[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: invalid credentials (49) for normal user
Try:
access to attrs=userPassword
by dn="uid=root,ou=People,o=M1,c=GB" write
by self write
by anonymous auth
by * none
access to *
by self write
by users read
by anonymous auth
-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Dieter Kluenter
Sent: Thursday, December 30, 2010 7:56 AM
To: openldap-technical@openldap.org
Subject: Re: invalid credentials (49) for normal user
Am Thu, 30 Dec 2010 15:14:34 +0000
schrieb rui <guideveloper@gmail.com>:
> Hi,
>
> This is the output after doing "-d 128"
> http://pastebin.com/6Jb9j7F7
>
> my latest slapd.conf is this:
> ###########################################################################
> # # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable. #
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/dyngroup.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/misc.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/openldap.schema
>
> #######################################################################
> # bdb database definitions
> #######################################################################
> database bdb
> suffix "o=M1,c=GB"
> rootdn "uid=root,ou=People,o=M1,c=GB"
> rootpw test123
> directory /var/lib/ldap
>
> # Indices to maintain
> index objectClass,uid,uidNumber,gidNumber eq
> index cn,mail,surname,givenname eq,subinitial
>
> ## logging.
> #loglevel acl
>
> access to attrs=userPassword
> by self write
> by dn="uid=root,ou=People,o=M1,c=GB" write
> by * auth
>
> access to *
> by self write
> by users read
> by anonymous auth
The warnings in the debugging output (no by clauses specified) should
have raised your attention.
The way access rules are written, is bogus. Access rules have to be put
on a single line, but this line may have continuations. The manual
page slapd.access(5) and the admin guide
http://www.openldap.org/doc/admin24/access-control.html
give a good idea on how access rules should be written.
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.