[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help! bind funny?

To: Juan Gonzalo de Silva Medina <gonzalo@caymasa.es>
Subject: Re: Help! bind funny?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sun, 14 May 2000 09:38:46 -0700
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <391AFA36.4696405B@caymasa.es>

At 08:21 PM 5/11/00 +0200, Juan Gonzalo de Silva Medina wrote:
>Well, if I bind to racf database with a invalid user o password the
>backed return error and not accion is aloved (this work fine at my
>test).

Your output appears to confirm this.  Of course, not sure
why the client attempts to search if the bind failed.  Assuming
you used ldapsearch(1), I'd suspect your backend bind function
indicated success when it shouldn't have.

>If I bind with a right user+password and search the database pruebas I
>get a abnormal execution....

abnormal how?

>I execute:
>
>ldapserarch -w mypassword -D "CN=S5540, O=RACF" -b "o=pruebas"
>objectclass=*

I assume you actually used ldapsearch and protected the search
filter from shell expansion.

>The log (slapd -d 128):

Try slapd -d 1 -d 4 -d 128... ACL debugging without other output
is quite hard.

>/ldapsearch.3±*mv -f /usr/local/bin/ud /usr/local/bin/ud-im 775 ud
>/usr/local/binp1
>abeledURL)Ù<= acl_access_allowed: matched by clause #2 access granted

Seems odd to have install output intermixed with your log.

>The diference is:
>=> acl_access_allowed: search access to value "any" by ""
>=> acl_access_allowed: read access to value "any" by "CN=S5540,O=RACF"

Two different searches (as you noted above). But cannot tell without
trace output.

>Any idee?

No.

Follow-Ups:
- Re: Help! bind funny?
  - From: Juan Gonzalo de Silva Medina <gonzalo@caymasa.es>

References:
- Help! bind funny?
  - From: Juan Gonzalo de Silva Medina <gonzalo@caymasa.es>

Prev by Date: Re: Replacing Multile Values
Next by Date: Re: Reading schema from ADS
Index(es):
- Chronological
- Thread