[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: From my perspective, nothing works

To: Jonathan Steinert <hachi@kuiki.net>
Subject: Re: From my perspective, nothing works
From: Kevin McCarthy <openldap@kogz.com>
Date: Tue, 4 Dec 2001 15:13:55 -0500
Cc: openldap-software@OpenLDAP.org
In-reply-to: <DPEJKEFJOOADNCMHFMPLIEEBCCAA.hachi@kuiki.net>
References: <DPEJKEFJOOADNCMHFMPLIEEBCCAA.hachi@kuiki.net>
User-agent: Internet Messaging Program (IMP) 3.0-RC1

Try using the primitives. If you are using LDAP simple auth, then peform simple 
queries using ldapsearch from the command line using the username and password 
as the actor. Here is a simple script. Copy and paste this into a file, edit 
the top 4 lines, chmod 755 it, and run it.

-----------------------------------------------------------------------
#!/bin/sh

ldapsearch="/usr/local/bin/ldapsearch"
host="localhost"
user="uid=joe.bloggs,ou=people,dc=mycom,dc=com"
password="foobar"
base="\"\""
scope=base

root_dse="$ldapsearch -x        \
        -h $host                \
        -D $user                \
        -w $password            \
        -b $base                \
        -s $scope               \
        objectclass=* +         "

echo
eval $root_dse

-----------------------------------------------------------------------

You should see:
#
dn:
namingContexts: dc=mycom,dc=com
supportedControl: 2.16.840.1.113730.3.4.2
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedLDAPVersion: 2
supportedLDAPVersion: 3
subschemaSubentry: cn=Subschema

# search result
search: 2
result: 0 Success

# numResponses: 


If not, check out your ACLs and the startup FAQ. If you are using SASL, 
Kerberos, etc., try those all independently, then try the above script using 
your authentication methods (instead of the -x for simple).

Kevin

Quoting Jonathan Steinert <hachi@kuiki.net>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I was hoping to use LDAP as my central user database for PAM
> authentication,
> apacehe authentication, and a few other things (perhaps email stuff). The
> only problem so far that I can see though is that while my slapd reports
> that everything is working, and all requests are answered according to the
> logs, nothing works yet.
> 
> I set up my ldap tree according to what I gather to be the 'standards', but
> I havent found any example trees to be even remotely sure that I am doing
> it
> right. If I take a PAM machine and set it up to use ldap, ldap always
> fails;
> the same happens for lib_auth_ldap with apache, and ldap authentication on
> my OSX mac.
> 
> I'm looking for a way to debug out ANY of these autenticators to tell me
> why
> it failed. The logs that I get are always something like 'authentication
> failed', but I would like more information. Was the username field missing?
> did the passwords not match? Was it the wrong encryption type?
> 
> Anyone know how to get these answers? Did I miss a document somewhere?
> 
> Thanks
> 
> - ---------------------------- -- -+- -- ----------------------------- -
> hachi@kuiki.net            Jonathan Steinert           http://kuiki.net/
> "She smiled again, shrugged her shoulders, and became a perfect mirror."
> - -------------------------------------------------------------------- -
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
> 
> iQA/AwUBPA0tpGL2WGwVzwzxEQLWpQCdExnsQmWNX8Sj3Wd7q+BCKMcQeqcAnAh5
> 4/flG62mAl/LrXiwPdOMtHbN
> =ELVF
> -----END PGP SIGNATURE-----
> 
> 




-------------------------------------------------
This mail sent from Biltmore Communications
	http://www.biltmorecomm.com

References:
- From my perspective, nothing works
  - From: "Jonathan Steinert" <hachi@kuiki.net>

Prev by Date: Re: From my perspective, nothing works
Next by Date: Re: Solaris 8 requirements
Index(es):
- Chronological
- Thread