Re: RES: RES: Newbie question on client Auth and SSL

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Thursday, November 04, 2004 4:20 PM -0200 Bruno Di Rei Araujo 
<BrunoA@calu.com.br> wrote:

> Quanah,
>
> I believe you are just right, because it now show a different error, but
> SASL stuff is gone. Now, when I issue the command you advice me to, as
> follow, I get "ldap_bind: Invalid credentials (49)".
>
> [root@srvoracle root]# ldapsearch -x
> -D"uid=adriela,ou=usuarios,dc=calu,dc=com,dc=br" -w123456
> -b"dc=calu,dc=com,dc=br" uid=adriela
> [root@srvoracle root]#
> [root@srvoracle root]# tail -n 4 /var/log/slapd.log
> Nov  4 16:07:25 srvoracle slapd[2274]: conn=2 fd=9 ACCEPT from
> IP=127.0.0.1:37519 (IP=0.0.0.0:389)
> Nov  4 16:07:25 srvoracle slapd[2274]: conn=2 op=0 BIND
> dn="uid=adriela,ou=usuarios,dc=calu,dc=com,dc=br" method=128
> Nov  4 16:07:25 srvoracle slapd[2274]: conn=2 op=0 RESULT tag=97 err=49
> text=
> Nov  4 16:07:25 srvoracle slapd[2274]: conn=2 fd=9 closed
> [root@srvoracle root]#
>
> It seems that I'm still miss something: that seems to be some ACL or even
> any procedure that should be done on users to auth. I read in
> http://www.openldap.org/doc/admin22/slapdconfig.html#Access%20Control how
> to change and its arguments. But it seems not to change anything in the
> log file when the error comes up.
>
> Any clue?

You may want to start slapd with "-d -1" in one screen, and watch the debug 
output to see if you have any ACL's that are interfering.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html