[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap auth does not works after openldap upgrade



On Tue, Feb 15, 2011 at 04:04:57PM -0200, Leonardo Carneiro wrote:

> Hmm, still did not worked.
> 
> If i do a ldapsearch specifying '-D cn=root,dc=dominio,dc=com,dc=br" and the
> password, the search goes ok. if i do not specify, is asks me for a sasl/md5
> authentication and fails, and just asks for a password. if i include a '-x'
> parameter, also does not work:
> 
> chester@reploid:~$ ldapsearch -v -h 192.168.0.2 -b "dc=dominio,dc=com,dc=br"
> '(objectclass=*)' -LLL -x
> ldap_initialize( ldap://192.168.0.2 )
> filter: (objectclass=*)
> requesting: All userApplication attributes
> No such object (32)

You always need the -x flag. (You can only leave it out if
you supply SASL credentials, and that is a complexity we do
not need right now).

It seems that anon users still cannot see the suffix entry
at all.

Try adding this line just under your 'lastmod off' line:

access to * by * read

Make sure that you restart the slapd process after doing
this. Then try the search:

ldapsearch -x -v -h 192.168.0.2 -b "dc=dominio,dc=com,dc=br" '(objectclass=*)'

If you still get nothing, set SLAPD_OPTIONS="-d 128" in
/etc/default/slapd and restart the server. It should not go
into the background, and should produce some output on the
screen. DO NOT REBOOT with this setting in place.
Now retry just the search above, and post the debug output
along with the new state of the slapd config file.
Remove the "-d 128" again.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------