[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can query as anonymous or manager, but can't bind



I tried changing the access control as you recommended, and that didn't solve
the problem of being unable to bind.  I'm currently recompiling to try to
solve the problem of segfaulting when running with -u ldap, but I looked
through the configure options and didn't find anything that seemed
particularly salient. I googled briefly, but couldn't find anyone with the
same or similar problem. I ran slapd with -u ldap -d -1 and got this in my
logfile:

@(#) $OpenLDAP: slapd 2.1.25 (Feb  6 2004 13:41:47) $
        root@students.NebrWesleyan.edu:/root/openldap-2.1.25/servers/slapd
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: socket() failed errno=97 (Address family not supported by protocol)
daemon: initialized ldap:///
daemon_init: 2 listeners opened

That doesn't mean a whole lot to me, and what's really odd is that the first
several lines of the logfile when I run slapd as root are are the same:

@(#) $OpenLDAP: slapd 2.1.25 (Feb  6 2004 13:41:47) $
        root@students.NebrWesleyan.edu:/root/openldap-2.1.25/servers/slapd
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: socket() failed errno=97 (Address family not supported by protocol)
daemon: initialized ldap:///
daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
...

Does anyone have any ideas of things I could try to fix _either_ the problem
of segfaulting when run as user ldap, or the problem of being unable to bind?
Thanks.

Chris

On Fri, 27 Feb 2004, Tony Earnshaw wrote:

>tor, 26.02.2004 kl. 22.38 skrev Chris St. Pierre:
>
>Chris,
>
>Basically what you're trying is right. But a couple of things:
>
>access to attr=userPassword
>>         by self write
>>         by dn="uid=root,ou=People,dc=students,dc=NebrWesleyan,dc=edu"
>> write
>>         by * auth
>
>Change this to "by anonymous auth"
>
>access to attr=loginShell
>>         by self read
>>         by dn="uid=root,ou=People,dc=students,dc=NebrWesleyan,dc=edu"
>> write
>>         by * read
>
>Get rid of the above for the time being, until all other things work.
>It's only complicating things, and it's useless for what you're
>initially trying to do, anyway.
>
>access to *
>>         by self write
>>         by dn="uid=root,ou=People,dc=students,dc=NebrWesleyan,dc=edu"
>> write
>>         by * read
>>         by anonymous auth
>
>Same as above. Change to:
>
>access to *
>  by * read
>
>for the time being. The "auth" line is useless, anyway - that's only
>necessary for userPassword.
>
>Change *one thing at a time* and see if that works, before going on.
>Yes, it means a lot of extra work, but work methodically.
>
>Lastly:
>
>> I posted to this list before, and RTFMed, and STFWed, and the only
>> suggestion I found was to change the ownership of my configuration and
>> data files to a generic user/group, ldap:ldap, and run slapd as that
>> user. I tried that, but slapd segfaults immediately.
>
>Obviously the user/group have to exist, but this is the way to go. slapd
>should not be running as root. If you are getting seg faulting under
>*any* circumstances, your compile is faulty, or it could be permission
>problems on DSO libraries linked in. Seg faults (signal 11, at least)
>are due to memory allocation problems.
>
>Best,
>
>--Tonni
>
>--
>
>mail: billy - at - billy.demon.nl
>http://www.billy.demon.nl
>
>

****************************************************************
"Listen: We are here on Earth to fart around. Don't let anybody
 tell you any different!"    --Kurt Vonnegut