[Date Prev][Date Next]
Re: What's the magic to allowing version 2 binds?
On 25-Nov-2002 Pierangelo Masarati wrote:
>> Yes.. thats a cut and paste from my slapd.conf file.
>> I'll check on that man page..
>> On 25-Nov-2002 Pierangelo Masarati wrote:
>>>> Ok, I have installed openldap 2.1.8 running on a linux box at kernel
>>>> version 2.4.18 (slackware to be precise)
>>>> I'm running bdb:
>>>> Nov 24 21:04:59 belgarath slapd: bdb_open: Sleepycat Software:
>>>> Berkeley DB 4.1.24: (September 13, 2002)
>>>> Nov 24 21:04:59 belgarath slapd: bdb_db_init: Initializing BDB
>>>> database Nov 24 21:04:59 belgarath slapd: slapd starting
>>>> Here is the relavent areas of my slapd.conf file:
>>>> # Sample access control policy:
>>>> allow bind_v2
>>> Are you sure you added the above reported line to slapd.conf?
> I mean: this is correct, you need this with v2 clients
This is in my slapd.conf file exactly as shown. I don't see it show up when
doing starting slapd -d 64, and watching the stdout (or logs). infact this is
what i get:
line 21 (pidfile /opt2/local/openldap-2.1.8/var/slapd.pid)
line 22 (argsfile /opt2/local/openldap-2.1.8/var/slapd.args)
line 49 (access to dn.base="" by * read)
line 53 (access to * by self write by users read by anonymous auth)
line 60 (defaultsearchbase "dc=xytek,dc=com")
line 65 (database bdb)
bdb_db_init: Initializing BDB database
line 66 (suffix "dc=xytek,dc=com")
line 67 (rootdn "cn=root,dc=xytek,dc=com")
line 71 (rootpw ***)
line 74 (directory /opt2/local/openldap-2.1.8/var/openldap-data)
line 76 (index objectClass eq)
index objectClass 0x0004
>>>> Allow read access of root DSE
>>>> Allow self write access
>>>> Allow authenticated users read access
>>>> Allow anonymous users to authenticate
>>> Did you really add the above reported lines to slapd.conf?
> This is NOT correct (to my knowledge)
Well these lines seem to work for ldapv3 clients (outlook 2002 and ldap
browser/editor that i connected with version 3)
>>>> # Directives needed to implement policy:
>>>> access to dn.base="" by * read
>>>> access to *
>>>> by self write
>>>> by users read
>>>> by anonymous auth
>>>> # if no access controls are present, the default policy is:
>>>> # Allow read by all
>>>> # rootdn can always write!
>>>> I can connect just fine using GQ and LDAP browswer/editor v2.8.2
>>>> using ldap v3. Using the Ldap browser/editor in ldap v2 mode and i
>>>> can't connect and get this in the logs (as well as other "ldap aware"
>>>> clients that are using ldap v2 protocal):
>>>> Nov 24 21:05:11 belgarath slapd: daemon: conn=0 fd=10
>>>> connection from IP=192.168.0.3:3621 (IP=0.0.0.0:389) accepted.
>>>> Nov 24 21:05:11 belgarath slapd: conn=0 op=0 BIND dn=""
>>>> Nov 24 21:05:11 belgarath slapd: conn=0 op=0 RESULT tag=97
>>>> text=requested protocol version not allowed
> This LDAP_PROTOCOL_ERROR occurs when you DON't SET "allow bind_v2";
> this is why I'm asking ...
>>>> Nov 24 21:05:11 belgarath slapd: conn=0 fd=10 closed
>>> Then, if your clients are SO hosed, all you can try is:
>>> read slapd.conf(5) )(the one that comes with 2.1.8, not
>>> earlier ones) and play with other "allow" directives.
> There are other directives allowing empty/non empty DN/cred,
> but I don't think this is the case.
> Be sure the "allow bind_v2" directive is present (e.g.:
> [prompt]$ slapd -d -1 2>&1 | grep allow
> line 14 (allow bind_v2)
Yeah doing this yields zilch!.. its like the server ( and i have tested this on
2.1.4 and 2.1.8) and i see nothing that says "allow bind_v2" either in stdout
or in the logs.
Anyone else have a clue to why either 2.1.4 or 2.1.8 is not picking up this
paremeter in my slapd.conf file?
This message was sent by XFMail