[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Authenticate & Login OS X with passwd
The passwd backend is not a full backend. It is a toy/demonstration tool,
nothing more. In particular, it only supports the Search operation, not Bind
or any other request. You can of course add code to it to support Binds if
you wish.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Mark Allan
> Sent: Wednesday, March 05, 2003 6:57 AM
> To: openldap-software@OpenLDAP.org
> Subject: Authenticate & Login OS X with passwd
>
>
> Hi,
>
> I downloaded OpenLDAP onto a slackware linux box (meta.gwc.org.uk),
> configured and compiled it with --disable-bdb --enable-passwd. I'm
> trying to get a Mac OS X computer (or anything for that matter!) to
> check with meta to see if a user's name and password are correct. If
> so, they should be logged in. It's not working though.
>
> I have a couple of sample users set up (meta is a trial system before
> we go institution-wide with LDAP) by doing "adduser" on the
> terminal so
> that everything is set up correctly. Here's a copy of my slapd.conf
> file on meta:
>
> > include /usr/local/etc/openldap/schema/core.schema
> > include /usr/local/etc/openldap/schema/cosine.schema
> > include /usr/local/etc/openldap/schema/inetorgperson.schema
> > include /usr/local/etc/openldap/schema/misc.schema
> > include /usr/local/etc/openldap/schema/nis.schema
> > include /usr/local/etc/openldap/schema/openldap.schema
> > include /usr/local/etc/openldap/schema/local.schema
> >
> > pidfile /usr/local/var/slapd.pid
> > argsfile /usr/local/var/slapd.args
> > defaultsearchbase dc=meta,dc=gwc,dc=org,dc=uk
> >
> > # General backend options
> > backend passwd
> >
> > # General database options
> > database passwd
> > suffix "dc=meta,dc=gwc,dc=org,dc=uk"
> >
> > rootdn "uid=root,dc=meta,dc=gwc,dc=org,dc=uk"
> > rootpw secret
>
> In a terminal window on the OS X machine (mercury), if I type
> ldapsearch -x -h meta.gwc.org.uk -b dc=meta,dc=gwc,dc=org,dc=uk
> '(uid=mja)'
> I get the following result:
>
> > # extended LDIF
> > #
> > # LDAPv3
> > # filter: (uid=mja)
> > # requesting: ALL
> > #
> >
> > # mja, meta.gwc.org.uk
> > dn: uid=mja,dc=meta,dc=gwc,dc=org,dc=uk
> > objectClass: top
> > objectClass: person
> > objectClass: uidObject
> > uid: mja
> > cn: mja
> > cn: Mark J Allan
> > sn: mja
> > sn: Allan
> > description: Mark J Allan,,,
> >
> > # search result
> > search: 2
> > result: 0 Success
> > text: ,dc=gwc,dc=org,dc=uk
> >
> > # numResponses: 2
> > # numEntries: 1
>
> However, trying to log in from mercury doesn't work. The log says:
>
> > Mar 5 14:53:10 meta slapd[10143]: conn=0 fd=9 ACCEPT from
> > IP=212.240.18.3:49161 (IP=0.0.0.0:389)
> > Mar 5 14:53:10 meta slapd[10144]: conn=0 op=0 BIND dn="" method=128
> > Mar 5 14:53:10 meta slapd[10144]: conn=0 op=0 RESULT tag=97 err=0
> > text=
> > Mar 5 14:53:10 meta slapd[10144]: conn=0 op=1 SRCH
> > base="dc=meta,dc=gwc,dc=org,dc=uk" scope=2 filter="(uid=mja)"
> > Mar 5 14:53:10 meta slapd[10144]: conn=0 op=1 RESULT tag=101 err=0
> > text=,dc=gwc,dc=org,dc=uk
> > Mar 5 14:53:10 meta slapd[10143]: conn=1 fd=10 ACCEPT from
> > IP=212.240.18.3:49162 (IP=0.0.0.0:389)
> > Mar 5 14:53:10 meta slapd[10144]: conn=1 op=0 BIND
> > dn="uid=mja,dc=meta,dc=gwc,dc=org,dc=uk" method=128
> > Mar 5 14:53:10 meta slapd[10144]: conn=1 op=0 RESULT tag=97 err=53
> > text=operation not supported within namingContext
> > Mar 5 14:53:10 meta slapd[10144]: conn=1 op=1 UNBIND
> > Mar 5 14:53:10 meta slapd[10144]: conn=1 fd=10 closed
> > Mar 5 14:53:10 meta slapd[10144]: conn=0 op=2 SRCH
> > base="dc=meta,dc=gwc,dc=org,dc=uk" scope=2 filter="(uid=mja)"
> > Mar 5 14:53:10 meta slapd[10144]: conn=0 op=2 RESULT tag=101 err=0
> > text=,dc=gwc,dc=org,dc=uk
> > Mar 5 14:53:10 meta slapd[10143]: conn=0 fd=9 closed
> > root@meta:/var/log#
>
> Can anyone shed any light on the subject please?
>
> Thanks a lot for your help
>
> Mark
>
>