[Date Prev][Date Next] [Chronological] [Thread] [Top]

can query as anonymous, can't bind -- still

To: openldap-software@OpenLDAP.org
Subject: can query as anonymous, can't bind -- still
From: "Chris St. Pierre" <cas1650@NebrWesleyan.edu>
Date: Tue, 09 Mar 2004 16:51:34 -0600 (CST)

I've emailed this list a few times now about the same problem, and each times
I've gotten some helpful solutions that turned out not to work.  So here I am
again.

Basically, I've got OpenLDAP 2.1.25 running on YellowDog Linux.  I used PADL's
migration tools to migrate my authentication data over to OpenLDAP, and now I
want to use OpenLDAP to authenticate both system users and users via PHP.  I
can authenticate system users just fine, and I can login, etc., without
problems.  I can also query the LDAP database as anonymous or as the manager,
but I cannot bind and query as an authenticated user.  Since the best way I
know of PHP-LDAP authentication requires binding, that puts a crimp in my
plans.

The first suggestion I got was to change the ownership of a few files to
ldap:ldap and run slapd with '-u ldap', but that just segfaults slapd
instantly.

The second suggestion I got was to change some of my ACLs.  I changed them as
specified, and but one of the changes broke LDAP to the point that system
authentication no longer worked, and you couldn't even login.  I backed up
from my previously working slapd.conf, but it still didnt' work.  I let the box
sit, totally untouched, over the weekend, and it fixed itself.

This seems to be a remarkably common problem from the volume of results my
googling has returned, but none of the fixes proposed have worked.  If anyone
has any new suggestions, I'd love to hear them.

If you need more information, I may have addressed it in one of my other
emails to this list; you can find them at:

http://www.openldap.org/lists/openldap-software/200402/msg00253.html
http://www.openldap.org/lists/openldap-software/200402/msg00704.html

I have also included my slapd.conf below for your perusal.

Thanks again,

Chris St. Pierre

************ slapd.conf **************

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/misc.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema

access to *
        by self write
        by dn="uid=root,ou=People,dc=students,dc=NebrWesleyan,dc=edu" write
        by * read
        by anonymous auth

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=students,dc=NebrWesleyan,dc=edu"
rootdn          "cn=manager,dc=students,dc=NebrWesleyan,dc=edu"
rootpw          ...
directory       /usr/local/var/openldap-data
index   objectClass     eq
password-hash {MD5}

************end: slapd.conf *************

****************************************************************
"Listen: We are here on Earth to fart around. Don't let anybody
 tell you any different!"    --Kurt Vonnegut

Prev by Date: TLS/SSL failover problem
Next by Date: sldapd-meta / SearchFilter rewriting does not work - any hints?
Index(es):
- Chronological
- Thread