[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: What's the magic to allowing version 2 binds?
On 25-Nov-2002 Pierangelo Masarati wrote:
>
>> Yes.. thats a cut and paste from my slapd.conf file.
>> I'll check on that man page..
>>
>> Terrelle
>>
>> On 25-Nov-2002 Pierangelo Masarati wrote:
>>>
>>>> Ok, I have installed openldap 2.1.8 running on a linux box at kernel
>>>> version 2.4.18 (slackware to be precise)
>>>> I'm running bdb:
>>>>
>>>> Nov 24 21:04:59 belgarath slapd[6129]: bdb_open: Sleepycat Software:
>>>> Berkeley DB 4.1.24: (September 13, 2002)
>>>> Nov 24 21:04:59 belgarath slapd[6129]: bdb_db_init: Initializing BDB
>>>> database Nov 24 21:04:59 belgarath slapd[6129]: slapd starting
>>>>
>>>> Here is the relavent areas of my slapd.conf file:
>>>>
>>>> # Sample access control policy:
>>>> allow bind_v2
>>>
>>> Are you sure you added the above reported line to slapd.conf?
>
> I mean: this is correct, you need this with v2 clients
This is in my slapd.conf file exactly as shown. I don't see it show up when
doing starting slapd -d 64, and watching the stdout (or logs). infact this is
what i get:
line 21 (pidfile /opt2/local/openldap-2.1.8/var/slapd.pid)
line 22 (argsfile /opt2/local/openldap-2.1.8/var/slapd.args)
line 49 (access to dn.base="" by * read)
line 53 (access to * by self write by users read by anonymous auth)
line 60 (defaultsearchbase "dc=xytek,dc=com")
line 65 (database bdb)
bdb_db_init: Initializing BDB database
line 66 (suffix "dc=xytek,dc=com")
line 67 (rootdn "cn=root,dc=xytek,dc=com")
line 71 (rootpw ***)
line 74 (directory /opt2/local/openldap-2.1.8/var/openldap-data)
line 76 (index objectClass eq)
index objectClass 0x0004
slapd starting
>
>>>
>>>> Allow read access of root DSE
>>>> Allow self write access
>>>> Allow authenticated users read access
>>>> Allow anonymous users to authenticate
>>>
>>> Did you really add the above reported lines to slapd.conf?
>
> This is NOT correct (to my knowledge)
>
Well these lines seem to work for ldapv3 clients (outlook 2002 and ldap
browser/editor that i connected with version 3)
(shrug)
>>>
>>>> # Directives needed to implement policy:
>>>> access to dn.base="" by * read
>>>> access to *
>>>> by self write
>>>> by users read
>>>> by anonymous auth
>>>> #
>>>> # if no access controls are present, the default policy is:
>>>> # Allow read by all
>>>> #
>>>> # rootdn can always write!
>>>>
>>>> I can connect just fine using GQ and LDAP browswer/editor v2.8.2
>>>> using ldap v3. Using the Ldap browser/editor in ldap v2 mode and i
>>>> can't connect and get this in the logs (as well as other "ldap aware"
>>>> clients that are using ldap v2 protocal):
>>>>
>>>> Nov 24 21:05:11 belgarath slapd[6129]: daemon: conn=0 fd=10
>>>> connection from IP=192.168.0.3:3621 (IP=0.0.0.0:389) accepted.
>>>> Nov 24 21:05:11 belgarath slapd[6129]: conn=0 op=0 BIND dn=""
>>>> method=128
>>>> Nov 24 21:05:11 belgarath slapd[6129]: conn=0 op=0 RESULT tag=97
>>>> err=2
>>>> text=requested protocol version not allowed
>
> This LDAP_PROTOCOL_ERROR occurs when you DON't SET "allow bind_v2";
> this is why I'm asking ...
>
>>>> Nov 24 21:05:11 belgarath slapd[6129]: conn=0 fd=10 closed
>>>
>>> Then, if your clients are SO hosed, all you can try is:
>>> read slapd.conf(5) )(the one that comes with 2.1.8, not
>>> earlier ones) and play with other "allow" directives.
>
> There are other directives allowing empty/non empty DN/cred,
> but I don't think this is the case.
>
> Be sure the "allow bind_v2" directive is present (e.g.:
>
> [prompt]$ slapd -d -1 2>&1 | grep allow
> line 14 (allow bind_v2)
>
Yeah doing this yields zilch!.. its like the server ( and i have tested this on
2.1.4 and 2.1.8) and i see nothing that says "allow bind_v2" either in stdout
or in the logs.
Anyone else have a clue to why either 2.1.4 or 2.1.8 is not picking up this
paremeter in my slapd.conf file?
Thanks!
----------------------------------
E-Mail: hshaw@xytek.org
Date: 25-Nov-2002
Time: 14:06:01
This message was sent by XFMail
----------------------------------