[Date Prev][Date Next] [Chronological] [Thread] [Top]
RE: invalid credentials?

To: "Openldap-Software (E-mail)" <openldap-software@OpenLDAP.org>
Subject: RE: invalid credentials?
From: Robert Harris <rharris@raindance.com>
Date: Thu, 6 Sep 2001 10:26:30 -0600

Forgot,  in my debug log I get this on the entry for me (some garbage left
out):

Sep  6 09:25:29 ghost slapd[28781]: => access_allowed: read access to
"uid=rharris,ou=people,dc=raindance,dc=com" "gecos" requested 
Sep  6 09:25:29 ghost slapd[28781]: <= root access granted 
Sep  6 09:25:29 ghost slapd[28781]: => access_allowed: read access to
"uid=rharris,ou=people,dc=raindance,dc=com" "gecos" requested 
Sep  6 09:25:29 ghost slapd[28781]: <= root access granted 
Sep  6 09:25:29 ghost slapd[28781]: => access_allowed: read access to
"uid=rharris,ou=people,dc=raindance,dc=com" "userPassword" requested 
Sep  6 09:25:29 ghost slapd[28781]: <= root access granted 
Sep  6 09:25:29 ghost slapd[28781]: => access_allowed: read access to
"uid=rharris,ou=people,dc=raindance,dc=com" "userPassword" requested 
Sep  6 09:25:29 ghost slapd[28781]: <= root access granted 
Sep  6 09:25:29 ghost slapd[28781]: => test_filter 
Sep  6 09:25:29 ghost slapd[28781]:     EQUALITY 
Sep  6 09:25:29 ghost slapd[28781]: => access_allowed: search access to
"uid=fbarry,ou=people,dc=raindance,dc=com" "uid" requested 
Sep  6 09:25:29 ghost slapd[28781]: <= root access granted 
Sep  6 09:25:29 ghost slapd[28781]: <= test_filter 5 
Sep  6 09:25:29 ghost slapd[28781]: => test_filter 
Sep  6 09:25:29 ghost slapd[28781]:     EQUALITY 
Sep  6 09:25:29 ghost slapd[28781]: => access_allowed: search access to
"cn=users,ou=groups,dc=raindance,dc=com" "uid" requested 
Sep  6 09:25:29 ghost slapd[28781]: <= root access granted 
Sep  6 09:25:29 ghost slapd[28781]: <= test_filter 5 
Sep  6 09:25:29 ghost slapd[28781]: => access_allowed: auth access to
"uid=rharris,ou=people,dc=raindance,dc=com" "userPassword" requested 
Sep  6 09:25:29 ghost slapd[28781]: => acl_get: [1] check attr userPassword 
Sep  6 09:25:29 ghost slapd[28781]: <= acl_get: [1] acl
uid=rharris,ou=people,dc=raindance,dc=com attr: userPassword 
Sep  6 09:25:29 ghost slapd[28781]: => acl_mask: access to entry
"uid=rharris,ou=people,dc=raindance,dc=com", attr "userPassword" requested 
Sep  6 09:25:29 ghost slapd[28781]: => acl_mask: to all values by "", (=n)  
Sep  6 09:25:29 ghost slapd[28781]: <= check a_dn_pat: * 
Sep  6 09:25:29 ghost slapd[28781]: <= acl_mask: [1] applying read (=rscx)
(stop) 
Sep  6 09:25:29 ghost slapd[28781]: <= acl_mask: [1] mask: read (=rscx) 
Sep  6 09:25:29 ghost slapd[28781]: => access_allowed: auth access granted
by read (=rscx) 

> -----Original Message-----
> From: Robert Harris [mailto:rharris@raindance.com]
> Sent: Thursday, September 06, 2001 10:18 AM
> To: Openldap-Software (E-mail)
> Subject: invalid credentials?
> 
> 
> 
> Got a box trying to log in against my ldap server.
> 
> I get this in the box's auth.log
> 
> Sep  6 09:23:11 spirit login[4158]: pam_ldap: 
> ldap_simple_bind_s Invalid
> credentials
> Sep  6 09:23:11 spirit PAM_unix[4158]: check pass; user unknown
> Sep  6 09:23:11 spirit PAM_unix[4158]: authentication 
> failure; LOGIN(uid=0)
> -> rharris for login service
> Sep  6 09:23:13 spirit login[4158]: FAILED LOGIN (1) on `tty1' FOR
> `UNKNOWN', Authentication service cannot retrieve authentication info.
> 
> my ldap_pam.conf and nss-ldap.conf I've tried to specify the 
> binddn as well
> as 
> leaving it commented out.  My slapd.conf has:
> 
> # Grant general read access
> access to * by * read
> 
> # The admin dn has full write access
> access to * by dn="cn=manager,dc=raindance,dc=com" write
> 
> I've also tried swapping the order.  I've verified the 
> password in my .conf
> files against ldapbrowser's password and they're the same.
> 
> Help?
>
Prev by Date: invalid credentials?
Next by Date: Little clue
Index(es):
- Chronological
- Thread