[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: confusion...





--On Friday, December 31, 2004 12:19 PM -0700 Craig White <craigwhite@azapple.com> wrote:

Trying to log in via ssh on new 2.2.19 installation, I get authenticated
and dropped. This worked in 2.0.27 and I'm not certain how to fix these
things showing in the log...

Dec 31 12:12:29 srv1 slapd[7192]: conn=2 op=2 SRCH
base="ou=Group,dc=tobyhouse,dc=com" scope=1 deref=0 filter="(&
(objectClass=posixGroup)(|
(memberUid=craig)(uniqueMember=uid=craig,ou=people,dc=tobyhouse,dc=com)))"
Dec 31 12:12:29 srv1 slapd[7192]: conn=2 op=2 SRCH attr=cn userPassword
memberUid uniqueMember gidNumber
Dec 31 12:12:29 srv1 slapd[7192]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18)
Dec 31 12:12:29 srv1 slapd[7192]: conn=2 op=2 SEARCH RESULT tag=101
err=0 nentries=13 text=
Dec 31 12:12:29 srv1 slapd[7192]: conn=2 op=3 UNBIND
Dec 31 12:12:29 srv1 slapd[7192]: conn=2 fd=14 closed
Dec 31 12:12:29 srv1 slapd[7192]: conn=3 fd=14 ACCEPT from
IP=127.0.0.1:41904 (IP=0.0.0.0:389)
Dec 31 12:12:29 srv1 slapd[7192]: conn=3 op=0 BIND
dn="dc=tobyhouse,dc=com" method=128
Dec 31 12:12:29 srv1 slapd[7192]: conn=3 op=0 RESULT tag=97 err=53
text=unauthenticated bind (DN with no password) disallowed
Dec 31 12:12:29 srv1 slapd[7192]: conn=3 op=1 UNBIND

1 - I don't have an index for uniqueMember...is that something that I
need?

It likely would help things.

2- Unauthenticated bind (DN with no password) disallowed - I gather that
is something that I got away with the RHEL/2.0.27   Is this a padl
software issue with my configuration?

From slapd.conf:

allow <features> Specify a set of features (separated by white space) to allow (default none). bind_v2 allows acceptance of LDAPv2 bind requests. Note that slapd(8) does not truly implement LDAPv2 (RFC 1777), now Historic (RFC 3494). bind_anon_cred allows anonymous bind when credentials are not empty (e.g. when DN is empty). bind_anon_dn allows unauthenticated (anonymous) bind when DN is not empty. update_anon allow unauthenti- cated (anonymous) update operations to be processed (subject to access controls and other administrative limits).


add "allow bind_anon_dn" to your slapd.conf file.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin