[Date Prev][Date Next] [Chronological] [Thread] [Top]

Upgrading to 2.1.8 breaks binding



Since I upgraded from 2.0.25 to 2.1.8 I can no longer bind from
authentication clients like radius to my openldap server. When I try,
the error reported in my ldap log file is:

  Conn=3 op=0 RESULT tag=97 err=49 text=
 
It turns out that error 49, from ldap.h, means that the credentials are
invalid (LDAP_INVALID_CREDENTIALS).  I know I'm using the correct
password of the entry I'm trying to bind as.  I've also tried to bind as
that entry to read its own entry using ldapsearch.  But version 2.1.8
won't allow me to bind as this (or any other except Manager and Admin)
entry.  However, version 2.0.25 did.  2.1.8 will only allow me to bind
as cn=Manager,dc=example,dc=org or as cn=Admin,dc=example,dc=org.  It
will not allow binding by any other entry in the database.

I'm using virtually the same config file, the only change being that
I've included "allow bind_v2" and I've changed ldbm to bdb as the
backend database (I also upgraded the Berkeley db to version 4).

My access list is as follows:

access to attr=userPassword
	by self write
	by anonymous auth
	by dn="cn=Admin,dc=example,dc=org write
	by * none
access to *
	by self write
	by dn="cn=Admin,dc=example,dc=org" write
	by * read

Can anyone help me figure out what I need to do to recover the lost
functionality?

Thanks,

Mike