[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: phpldapadmin Config

--On Tuesday, July 13, 2004 12:19 PM -0400 Josiah Ritchie <jritchie@bible.edu> wrote:

I'm trying to configure phpldapadmin to authenticate users from LDAP.
I'm seeing the following in my logs.

Jul 13 07:11:12 localhost slapd[2481]: conn=1 fd=12 ACCEPT from
IP= (IP=
Jul 13 07:11:12 localhost slapd[2483]: conn=1 op=0 BIND dn="" method=128
Jul 13 07:11:12 localhost slapd[2483]: conn=1 op=0 RESULT tag=97 err=0
Jul 13 07:11:12 localhost slapd[2483]: conn=1 op=1 SRCH
base="dc=cougarnet,dc=bible,dc=edu" scope=2 filter="(uid=JosiahRitchie)"
Jul 13 07:11:12 localhost slapd[2483]: conn=1 op=1 SRCH attr=dn
Jul 13 07:11:12 localhost slapd[2483]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Jul 13 07:11:12 localhost slapd[2483]: conn=1 op=1 SEARCH RESULT tag=101
err=0 nentries=0 text=
Jul 13 07:11:12 localhost slapd[2483]: conn=1 op=2 UNBIND
Jul 13 07:11:12 localhost slapd[2483]: conn=1 fd=12 closed

You are doing an equality search on uid ("uid=josiahritchie") but you don't have an equality index for uid, which is why it is saying the indexing is failing.


I've confirmed that password and username are existent and correct. In fact, other devices that are not doing anonymous binds work fine. I *think* I'm configured properly for anon bind. If I tell phpldapadmin to bind anonymously it works, but it can't get any information (cause I don't want it to).

My slapd.conf is striipped down to bare bones here:
include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/inetorgperson.schema
include     /etc/openldap/schema/nis.schema
include     /etc/openldap/schema/nisdomainobject.schema
include     /etc/openldap/schema/samba.schema
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
        by self write
        by users read
        by anonymous auth
access to dn=".*,dc=cougarnet,dc=bible,dc=edu" attr="userPassword"
        by dn="cn=Manager,ou=people,dc=cougarnet,dc=bible,dc=edu" write
        by dn="cn=samba,ou=People,dc=cougarnet,dc=bible,dc=edu" write
        by self write
        by * auth
allow bind_v2 bind_anon_cred
database        bdb
suffix          "dc=cougarnet,dc=bible,dc=edu"
rootdn          "cn=Manager,dc=cougarnet,dc=bible,dc=edu"
rootpw          *********
directory       /var/lib/openldap-data
index objectClass,uidNumber,gidNumber                   eq
index cn,surname,uid,displayName                        pres,sub
index memberUID,mail,givenname                          eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName     eq

Am I right in thinking that phpldapadmin is trying to bind anonymously
and then authenticate someone else and having trouble with it? If so
what can I do to straighten this out? If not, what is my issue and what
do I need to read to figure out the fix?


-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html