Input/output error

(Fri Sep 25 16:43:15 2015) [sssd[be[default]]] [sdap_get_users_done] (0x0040): Failed to retrieve users

 

 

According to the doc for common-errors doc.

http://www.openldap.org/doc/admin24/appendix-common-errors.html

 

I believe I am having an issue with the Default ACLs.

 

I have been doing much reading and am coming up short.  My questions are:

 

First: how to delete the current default ACLs using a command line entry, or using a ldapmodify on a .ldif file

 

Second:  how to add a new ACL  allowing all users access using a command line entry or .ldif file.  Once I get the user lou (and other test users) to connect, I will change the ACL

access rules for restriction.  I need to get it working first.

 

Also,  is there a step by step beginners guide for the ACL process?  

 

Any help is greatly appreciated.  Thank you - Lou

 

 

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature