[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: I'm have a problem w/userPasswords and binding



I'd guess Rob is not providing the actual password to ldapsearch
as required but instead providing the hash of the password.

At 11:00 AM 10/8/2004, Pierangelo Masarati wrote:
>ACL problem?  What about the access anonymous has to both entries
>userPassword?  You can check it by adding 128 to your log level.
>
>p.
>
>>
>> --On Friday, October 08, 2004 09:19:31 AM +0200 Pierangelo Masarati
>> <ando@sys-net.it> wrote:
>>  >
>>> Rob,
>>>
>>> "Invalid credentials" is a catchall for almost any error during bind,
>> to
>>> avoid disclosing sensitive info (e.g. the user does not exist, or
>> other
>>> details about the account) to malicious clients.  I suggest you look
>> at
>>> server logs at a reasonable level (at worst, -d -1; -d 256 (STATS) or
>> -d
>>> 384 (STATS+ACL) should be a good starting point) to find out more
>> about
>>> the real reason of your failure.
>>>
>>> You don't say what versions of server and client you're using, so
>> further
>>> advise is not possible.
>>>
>>> p.
>>>
>>> --
>>> Pierangelo Masarati
>>> mailto:pierangelo.masarati@sys-net.it
>>>
>>>
>>>
>>>     SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:
>> +390382476497
>>>
>>>
>>
>> Pierangelo,
>>  Also, here is the antry for the DN that can't successfully bind (yes,
>> I did replace the password a
>> string of Xs -- other than that, this is the unmodified output from
>> ldapsearch):
>>
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <o=linfield.edu> with scope sub
>> # filter: cn=postfix
>> # requesting: ALL
>> #
>>
>> # Postfix, Special Users, linfield.edu
>> dn: cn=Postfix,ou=Special Users,o=linfield.edu
>> objectClass: top
>> objectClass: linfieldSpecialUser
>> cn: Postfix
>> ou: Special Users
>> userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXXXX
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>>
>> Thanks,
>> Rob
>>
>> --
>> Rob Tanner
>> UNIX Services Manager
>> Linfield College, McMinnville OR
>>
>
>
>-- 
>Pierangelo Masarati
>mailto:pierangelo.masarati@sys-net.it
>
>
>    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497