[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Insufficient acces in some cases
- To: Ervin Hegedüs <airween@gmail.com>
- Subject: Re: Insufficient acces in some cases
- From: Clément OUDOT <clement.oudot@worteks.com>
- Date: Tue, 18 Sep 2018 22:34:55 +0200
- Autocrypt: addr=clement.oudot@worteks.com; prefer-encrypt=mutual; keydata= xsFNBFrYrkABEAC/AR9ZPZh3pjfYG/D4V7cFSN7Xv1qgVoudHKCjn5WeLuZXyBtWM6RGHIyo JIPjXcU8mG0+SWQf+e9IENuvQ1wEqtkUZ1YQtyYMGAOfIP2YK+nC+4R7xv2ZLuiQk37/8DS5 dT82h0vCSQbemdecH4UY3vrUeHBxiz95Nt6RtCpWDrICb0gyQJ23hwGMPkSrCSCC1uVexpuP YBTjKO1BPqjbGOWNbOuBpgwpBUzdIGX63Cfssy3OU1AiBilpOvHGYUSXblyFzQCFSmNFgNqJ 1CIIjS6+tO46uL0VgT4KYKcGR+Zn/krqTPq+BBXBOpDnuhGKf8BI+m6FPpiCPBGk6PQbUjIw WtMwXsda8qSNQ1Odsk8YlS24nkjsHc0N/VExxpYle/EfbkwqdsaLNhgJZoyGtJ7zLy4NJVs4 rJMiF7d3P6rVjWnXb5o3LkgrDjlvlwchNGWWEbdaVw4snnrPfHX1qq2LhDcTcK4NguZMAKTV O1ziZvlUejtD7VSjfK/3XPsF4/5wPXbyQ96xab9RWwNkjqdj1xDJTQLAb+4iCNZZf7e7P4JY IUSrX8ymT49JfvruSrWgKtJllnKqoHB+81LBmqlKxje+n2+z2gDJJbcPkieGeoDFWYidpIWK 9TzOGSSaDZhA+gq+lwQ8rBzpyuoCAJWYc3Y39T0P6aGK19u9IwARAQABzSpDbMOpbWVudCBP VURPVCA8Y2xlbWVudC5vdWRvdEB3b3J0ZWtzLmNvbT7CwX0EEwEIACcFAlrYrkACGyMFCQlm AYAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQrgYhihiI5FRoEhAAo/1/zBlAOE90VYc+ syjBjd3WtiAcn3Om3sGHVe60XwUqdpPEYVgFTMrim1geWfDxACUpzpUZLUEN32HfjpkVz01H gQs84xFLytcNcRmXEcVCiO1zbjGQUll7PA7nHlNTgtM/XRZpTf1woB2SFvccvVJWMjXlG3aY u8CzlMdR8l17wV9kzavvmQR4BnCdEqeyJHTuZ8D2k6mUay8WkM5+AYMcMZhAlsWSbZdNu+zP q/WT+fNU9uWf6rI6uDPzNFyr1VI3q5alOdp6k+qlFuqmq1uS7yfa+HHpgxufyqxheZbdJAum E4GsFsdhJHkUGeneaoS+WzVuAi/PMLbJ178aF94DeMmWJZbqshBJ5bNFKnZaerQzxHokdPUt mFggjVr7WT4yyUsdjbuZLE/UxCSQj+nyPNTFAYg5Y4AapzoeTGy1HnY4Z+G6TFbHVdqEoffE gnUaIRhhwVvCl6YdjqYeJTuA2pcVPMRgG7KTNC6uVNKx7VhSVl8is3cpG0fiNJ0ZXdHr1I6p N7+xD21TtT75ZirfIkz3lGyMaZagi/QoBI+ghuXwq5ggFdu3/gzLmFpNt6MFnGzivjc3vUqI oQSfEvQjeSdeEoULkOECwi9HR7LcTlW3Ys1iQXypKPsFDAZKQ7ayTlH6BbvUoppbRw7Gtvai YeTz/C7b6EyWOJb5vG/OwU0EWtiuQAEQANkshc1daL2yM61xTA8dI0k/q3Cl7DmikSFEewwS 0+nzO2+G89NF4xhn3lFcZ8xhKRR5o+BBfZlazPbPAirHbaSFHh+Vr00QL1dnG0mlyTVbuAkD 6K21QvRrNUDgg2In4TkuXQCwt29VVHjFfDcVa3ax87E7r0ckWwzWmIHDFdBDDR8MkiDKSPGu wpN7lQz4U+6j0Mztzl10BWyC/U8YVJLclC0VDheyw19uvw5J0MtSbhZ7Mub/uFjgYrwRc+hq 5ncSHe8GXHd3Pk9u6VkiPyUbEp8c4rK+TUWb0IWbtJBhJ8WhyjsWiS+f2Gjz6Q+Yy8TT9Swx KO1yDj9YKzcxsADt2w4sjMJqkjCAErXsAg4uuXFGuEordNaC8Hh0VqXBV92wXQTI29OHxzIU cdl7SdmTnGSPeSjX4McQpbO84yCfEQ6N1yRa+DwJW86I/8A6eUhr0dO6Wo+zB19J/jV2xkdV yliw2DAvakovk0qcfs41yQM1uwbkiNEU4FsqyqEmnt06ccsOgEWpE1E70A6CqlOjxCS0imow GCBQ94S3WzK0bF1UP7xYAl/tEfM8GgZUaoj07avM++h9OeM2mh80NBi7ETH0HsYXatAEkVv1 QubnHZZYxDUk2OQsJlyRcN/gRff80YRfI+r7jlO+oLHl27TCFNsXnWyxxKdE4CoOQYqZABEB AAHCwWUEGAEIAA8FAlrYrkACGwwFCQlmAYAACgkQrgYhihiI5FSSaBAApwPWyDQTWslzlNCP NaTfdoT36wf78URv3LRuvx6DqQfATZ6CHapZn27iNRnLyPtqKyQhu4u2qFk3clS5orYgFbew vVyAOg7FKJJ/0NEofwFDbBhoRtms4VkdVgeVD9BbQAJ7TGbixuD19kmYBAhz3FIGd4SiJJ1P IqL8R712FD6pvK7x0BE3bfirGeFls6278bv4MB99Aji//jOU94ar54htatksE9nvq2DCvqfL +/gYDxjTpSusT7cavYoYRZX3smAx+XTwcYxjzDjxfjo/JFLKy6P57Ir/nn54ShbmC9WiOvtG dGW7zNw0Q//gbNdWYBom5j5Tpl5qcV3MYs0M2pr4hUZYVyJtj3vOEVQZJ79g51VzQSMSHhFl uil2RHffirR1yYhTo6gSlpJLps8bk+8lvzTbPzCVCXwRU8/ALc5zvBj0JoAwNQPeqDNROhGu E2/1H4niP9Ogx58CdmvDudDQ8GyUwYYMoeT1smwnEBUFv0a1JR9pZBIbmfsskJLY8qFomLaU d1KZm4EWLfchHMJF4411spHPkM2NioxWsoMSJwtQTPg0Q2R5hI4BT2RCSRLNe1zV7txupUPz wEW90UqJaTXi3gCr5UCc/FLRjTiKaC/DeggWr448q23qYUDnh1Mtg2pBq+Vd1kme+Bg2LPZk ynRXCjPIjKasxsn+kMg=
- Cc: openldap-technical@openldap.org
- Content-language: fr-FR
- In-reply-to: <20180918202322.GA6367@arxnet.hu>
- Openpgp: preference=signencrypt
- Organization: Worteks
- References: <20180918161109.GA28878@arxnet.hu> <fd4e62f0-9f5d-b746-41a5-0cc35b840765@worteks.com> <20180918202322.GA6367@arxnet.hu>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Thunderbird/52.9.1
Le 18/09/2018 à 22:23, Ervin Hegedüs a écrit :
>
> But then I don't understand, why comes this error only few users
> (total number of users is about 200 now, we know about 2-3
> affected user).
>
> Anyway, I thought it also what you wrote, and switched back to
> native LDAP (instead of LDAPS), and make a capture at LDAP side.
>
> There aren't any garbage in packets, all request contains
> absolutely normal lines... If you interesting about it, I can
> send you a cap file - but that contains sensitive datas, of
> course.
>
> I just can share some screenshots about the traffic, hope it
> seems that no other garbage:
>
> https://www.dropbox.com/sh/x8ol6cfc39zj7cp/AADCo3CgcHPQnvOre4hjuULpa
It would be be interesting to see how your OpenLDAP ACL are configured.
Are you sure that a user can modify userPassword and sambaNT/LM password
attributes?
--
Clément Oudot | Identity Solutions Manager
clement.oudot@worteks.com
Worteks | https://www.worteks.com