[Date Prev][Date Next] [Chronological] [Thread] [Top]

Referral failure (ITS#532)

To: openldap-its@OpenLDAP.org
Subject: Referral failure (ITS#532)
From: dgress@cisco.com
Date: Fri, 12 May 2000 11:02:26 GMT

Full_Name: David Gress
Version: openldap-1.2.9
OS: Sun 5.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (192.135.249.2)


* I am using a "Supplier initiated agreement" to update a replication database. 

* The replication database (consumer) is pointed to by the app. 
    User attempts to change password but fails on authorization.
* Authorization to the "Supplier" database is "Anonymous", no write allowed
* Bind DN not being passed on referral causing the "Anonymous" Access Control
attempt.

Command:
   ldapmodify -D "cn=Directory Manager" -p389 -h supptm -w test123 -f
modpass.ldif

..ldap access log (test with ldapmodify across the "supplier" database)

[11/May/2000:12:16:02 -0400] conn=0 fd=63 slot=63 connection from
172.24.160.182
[11/May/2000:12:16:02 -0400] conn=0 op=0 BIND dn="" method=128 version=2
[11/May/2000:12:16:02 -0400] conn=0 op=0 RESULT err=0 tag=97 nentries=0
[11/May/2000:12:16:02 -0400] conn=0 op=1 MOD 
dn="billingnumber=8035550001,uniqueidentifier=CiscoTest#0000000005550001,o=CiscoTest,c=US"
[11/May/2000:12:16:02 -0400] conn=0 op=1 RESULT err=50 tag=103 nentries=0
[11/May/2000:12:16:03 -0400] conn=0 op=2 UNBIND
[11/May/2000:12:16:03 -0400] conn=0 op=2 fd=63 closed

This results in :

[11/May/2000:12:16:02 -0400] access denied on
entry:(billingnumber=8035550001,uniquei
dentifier=CiscoTest#0000000005550001,o=CiscoTest,c=US, password, rv:50)
[11/May/2000:12:16:02 -0400] => send_ldap_result 50::Insufficient 'write'
privilege t
o the 'password' attribute of entry
'billingnumber=8035550001,uniqueidentifier=CiscoTest
#0000000005550001,o=CiscoTest,c=US'.


Downloaded and tested Netscape SDK and it works correctly.

Prev by Date: Referral (ITS#531)
Next by Date: RE: memory leak
Index(es):
- Chronological
- Thread