[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access Control

To: openldap-software@OpenLDAP.org
Subject: Access Control
From: mattyml@bellsouth.net
Date: Fri, 7 Feb 2003 15:02:57 -0500 (EST)

Howdy folks,

I am trying to get Solaris 9 to authenticate users through OpenLDAP. After
reading though the documentation at:

http://docs.sun.com/db/doc/806-4077/6jd6blbeo?a=view

I seem to have a debacle. The file "ldap_client_cred" contains the rootdn
and rootpw that should when looking up accounts. When a user
attempts to login, does the PAM LDAP module bind as the rootdn, anonymous
or the userid that the user passed to "login:?" I am also curious how to
interpret the logfile entries below [Exhibit A]. Is there a any docs on
how to interpret the diff logfile results? I am trying to figure out what
user binds to the directory, and why my ACLs are failing. I assume that
the "to value by ""\" means anonymous, but thought I would ask the gurus.

Thanks for any insight,
Matty

[Exhibit A]
<= bdb_equality_candidates: index_param failed (18)
=> access_allowed: search access to
"uid=testuser,ou=People,dc=test,dc=com" "objectClass" requested
=> dn: [1]
=> acl_get: [2] check attr objectClass
<= acl_get: [2] acl uid=testuser,ou=People,dc=test,dc=com attr:
objectClass
=> acl_mask: access to entry "uid=testuser,ou=People,dc=test,dc=com", attr
"objectClass" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth(=x) (stop)
<= acl_mask: [2] mask: auth(=x)
=> access_allowed: search access denied by auth(=x)
=> access_allowed: search access to
"uid=testuser,ou=People,dc=test,dc=com" "uid" requested
=> dn: [1]
=> acl_get: [2] check attr uid
<= acl_get: [2] acl uid=testuser,ou=People,dc=test,dc=com attr: uid
=> acl_mask: access to entry "uid=testuser,ou=People,dc=test,dc=com", attr
"uid" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: [2] applying auth(=x) (stop)
<= acl_mask: [2] mask: auth(=x)
=> access_allowed: search access denied by auth(=x)
ber_flush: 14 bytes to sd 12
=> access_allowed: search access to "" "objectClass" requested
=> dn: [1]
=> acl_get: [1] matched
=> acl_get: [1] check attr objectClass
<= acl_get: [1] acl  attr: objectClass
=> acl_mask: access to entry "", attr "objectClass" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: *
<= acl_mask: [1] applying read(=rscx) (stop)
<= acl_mask: [1] mask: read(=rscx)
=> access_allowed: search access granted by read(=rscx)
=> access_allowed: read access to "" "entry" requested
=> dn: [1]
=> acl_get: [1] matched
=> acl_get: [1] check attr entry
<= acl_get: [1] acl  attr: entry
=> acl_mask: access to entry "", attr "entry" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: *
<= acl_mask: [1] applying read(=rscx) (stop)
<= acl_mask: [1] mask: read(=rscx)
=> access_allowed: read access granted by read(=rscx)
=> access_allowed: read access to "" "supportedControl" requested
=> dn: [1]
=> acl_get: [1] matched
=> acl_get: [1] check attr supportedControl
<= acl_get: [1] acl  attr: supportedControl
=> acl_mask: access to entry "", attr "supportedControl" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: *
<= acl_mask: [1] applying read(=rscx) (stop)
<= acl_mask: [1] mask: read(=rscx)
=> access_allowed: read access granted by read(=rscx)
ber_flush: 107 bytes to sd 12
ber_flush: 14 bytes to sd 12
^Cslapd shutdown: waiting for 0 threads to terminate
slapd stopped.

Follow-Ups:
- Re: Access Control
  - From: Thomas Nau <thomas.nau@rz.uni-ulm.de>

Prev by Date: Back-META and LDAP v2
Next by Date: Re: Access Control
Index(es):
- Chronological
- Thread