[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP user cannot login



Hi,

I'm moving an LDAP server from one system to another. Data I copied using slapcat -l ldapdata; slapadd -c -q -l ldapdata on new system, then start ldap. But I can't log in as an ordinary user. I've tried resetting the user password using JXplorer, but no luck.

Can anyone spot something wrong in what I'm trying to do? Suggestions appreciated.

thanks in advance, Dick

slapd.conf contains

access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk" attrs=userPassword
by anonymous auth
by self write
by dn.exact="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
by dn.exact="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read


slapd -d acl gives at startup

(#) $OpenLDAP: slapd 2.3.43 (Jan 21 2009 03:59:37) $
mockbuild@builder10.centos.org:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd
Backend ACL: access to attrs=SambaLMPassword,SambaNTPassword
       by dn.base="cn=manager,dc=nerc-sf,dc=ac,dc=uk" write
       by * none

Backend ACL: access to dn.base=""
       by * read

Backend ACL: access to dn.base="cn=subschema"
       by * read

Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
attrs=userPassword
       by anonymous auth
       by self write
       by dn.base="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
       by dn.base="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read

Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
attrs=userPassword,sambaLMPassword,sambaNTPassword
       by anonymous auth
       by self write
       by dn.base="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
       by dn.base="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read

Backend ACL: access to dn.subtree="ou=admins,dc=nerc-sf,dc=ac,dc=uk"
       by dn.regex="cn=[^,]+,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
       by anonymous auth

Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
       by peername.ip="192.171.172.0%255.255.255.0" read
       by peername.ip="192.171.159.192%255.255.255.192" read
       by peername.ip="127.0.0.1" read

=> bdb_entry_get: found entry: "dc=nerc-sf,dc=ac,dc=uk"
=> access_allowed: search access to "uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk" "entryCSN" requested
<= root access granted
slapd starting

When I try to login, slapd gives

=> access_allowed: read access to "uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk" "userPassword" requested
=> dn: [1] dc=nerc-sf,dc=ac,dc=uk
=> acl_get: [1] matched
=> acl_get: [1] attr userPassword
access_allowed: no res from state (userPassword)
=> acl_mask: access to entry "uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk", attr "userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: anonymous
<= acl_mask: [1] applying auth(=xd) (stop)
<= acl_mask: [1] mask: auth(=xd)
=> access_allowed: read access denied by auth(=xd)
send_search_entry: conn 1 access to attribute userPassword, value #0 not allowed


--
Richard Gillman
ITC UNIX Systems Group, Maclean Building, Wallingford OX10 8BB
Tel: 01491 - 692 339
Fax: 01491 - 692 424