[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: I'm have a problem w/userPasswords and binding

To: ando@sys-net.it
Subject: Re: I'm have a problem w/userPasswords and binding
From: Rob Tanner <rtanner@linfield.edu>
Date: Fri, 08 Oct 2004 09:15:29 -0700
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <40164.131.175.154.56.1097219971.squirrel@131.175.154.56>
References: <3E4FBEFF4C2C85EEA29B886F@oberon.linfield.edu> <40164.131.175.154.56.1097219971.squirrel@131.175.154.56>

--On Friday, October 08, 2004 09:19:31 AM +0200 Pierangelo Masarati <ando@sys-net.it> wrote:
>
> Rob,
>
> "Invalid credentials" is a catchall for almost any error during bind, to
> avoid disclosing sensitive info (e.g. the user does not exist, or other
> details about the account) to malicious clients. I suggest you look at
> server logs at a reasonable level (at worst, -d -1; -d 256 (STATS) or -d
> 384 (STATS+ACL) should be a good starting point) to find out more about
> the real reason of your failure.
>
> You don't say what versions of server and client you're using, so further
> advise is not possible.
>
Pierangelo,
I am running openldap v2.2.17. Clients and server are from the same build. I've set the log level in slapd.conf
(I presume that's the same as the '-d nnn' option on the command line). Below I've included the logs from first
the successful bind and then the failed bind. The value of the userPassword attribute is exactly the same for
the DN that successfully bound and the DN that failed.

Oct 8 09:10:41 belgarian slapd[18449]: conn=3 fd=9 ACCEPT from IP=10.170.132.5:44754 (IP=0.0.0.0:389)
Oct 8 09:10:41 belgarian slapd[18449]: conn=3 op=0 BIND dn="linfieldID=31214,ou=people,o=linfield.edu" method=128
Oct 8 09:10:41 belgarian slapd[18449]: conn=3 op=0 BIND dn="linfieldID=31214,ou=People,o=linfield.edu" mech=SIMPLE ssf=0
Oct 8 09:10:41 belgarian slapd[18449]: conn=3 op=0 RESULT tag=97 err=0 text=
Oct 8 09:10:41 belgarian slapd[18449]: conn=3 op=1 SRCH base="o=linfield.edu" scope=2 deref=0 filter="(uid=irvw)"
Oct 8 09:10:41 belgarian slapd[18449]: conn=3 op=1 SRCH attr=cn
Oct 8 09:10:41 belgarian slapd[18449]: conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Oct 8 09:10:41 belgarian slapd[18449]: conn=3 op=2 UNBIND
Oct 8 09:10:41 belgarian slapd[18449]: conn=3 fd=9 closed
Oct 8 09:10:54 belgarian slapd[18449]: conn=4 fd=9 ACCEPT from IP=10.170.132.5:44755 (IP=0.0.0.0:389)
Oct 8 09:10:54 belgarian slapd[18449]: conn=4 op=0 BIND dn="cn=postfix,ou=special users,o=linfield.edu" method=128
Oct 8 09:10:54 belgarian slapd[18449]: conn=4 op=0 RESULT tag=97 err=49 text=
Oct 8 09:10:54 belgarian slapd[18449]: conn=4 fd=9 closed

Thanks,
Rob

--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR

References:
- I'm have a problem w/userPasswords and binding
  - From: Rob Tanner <rtanner@linfield.edu>
- Re: I'm have a problem w/userPasswords and binding
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: 2.1GB file size limit on slapcat?
Next by Date: Re: I'm have a problem w/userPasswords and binding
Index(es):
- Chronological
- Thread