[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Authentication

To: "'Robert Harris'" <rharris@raindance.com>
Subject: RE: Authentication
From: "oberwetter, josh" <joberwetter@grownetwork.com>
Date: Wed, 5 Sep 2001 17:03:49 -0400
Cc: "'openldap-software@OpenLDAP.org'" <openldap-software@OpenLDAP.org>

For now add the following to the end of your ACL list:
access to * by * read

See the Admin Guide for info on defining more specific access controls:
http://www.openldap.org/doc/admin/slapdconfig.html#Access Control

> -----Original Message-----
> From: Robert Harris [mailto:rharris@raindance.com]
> Sent: Wednesday, September 05, 2001 4:33 PM
> To: 'oberwetter, josh'
> Subject: RE: Authentication
> 
> # Save the time that the entry gets modified
> lastmod on
> 
> # By default, only read access is allowed
> defaultaccess   read
> 
> # The admin dn has full write access
> access to * by dn="cn=manager,dc=raindance,dc=com" write
> 
> > -----Original Message-----
> > From: oberwetter, josh [mailto:joberwetter@grownetwork.com]
> > Sent: Wednesday, September 05, 2001 2:35 PM
> > To: 'Robert Harris'
> > Subject: RE: Authentication
> > 
> > 
> > It looks like an ACL problem. What are your ACLs? Just paste 
> > them in from
> > you slapd.conf file.
> > 
> > > -----Original Message-----
> > > From: Robert Harris [mailto:rharris@raindance.com]
> > > Sent: Wednesday, September 05, 2001 4:21 PM
> > > To: Openldap-Software (E-mail)
> > > Subject: Authentication
> > > 
> > > Ok, I nuked my config and server built the latest stable 2.0 
> > > server cleaned
> > > up slapd.conf and imported a base company, makes more sense.
> > > 
> > > I tried to login again and get this on my clietns auth.log:
> > > Sep  5 13:27:26 spirit login[3867]: pam_ldap: ldap_simple_bind_s
> > > Insufficient access
> > > Sep  5 13:27:26 spirit PAM_unix[3867]: check pass; user unknown
> > > Sep  5 13:27:26 spirit PAM_unix[3867]: authentication 
> > > failure; LOGIN(uid=0)
> > > -> rharris for login service
> > > Sep  5 13:27:29 spirit login[3867]: FAILED LOGIN (1) on `tty1' FOR
> > > `UNKNOWN', Authentication service cannot retrieve 
> > authentication info.
> > > 
> > > in my debug log on my ldap server I see this:
> > > 
> > > Sep  5 13:30:10 ghost slapd[27683]: => access_allowed: auth 
> > access to
> > > "uid=rharris,ou=people,dc=raindance,dc=com" "userPassword" 
> > requested 
> > > Sep  5 13:30:10 ghost slapd[27683]: => acl_get: [1] check 
> > > attr userPassword 
> > > Sep  5 13:30:10 ghost slapd[27683]: <= acl_get: [1] acl
> > > uid=rharris,ou=people,dc=raindance,dc=com attr: userPassword 
> > > Sep  5 13:30:10 ghost slapd[27683]: => acl_mask: access to entry
> > > "uid=rharris,ou=people,dc=raindance,dc=com", attr 
> > > "userPassword" requested 
> > > Sep  5 13:30:10 ghost slapd[27683]: => acl_mask: to all 
> > > values by "", (=n)  
> > > Sep  5 13:30:10 ghost slapd[27683]: <= check a_dn_pat:
> > > cn=manager,dc=raindance,dc=com 
> > > Sep  5 13:30:10 ghost slapd[27683]: <= acl_mask: no more 
> > > <who> clauses,
> > > returning =n (stop) 
> > > Sep  5 13:30:10 ghost slapd[27683]: => access_allowed: auth 
> > > access denied by
> > > =n 
> > > 
> > > Of course denied.
> > > 
> > > Thoughts?
> > > 
> > 
>

Prev by Date: Re: A New Question about Referrals.
Next by Date: Re: A New Question about Referrals.
Index(es):
- Chronological
- Thread