[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Question about OpenLDAP

To: "Howard Chu" <hyc@symas.com>
Subject: RE: Question about OpenLDAP
From: "Mark Hennessy" <mhennessy@cloud9.net>
Date: Tue, 12 Dec 2006 09:30:07 -0500
Cc: openldap-software@openldap.org
Content-class: urn:content-classes:message
In-reply-to: <457DFAE5.7070508@symas.com>
Thread-index: Accdhl28LBweUm77RQO6x7eF28QTbAAc4OPg
Thread-topic: Question about OpenLDAP

My client was able to resolve the connection issue he was having by changing
the binding from "Anonymous" to "None" in his configuration.

Thanks for your assistance in this matter!

--
 Mark Hennessy

> -----Original Message-----
> From: Howard Chu [mailto:hyc@symas.com] 
> Sent: Monday, December 11, 2006 7:42 PM
> To: Mark Hennessy
> Cc: openldap-software@openldap.org
> Subject: Re: Question about OpenLDAP
> 
> Mark Hennessy wrote:
> > I have a user who tries to connect from an IP x.x.x.31, but 
> they keep getting
> > rejected.  The ACL is using IPs to allow anonymous 
> read-only connections.  I
> > have a client at another host that's also in the ACL by IP 
> which is set to
> > use an anonymous connection and that works.  What should I 
> be looking for
> > with this client that's not working?  Also, I built 
> OpenLDAP without SASL on
> > purpose.  This is serving a simple database that could 
> potentially have lots
> > of reads and no writes from a couple of trusted hosts.  Any 
> help in this
> > matter would be greatly appreciated!
> > 
> > This is OpenLDAP from FreeBSD ports built supposedly without SASL.
> > 
> > Dec 11 13:34:19 x slapd[2566]: conn=28 fd=10 ACCEPT from 
> IP=x.x.x.31:1691
> > (IP=0.0.0.0:389)
> > Dec 11 13:34:19 x slapd[2566]: conn=28 op=0 SRCH base="" 
> scope=0 deref=0
> > filter="(objectClass=*)"
> > Dec 11 13:34:19 x slapd[2566]: conn=28 op=0 SRCH 
> attr=supportedCapabilities
> > Dec 11 13:34:19 x slapd[2566]: conn=28 op=0 SEARCH RESULT 
> tag=101 err=0
> > nentries=1 text=
> > Dec 11 13:34:19 x slapd[2566]: conn=28 op=1 SRCH base="" 
> scope=0 deref=0
> > filter="(objectClass=*)"
> > Dec 11 13:34:19 x slapd[2566]: conn=28 op=1 SRCH 
> attr=supportedSASLMechanisms
> > Dec 11 13:34:19 x slapd[2566]: conn=28 op=1 SEARCH RESULT 
> tag=101 err=0
> > nentries=1 text=
> > Dec 11 13:34:19 x slapd[2566]: conn=28 op=2 BIND dn="" method=137
> > Dec 11 13:34:19 x slapd[2566]: conn=28 op=2 RESULT tag=97 
> err=7 text=unknown
> > authentication method
> > Dec 11 13:34:19 x slapd[2566]: conn=28 op=3 UNBIND
> > Dec 11 13:34:19 x slapd[2566]: conn=28 fd=10 closed
> 
> The log shows they're trying to Bind with a "method=137" and 
> correctly 
> getting an unknown authentication method response back. I.e., they're 
> trying to Bind with a mechanism that slapd doesn't recognize. It's 
> certainly not an anonymous LDAP Simple Bind. Seems like a 
> broken client.
> 
> -- 
>    -- Howard Chu
>    Chief Architect, Symas Corp.  http://www.symas.com
>    Director, Highland Sun        http://highlandsun.com/hyc
>    OpenLDAP Core Team            http://www.openldap.org/project/
> 
>

References:
- Re: Question about OpenLDAP
  - From: Howard Chu <hyc@symas.com>

Prev by Date: RE: Question about OpenLDAP
Next by Date: .NET 2.0 and Anonymous bind with OpenLDAP (Was: RE: Question about OpenLDAP)
Index(es):
- Chronological
- Thread