[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Bind Probs, slappaswd vs. LDAPAdmin Password value
- To: openldap-software@OpenLDAP.org
- Subject: Bind Probs, slappaswd vs. LDAPAdmin Password value
- From: Max Merighi <mcmer@tor.at>
- Date: Mon, 19 May 2003 13:59:36 +0200
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.3) Gecko/20030312
Hello folks,
I'm having a weird problem... at least that's what it seems to me, a
(Open)LDAP rookie.
- OpenLDAP up and running.
- Courier IMAP LDAP up and running on same machine.
- Various W32 Clients from LAN: Mozilla Address Book, LDAP Administrator.
If I use 'slappasswd' to generate an userPassword value (slapd.conf,
cn=asfer), then everything's o.k. for courier and ldapsearch on the
local machine, but 'remote' clients from LAN can't bind (LDAP logs
provided).
On the other hand, if I use the above 'LDAPAdministrator' to generate
the Password Hashes and use these in slapd.conf and for cn=asfer, the
local clients (courier, ldapsearch) wouldn't work, but remote
(LDAPAdmin, Mozilla) do (logs not provided).
When I look at the Password Hashes it gets quite obvious, what is wrong:
the Hashes done by slappaswd for the Password supplied are 33 Bytes,
those by LDAPAdmin are 65 Bytes (just 'wc'-ing, without {SSHA}-Prefix,
same Password, both {SSHA}).
It's clear that 'slappasswd' is 'the one'; what are these W32 clients
expecting? Why is ldapsearch/courier working? What am I missing?!
Thanks in advance
Max
=====================================
Bind w/ Mozilla Address Book (remote) as Admin:
May 19 13:29:08 axe slapd[9955]: daemon: conn=7 fd=16 connection from
IP=192.168.3.110:1492 (IP=0.0.0.0:389) accepted.
May 19 13:29:08 axe slapd[9955]: conn=7 op=0 BIND
dn="CN=ADMIN,DC=TOR,DC=AT" method=128
May 19 13:29:08 axe slapd[9955]: conn=7 op=0 RESULT tag=97 err=50 text=
... and as user:
May 19 13:08:08 axe slapd[4073]: daemon: conn=0 fd=9 connection from
IP=192.168.3.110:1478 (IP=0.0.0.0:389) accepted.
May 19 13:08:08 axe slapd[4073]: conn=0 op=0 BIND
dn="CN=ASFER,OU=PERSONEN,DC=TOR,DC=AT" method=128
May 19 13:08:08 axe slapd[4073]: conn=0 op=0 RESULT tag=97 err=49 text=
Bind w/ courier imap (localhost):
May 19 13:10:13 axe slapd[26000]: daemon: conn=0 fd=9 connection from
IP=127.0.0.1:42305 (IP=0.0.0.0:389) accepted.
May 19 13:10:13 axe slapd[26000]: conn=0 op=0 BIND
dn="CN=ADMIN,DC=TOR,DC=AT" method=128
May 19 13:10:13 axe slapd[26000]: conn=0 op=0 RESULT tag=97 err=0 text=
May 19 13:10:13 axe slapd[26000]: conn=0 op=1 SRCH
base="ou=Personen,dc=tor,dc=at" scope=2 filter="(&(mail=asfer@tor.at))"
May 19 13:10:13 axe slapd[26000]: conn=0 op=1 SEARCH RESULT tag=101
err=0 text=
Bind w/ LDAPAdministrator (remote):
May 19 13:10:46 axe slapd[26000]: daemon: conn=1 fd=15 connection from
IP=192.168.3.110:1481 (IP=0.0.0.0:389) accepted.
May 19 13:10:46 axe slapd[26000]: conn=1 op=0 BIND
dn="CN=ADMIN,DC=TOR,DC=AT" method=128
May 19 13:10:46 axe slapd[26000]: conn=1 op=0 RESULT tag=97 err=50 text=
May 19 13:10:57 axe slapd[26000]: conn=1 op=1 UNBIND
May 19 13:10:57 axe slapd[26000]: conn=-1 fd=15 closed
Bind w/ ldapsearch ("ldapsearch -D 'cn=Admin,dc=tor,dc=at' -x -W -b
'dc=tor,dc=at' '(objectclass=*)'"localhost):
May 19 13:21:17 axe slapd[9955]: daemon: conn=5 fd=17 connection from
IP=127.0.0.1:24607 (IP=0.0.0.0:389) accepted.
May 19 13:21:17 axe slapd[9955]: conn=5 op=0 BIND
dn="CN=ADMIN,DC=TOR,DC=AT" method=128
May 19 13:21:17 axe slapd[9955]: conn=5 op=0 RESULT tag=97 err=0 text=
May 19 13:21:17 axe slapd[9955]: conn=5 op=1 SRCH base="dc=tor,dc=at"
scope=2 filter="(objectClass=*)"
May 19 13:21:17 axe slapd[9955]: conn=5 op=1 SEARCH RESULT tag=101 err=0
text=
May 19 13:21:17 axe slapd[9955]: conn=5 op=2 UNBIND
May 19 13:21:17 axe slapd[9955]: conn=-1 fd=17 closed
=====================================
OS: OpenBSD 3.2
OpenLDAP Server 2.0.27:
http://www.openbsd.org/3.2_packages/i386/openldap-server-2.0.27.tgz-long.html
OpenLDAP Client 2.0.27:
http://www.openbsd.org/3.2_packages/i386/openldap-client-2.0.27.tgz-long.html
=====================================
Config:
#--------schema start------------
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/authldap.schema
#include /etc/openldap/schema/qmail.schema
#--------referral---------------
#referral ldap://root.openldap.org
#--------run stuff--------------
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
#--------access control----------
defaultaccess none
access to dn="cn=Admin,dc=tor,dc=at"
by * none
access to attr=userPassword
by self write
by anonymous auth
by dn="cn=Admin,dc=tor,dc=at" write
by * none
access to *
by self write
by dn="cn=Admin,dc=tor,dc=at" write
by users read
#--------------------------------
defaultsearchbase "dc=tor,dc=at"
database ldbm
directory /usr/local/var/openldap-ldbm
schemacheck on
sizelimit 500
timelimit 3600
lastmod on
cachesize 1000
dbcachesize 100000
mode 0600
suffix "dc=tor,dc=at"
loglevel 256
rootdn "cn=Admin,dc=tor,dc=at"
# ldapadmin
#rootpw <secret>
password-hash {SSHA}
require authc
threads 32
dbnosync on
dbsync 120 7 30
defaultaccess none
#disallow bind_simple_unprotected
#--------indices------------------
index uid pres,eq
index objectClass eq
index cn,sn,mail pres,eq,sub
#----------------------------------
==========config end==============
EOM