[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP on RedHat 8.0



I've seen you use ldapsearch without option "-x" which means you're using sasl bind !, you should try whithout sasl 1st , so use -x .

Then did you check that bdb files (/var/lib/ldap) belong to user ldap ?
Maybe "allow bind_v2" in slapd.conf .

Jan Hugo Prins wrote:
Reinstalled the whole stuff again. Still no result. Completly clean installation with just 2 lines to make sure anonymous readers have read access. Removing those lines from slapd.conf doesn't make any difference.

Have done some testing again:
Here is some output on the server side (removed some stuff that didn't seem too important):
[root@hermes openldap]# slapd -d -1 -f /etc/openldap/slapd.conf -u ldap
@(#) $OpenLDAP: slapd 2.0.25-Release (Mon Aug 26 23:18:40 EDT 2002) $
root@daffy.perf.redhat.com:/usr/src/build/141199-i386/BUILD/openldap-2.0.25/build-krb5/servers/slapd
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: initialized ldap:///
daemon_init: 1 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
reading config file /etc/openldap/slapd.conf
line 6 (include /etc/openldap/schema/core.schema)
reading config file /etc/openldap/schema/core.schema
.
.<CUT>
.<CUT>
.
line 58 (access to * by self write)
Global ACL: access to *
by self write (=wrscx)


line 59 (access to * by anonymous read)
Global ACL: access to *
        by anonymous read (=rscx)

line 65 (database       ldbm)
line 66 (suffix         "dc=my-domain,dc=com")
line 68 (rootdn         "cn=Manager,dc=my-domain,dc=com")
line 77 (directory      /var/lib/ldap)
line 79 (index  objectClass,uid,uidNumber,gidNumber,memberUid   eq)
index objectClass 0x0004
index uid 0x0004
index uidNumber 0x0004
index gidNumber 0x0004
index memberUid 0x0004
line 80 (index  cn,mail,surname,givenname                       eq,subinitial)
index cn 0x0114
index mail 0x0114
index sn 0x0114
index givenName 0x0114
slapd startup: initiated.
slapd starting
daemon: added 6r
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: new connection on 9
fd=9 host access from unknown (127.0.0.1) denied.
daemon: closing 9
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL


Client side:

[root@hermes openldap]# ldapsearch -b '' -s base '(objectclass=*)' namingContexts -v -d -1
ldap_initialize( <DEFAULT> )
ldap_create
ldap_pvt_sasl_getmech
ldap_search
put_filter "(objectclass=*)"
put_filter: simple
put_simple_filter "objectclass=*"
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: localhost
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_int_sasl_open: host=hermes.jhprins.org
ldap_open_defconn: successful
ldap_send_server_request
ber_flush: 64 bytes to sd 3
0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9.........
0010: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object
0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support
0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms
ldap_write: want=64, written=64
0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9.........
0010: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object
0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support
0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: localhost port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Feb 5 20:01:29 2003


** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid 1, all 1
ber_get_next
ldap_read: want=1, got=0

ber_get_next failed.
ldap_perror
ldap_sasl_interactive_bind_s: Can't contact LDAP server