[Date Prev][Date Next]
Re: Help! bind funny?
"Kurt D. Zeilenga" escribió:
> At 08:21 PM 5/11/00 +0200, Juan Gonzalo de Silva Medina wrote:
> >Well, if I bind to racf database with a invalid user o password the
> >backed return error and not accion is aloved (this work fine at my
> Your output appears to confirm this. Of course, not sure
> why the client attempts to search if the bind failed. Assuming
> you used ldapsearch(1), I'd suspect your backend bind function
> indicated success when it shouldn't have.
Yes I used ldapsearch.
No, my backend work right, he return the rc!=0 if no success and a
message is returned with the error. And ldapsearch stop.
> >If I bind with a right user+password and search the database pruebas I
> >get a abnormal execution....
> abnormal how?
I executed the command ldapsearch:
- the first time the bind is ok, and data is not return.
- the second time the bind is ok, and data is returned.
Well, the command is the same, execute 2 times with equeals parameters.
(ldapserarch -w mypassword -D "CN=S5540, O=RACF" -b "o=pruebas"
> >I execute:
> >ldapserarch -w mypassword -D "CN=S5540, O=RACF" -b "o=pruebas"
> I assume you actually used ldapsearch and protected the search
> filter from shell expansion.
Yes, only user with bind in "racf" backen is aloved to search in
> >The log (slapd -d 128):
> Try slapd -d 1 -d 4 -d 128... ACL debugging without other output
> is quite hard.
> >/ldapsearch.3±*mv -f /usr/local/bin/ud /usr/local/bin/ud-im 775 ud
> >abeledURL)Ù<= acl_access_allowed: matched by clause #2 access granted
> Seems odd to have install output intermixed with your log.
:-?, I do'nt know...
> >The diference is:
> >=> acl_access_allowed: search access to value "any" by ""
> >=> acl_access_allowed: read access to value "any" by "CN=S5540,O=RACF"
> Two different searches (as you noted above). But cannot tell without
> trace output.
No there are equals search, I execute the equeal command ldapsearch.
> >Any idee?
I go to try slapd -d 1 -d 4 -d 128 and write the log to the list.
Thanks for your time...
Juan Gonzalo de Silva Medina