[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: verification

To: "Douglas B. Jones" <douglas@gpc.edu>
Subject: Re: verification
From: Eric Irrgang <erici@motown.cc.utexas.edu>
Date: Tue, 18 Apr 2006 16:55:03 -0500 (CDT)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <PHEKJLKKDLGCAEJLJPHMOEOMGAAA.douglas@gpc.edu>
References: <PHEKJLKKDLGCAEJLJPHMOEOMGAAA.douglas@gpc.edu>

I don't know what versions of OpenLDAP are affected, but ITS 4323 snagged
me in a very similar situation for several revisions of OL 2.3.1x.

>From the looks of things at
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/backglue.c?hideattic=1&sortbydate=0
the problem was patched before the release of 2.3.21.

On Fri, 14 Apr 2006, Douglas B. Jones wrote:

>
>If I have the following in slapd.conf:
>
>suffix	"dc=a,dc=x,dc=y"
>...
>subordinate
>
>suffix	"dc=b,dc=x,dc=y"
>...
>subordinate
>
>suffix	"dc=c,dc=x,dc=y"
>...
>subordinate
>
>suffix	"dc=x,dc=y"
>
>
>If I verify a user uid=userA,dc=a,dc=x,dc=y with the
>correct password, then it works fine. If I try to verify
>the user uid=userA,dc=x,dc=y with the correct password,
>it fails with the error in the log as:
>
>RESULT tag=97 err=53 text=unauthenticated bind
>  (DN with no password) disallowed
>
>The above is from a web app. I think that has something
>to do with config. of the app. If I use the ldapsearch
>command, I get:
>
>BIND dn="uid=userA,dc=x,dc=y" method=128
>Apr 14 12:05:25 c01 slapd[208513]: conn=455 op=0 RESULT tag=97 err=49 text=
>
>Works fine if I user in ldapsearch -D switch:
>
>uid=userA,dc=a,dc=x,dc=y
>
>which is where userA resides.
>
>I believe I am doing something wrong, but not sure what.
>Any ideas? Thanks!
>

-- 
Eric Irrgang - UT Austin ITS Unix Systems - (512)475-9342

References:
- verification
  - From: "Douglas B. Jones" <douglas@gpc.edu>

Prev by Date: Re: Shell backend: read_and_send_results
Next by Date: Case (in)sensitivity in "by set" ACL?
Index(es):
- Chronological
- Thread