[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Can query as anonymous or manager, but can't bind
I've got an install of OpenLDAP 2.1.25 running on a YellowDog Linux box. The
eventual goal is to use it for authentication, which, curiously, works. I can
login to the box without problem. Furthermore, I can search the database
anonymously, or as the manager user, and it does the right thing. But when I
try to bind and authenticate as a local user, it fails:
> ldapsearch -x -D 'uid=cas1650,dc=students,dc=NebrWesleyan,dc=edu' -W -b
'dc=students,dc=NebrWesleyan,dc=edu' -LLL 'uid=cas1650'
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
But, as I said, I can search and query just fine without binding. Binding is
important because, although authentication works, I also hope to use LDAP to
authenticate users via PHP, and the only way I can figure out to do that
without getting bind to work is to allow the LDAP passwords to be
world-readable, which is Ugly-capital-U.
I posted to this list before, and RTFMed, and STFWed, and the only suggestion
I found was to change the ownership of my configuration and data files to a
generic user/group, ldap:ldap, and run slapd as that user. I tried that, but
slapd segfaults immediately.
I've attached my slapd.conf and a selection of my logfile (-d -1) from the
command above; I've asterisked out my password in both the hex and plaintext,
but the logfile is otherwise unchanged.
Thanks,
Chris St. Pierre
*************slapd.conf*************
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
access to attr=userPassword
by self write
by dn="uid=root,ou=People,dc=students,dc=NebrWesleyan,dc=edu" write
by * auth
access to attr=loginShell
by self read
by dn="uid=root,ou=People,dc=students,dc=NebrWesleyan,dc=edu" write
by * read
access to *
by self write
by dn="uid=root,ou=People,dc=students,dc=NebrWesleyan,dc=edu" write
by * read
by anonymous auth
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=students,dc=NebrWesleyan,dc=edu"
rootdn "cn=manager,dc=students,dc=NebrWesleyan,dc=edu"
rootpw ****
directory /usr/local/var/openldap-data
index objectClass eq
password-hash {MD5}
*****end of slapd.conf*****
********selection of slapd logfile********
daemon: new connection on 9
ldap_pvt_gethostbyname_a: host=students.NebrWesleyan.edu, r=0
str2filter "(objectclass=*)"
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x1011ad40 ptr=0x1011ad40 end=0x1011ad4d len=13
0000: 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 ..objectclass
end get_filter 0
conn=0 fd=9 ACCEPT from IP=10.12.1.6:57705 (IP=0.0.0.0:389)
daemon: added 9r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
0000: 30 42 02 01 01 60 3d 02 0B...`=.
ldap_read: want=60, got=60
0000: 01 03 04 2e 75 69 64 3d 63 61 73 31 36 35 30 2c ....uid=cas1650,
0010: 64 63 3d 73 74 75 64 65 6e 74 73 2c 64 63 3d 4e dc=students,dc=N
0020: 65 62 72 57 65 73 6c 65 79 61 6e 2c 64 63 3d 65 ebrWesleyan,dc=e
0030: 64 75 80 08 ** ** ** ** ** ** ** ** du..********
ber_get_next: tag 0x30 len 66 contents:
ber_dump: buf=0x1011acc8 ptr=0x1011acc8 end=0x1011ad0a len=66
0000: 02 01 01 60 3d 02 01 03 04 2e 75 69 64 3d 63 61 ...`=.....uid=ca
0010: 73 31 36 35 30 2c 64 63 3d 73 74 75 64 65 6e 74 s1650,dc=student
0020: 73 2c 64 63 3d 4e 65 62 72 57 65 73 6c 65 79 61 s,dc=NebrWesleya
0030: 6e 2c 64 63 3d 65 64 75 80 08 ** ** ** ** ** ** n,dc=edu..******
0040: ** ** **
do_bind
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x1011acc8 ptr=0x1011accb end=0x1011ad0a len=63
0000: 60 3d 02 01 03 04 2e 75 69 64 3d 63 61 73 31 36 `=.....uid=cas16
0010: 35 30 2c 64 63 3d 73 74 75 64 65 6e 74 73 2c 64 50,dc=students,d
0020: 63 3d 4e 65 62 72 57 65 73 6c 65 79 61 6e 2c 64 c=NebrWesleyan,d
0030: 63 3d 65 64 75 80 08 ** ** ** ** ** ** ** ** c=edu..********
ber_scanf fmt (m}) ber:
ber_dump: buf=0x1011acc8 ptr=0x1011ad00 end=0x1011ad0a len=10
0000: 00 08 ** ** ** ** ** ** ** ** ..********
>>> dnPrettyNormal: <uid=cas1650,dc=students,dc=NebrWesleyan,dc=edu>
=> ldap_bv2dn(uid=cas1650,dc=students,dc=NebrWesleyan,dc=edu,0)
<= ldap_bv2dn(uid=cas1650,dc=students,dc=NebrWesleyan,dc=edu,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=cas1650,dc=students,dc=NebrWesleyan,dc=edu,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=cas1650,dc=students,dc=nebrwesleyan,dc=edu,272)=0
<<< dnPrettyNormal: <uid=cas1650,dc=students,dc=NebrWesleyan,dc=edu>, <uid=cas1650,dc=students,dc=nebrwesleyan,dc=edu>
do_bind: version=3 dn="uid=cas1650,dc=students,dc=NebrWesleyan,dc=edu" method=128
conn=0 op=0 BIND dn="uid=cas1650,dc=students,dc=NebrWesleyan,dc=edu" method=128
daemon: select: listen=6 active_threads=1 tvp=NULL
==> ldbm_back_bind: dn: uid=cas1650,dc=students,dc=NebrWesleyan,dc=edu
dn2entry_r: dn: "uid=cas1650,dc=students,dc=nebrwesleyan,dc=edu"
=> dn2id( "uid=cas1650,dc=students,dc=nebrwesleyan,dc=edu" )
=> ldbm_cache_open( "dn2id.dbb", 73, 600 )
ldbm_cache_open (blksize 8192) (maxids 2046) (maxindirect 5)
<= ldbm_cache_open (opened 0)
<= dn2id NOID
dn2entry_r: dn: "dc=students,dc=nebrwesleyan,dc=edu"
=> dn2id( "dc=students,dc=nebrwesleyan,dc=edu" )
=> ldbm_cache_open( "dn2id.dbb", 73, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id 1
=> id2entry_r( 1 )
=> ldbm_cache_open( "id2entry.dbb", 73, 600 )
ldbm_cache_open (blksize 8192) (maxids 2046) (maxindirect 5)
<= ldbm_cache_open (opened 1)
=> str2entry
>>> dnPrettyNormal: <dc=students,dc=NebrWesleyan,dc=edu>
=> ldap_bv2dn(dc=students,dc=NebrWesleyan,dc=edu,0)
<= ldap_bv2dn(dc=students,dc=NebrWesleyan,dc=edu,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=students,dc=NebrWesleyan,dc=edu,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=students,dc=nebrwesleyan,dc=edu,272)=0
<<< dnPrettyNormal: <dc=students,dc=NebrWesleyan,dc=edu>, <dc=students,dc=nebrwesleyan,dc=edu>
<= str2entry(dc=students,dc=NebrWesleyan,dc=edu) -> 0x1011cad8
<= id2entry_r( 1 ) 0x1011cad8 (disk)
====> cache_return_entry_r( 1 ): created (0)
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=49
ber_flush: 14 bytes to sd 9
0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1....
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1....
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 9 failed errno=0 (Success)
connection_read(9): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=9 for close
connection_close: deferring conn=0 sd=9
conn=0 op=0 RESULT tag=97 err=49 text=
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=1 tvp=NULL
connection_resched: attempting closing conn=0 sd=9
connection_close: conn=0 sd=9
daemon: removing 9
conn=0 fd=9 closed
*************end of selection of slapd logfile*********