[Date Prev][Date Next] [Chronological] [Thread] [Top]

Normal User Binding Problem?



3rd attempt at posting this...sorry if you've recieved it more than once, but I'm not seeing it come in on my end!

I have an RedHat ES 3.0 server running OpenSSL 0.9.7c, DB-4.2.52,
Cyrus-SASL-2.1.17, and OpenLDAP-2.2.4.   I have the server running and
am able to bind as "manager" and "anonymous", however when I try to
bind to the server as an actual "user", i.e. myself ahirsch, I get a
connection refused with the following information:

slapd starting
daemon: added 6r
daemon: added 7r
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: new connection on 10
ldap_pvt_gethostbyname_a: host=konldap1, r=0
conn=0 fd=10 ACCEPT from IP=148.80.180.89:33755 (IP=0.0.0.0:389)
daemon: added 10r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
~  0000:  30 31 02 01 01 60 2c 02                            01...`,.
ldap_read: want=43, got=43
~  0000:  01 03 04 1d 63 6e 3d 61  68 69 72 73 63 68 2c 20
....cn=ahirsch,
~  0010:  64 63 3d 63 65 6c 6c 6e  65 74 2c 64 63 3d 63 6f
dc=cellnet,dc=co
~  0020:  6d 80 08 31 52 44 54 63  24 64 62                  m..password
ber_get_next: tag 0x30 len 49 contents:
ber_dump: buf=0x081ed2c8 ptr=0x081ed2c8 end=0x081ed2f9 len=49
~  0000:  02 01 01 60 2c 02 01 03  04 1d 63 6e 3d 61 68 69
...`,.....cn=ahi
~  0010:  72 73 63 68 2c 20 64 63  3d 63 65 6c 6c 6e 65 74   rsch,
dc=cellnet
~  0020:  2c 64 63 3d 63 6f 6d 80  08 31 52 44 54 63 24 64
,dc=com..password
~  0030:  62                                                 b
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x081ed2c8 ptr=0x081ed2cb end=0x081ed2f9 len=46
~  0000:  60 2c 02 01 03 04 1d 63  6e 3d 61 68 69 72 73 63
`,.....cn=ahirsc
~  0010:  68 2c 20 64 63 3d 63 65  6c 6c 6e 65 74 2c 64 63   h,
dc=cellnet,dc
~  0020:  3d 63 6f 6d 80 08 31 52  44 54 63 24 64 62
=com..password
ber_scanf fmt (m}) ber:
ber_dump: buf=0x081ed2c8 ptr=0x081ed2ef end=0x081ed2f9 len=10
~  0000:  00 08 31 52 44 54 63 24  64 62                     ..password
|>> dnPrettyNormal: <cn=ahirsch, dc=cellnet,dc=com>
=> ldap_bv2dn(cn=ahirsch, dc=cellnet,dc=com,0)
<= ldap_bv2dn(cn=ahirsch, dc=cellnet,dc=com,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=ahirsch,dc=cellnet,dc=com,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=ahirsch,dc=cellnet,dc=com,272)=0
<<< dnPrettyNormal: <cn=ahirsch,dc=cellnet,dc=com>,
<cn=ahirsch,dc=cellnet,dc=com>
do_bind: version=3 dn="cn=ahirsch,dc=cellnet,dc=com" method=128
conn=0 op=0 BIND dn="cn=ahirsch,dc=cellnet,dc=com" method=128
daemon: select: listen=6 active_threads=0 tvp=NULL
==> bdb_bind: dn: cn=ahirsch,dc=cellnet,dc=com
bdb_dn2entry("cn=ahirsch,dc=cellnet,dc=com")
=> bdb_dn2id( "dc=cellnet,dc=com" )
<= bdb_dn2id: got id=0x00000001
=> bdb_dn2id( "cn=ahirsch,dc=cellnet,dc=com" )
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30990)
entry_decode: "dc=cellnet,dc=com"
<= entry_decode(dc=cellnet,dc=com)
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=49 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=49
ber_flush: 14 bytes to sd 10
~  0000:  30 0c 02 01 01 61 07 0a  01 31 04 00 04 00
0....a...1....
ldap_write: want=14, written=14
~  0000:  30 0c 02 01 01 61 07 0a  01 31 04 00 04 00
0....a...1....
conn=0 op=0 RESULT tag=97 err=49 text=
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ldap_read: want=8, got=0

ber_get_next on fd 10 failed errno=0 (Success)
connection_read(10): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
daemon: removing 10
conn=0 fd=10 closed
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL

I have verified that the password is correct and I have machines that
I authenticate against that allow me in fine, but am unable to bind,
say with ldapbrowser, as a real user.

Here are my ACL's from my slapd.conf:

access to attrs=userPassword
~     by self write
~     by anonymous auth
~     by dn.base="cn=Manager" write
~     by * none

access to *
~     by self write
~     by dn.base="cn=Manager" write
~     by * read stop

I have also tried it without the dn.base lines with the same errors.
I've been searching online but not finding any answers.  Does anyone
have any idea where I should look next?

TIA!

--
Aaron M. Hirsch
Atos Origin - Cellnet
11146 Thompson Ave.
Lenexa, KS 66219
Work:(913) 312-4717
Fax:(913) 312-4701
Mobile:(913) 284-9094