[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re:re: noob Password wierdness



That's a Roger. Still, w/anonymous user no r/w permission, only as manager.
I no get how I did it!

Quoting John Dalbec <jpdalbec@cc.ysu.edu>:

> Are you able to read and write to the directory when you bind with an
> empty
> password?  Normally an empty password is interpreted as a signal to
> bind
> anonymously to the server.
> John
> 
> hosford@hosfordz.com wrote:
> > 
> > I simply don't know how I did it, but the server thinks there's no
> password
> > (literally) takes "" for Manager password. Dunno why. Here's my
> slapd.conf
> > include         /usr/local/etc/openldap/schema/core.schema
> > include         /usr/local/etc/openldap/schema/cosine.schema
> > include         /usr/local/etc/openldap/schema/inetorgperson.schema
> > 
> > pidfile         /usr/local/var/slapd.pid
> > argsfile        /usr/local/var/slapd.args
> >         Allow read access of root DSE
> >         Allow self write access
> >         Allow authenticated users read access
> >         Allow anonymous users to authenticate
> > 
> > # Load dynamic backend modules:
> > # modulepath    /usr/local/libexec/openldap
> > # moduleload    back_ldap.la
> > # moduleload    back_ldbm.la
> > # moduleload    back_passwd.la
> > # moduleload    back_shell.la
> > 
> > # if no access controls are present, the default is:
> > #       Allow read by all
> > #
> > # rootdn can always write!
> > database        ldbm
> > suffix "dc=aesd,dc=net"
> > rootdn "cn=Manager,dc=awsd,dc=com"
> > rootpw whatismypass
> > # The database directory MUST exist prior to running slapd AND
> > # should only be accessible by the slapd/tools. Mode 700
> recommended.
> > directory /usr/local/var/openldap-ldbm
> > #directory /usr/local/var/openldap-ldbm
> > # Indices to maintain
> > index   cn,sn,uid       eq
> > index   objectClass     eq
> > access to dn="" by * read
> > access to *
> >         by self write
> >         by users read
> >         by anonymous auth
> > access to attr=userPassword
> >         by self write
> >         by anonymous auth
> >         by dn="cn=Manager,dc=awsd,dc=com" write
> >         by * none
>