[Date Prev][Date Next] [Chronological] [Thread] [Top]

RES: RES: Newbie question on client Auth and SSL

To: "'Quanah Gibson-Mount'" <quanah@stanford.edu>
Subject: RES: RES: Newbie question on client Auth and SSL
From: Bruno Di Rei Araujo <BrunoA@calu.com.br>
Date: Thu, 4 Nov 2004 16:20:08 -0200
Cc: "'OpenLDAP software list'" <openldap-software@OpenLDAP.org>

Quanah,

I believe you are just right, because it now show a different error, but
SASL stuff is gone. Now, when I issue the command you advice me to, as
follow, I get "ldap_bind: Invalid credentials (49)". 

[root@srvoracle root]# ldapsearch -x
-D"uid=adriela,ou=usuarios,dc=calu,dc=com,dc=br" -w123456
-b"dc=calu,dc=com,dc=br" uid=adriela
[root@srvoracle root]# 
[root@srvoracle root]# tail -n 4 /var/log/slapd.log
Nov  4 16:07:25 srvoracle slapd[2274]: conn=2 fd=9 ACCEPT from
IP=127.0.0.1:37519 (IP=0.0.0.0:389)
Nov  4 16:07:25 srvoracle slapd[2274]: conn=2 op=0 BIND
dn="uid=adriela,ou=usuarios,dc=calu,dc=com,dc=br" method=128
Nov  4 16:07:25 srvoracle slapd[2274]: conn=2 op=0 RESULT tag=97 err=49
text=
Nov  4 16:07:25 srvoracle slapd[2274]: conn=2 fd=9 closed
[root@srvoracle root]#

It seems that I'm still miss something: that seems to be some ACL or even
any procedure that should be done on users to auth. I read in
http://www.openldap.org/doc/admin22/slapdconfig.html#Access%20Control how to
change and its arguments. But it seems not to change anything in the log
file when the error comes up.

Any clue?

Regards,
Bruno


-----Mensagem original-----
De: Quanah Gibson-Mount [mailto:quanah@stanford.edu]
Enviada em: sábado, 30 de outubro de 2004 2:09
Para: Bruno Di Rei Araujo
Cc: 'OpenLDAP software list'
Assunto: Re: RES: Newbie question on client Auth and SSL




--On Friday, October 29, 2004 4:12 PM -0200 Bruno Di Rei Araujo 
<BrunoA@calu.com.br> wrote:

> Quanah,
>
> Maybe I expressed myself in a wrong way. With "binding" I mean "user".
> So, what I'm trying is to ldapsearch from a remote host (i.e. client) and
> to authenticate squid (using pam_auth). The commands on the remote host
> were:
>
># pam_auth -n squid_ldap   ----- In this case, the user were "Anonymous"
># (as
> far as I can tell)
>
>
># ldapsearch -Uadriela -b "dc=calu,dc=com,dc=br" "(uid=adriela)"
>                ^^^^^^^
> --- Now,       this      (adriela) is the user. I'm trying to search it
> own entry

I think you misunderstand how to connect to the directory server in this 
case.  If you don't have SASL set up, you would probably get more success 
with something like:

ldapsearch -x -D"uid=adriela,dc=calu,dc=com,dc=br" -w <password> 
-b"dc=calu,dc=com,dc=br" uid=adriela

-x will perform a simple bind in this case (No SASL)

removing the -x will perform a SASL bind.

The -D flag I supplied is likely wrong, since I don't know how your 
directory tree is laid out.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

-- 
Internal Virus Database is out-of-date.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.279 / Virus Database: 264.10.2 - Release Date: 08/10/04
 

-- 
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.279 / Virus Database: 264.12.7 - Release Date: 01/11/04

Follow-Ups:
- Re: RES: RES: Newbie question on client Auth and SSL
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: Memory leaks using ldap_first_attribute(), ldap_next_attribute(), and ber_free()
Next by Date: Rerunning rejected replog fails (by design?)
Index(es):
- Chronological
- Thread