[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: I'm have a problem w/userPasswords and binding



Pierangelo,
It's working now, and the ACLs were apparently the only real problem.  Because I'd been messing with the password so often, I didn't realize that I had munged.  Once I set it back to what it was suppossed to be, everything worked (with the ACL not set correctly).   It's one of those learning curve issues moving from a Netscape4 server which doesn't require an ACL for access to the userPassword for the purpose of authentication.  But I think having more granular control over authentication is better, so I'm not complaining.

Thanks for all your help and your patience.

-- Rob

--On Friday, October 08, 2004 08:00:11 PM +0200 Pierangelo Masarati <ando@sys-net.it> wrote:
> ACL problem?  What about the access anonymous has to both entries
> userPassword?  You can check it by adding 128 to your log level.
>
> p.
>
> >
> > --On Friday, October 08, 2004 09:19:31 AM +0200 Pierangelo Masarati
> > <ando@sys-net.it> wrote:
> >  >
> >> Rob,
> >>
> >> "Invalid credentials" is a catchall for almost any error during bind,
> > to
> >> avoid disclosing sensitive info (e.g. the user does not exist, or
> > other
> >> details about the account) to malicious clients.  I suggest you look
> > at
> >> server logs at a reasonable level (at worst, -d -1; -d 256 (STATS) or
> > -d
> >> 384 (STATS+ACL) should be a good starting point) to find out more
> > about
> >> the real reason of your failure.
> >>
> >> You don't say what versions of server and client you're using, so
> > further
> >> advise is not possible.
> >>
> >> p.
> >>
> >> --
> >> Pierangelo Masarati
> >> mailto:pierangelo.masarati@sys-net.it
> >>
> >>
> >>
> >>     SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:
> > +390382476497
> >>
> >>
> >
> > Pierangelo,
> >  Also, here is the antry for the DN that can't successfully bind (yes,
> > I did replace the password a
> > string of Xs -- other than that, this is the unmodified output from
> > ldapsearch):
> >
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <o=linfield.edu> with scope sub
> > # filter: cn=postfix
> > # requesting: ALL
> > #
> >
> > # Postfix, Special Users, linfield.edu
> > dn: cn=Postfix,ou=Special Users,o=linfield.edu
> > objectClass: top
> > objectClass: linfieldSpecialUser
> > cn: Postfix
> > ou: Special Users
> > userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXXXX
> >
> > # search result
> > search: 2
> > result: 0 Success
> >
> > # numResponses: 2
> > # numEntries: 1
> >
> >
> > Thanks,
> > Rob
> >
> > --
> > Rob Tanner
> > UNIX Services Manager
> > Linfield College, McMinnville OR
> >
>
>
>
> --
> Pierangelo Masarati
> mailto:pierangelo.masarati@sys-net.it
>
>
>
>     SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
>
>




--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR