[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap auth does not works after openldap upgrade

On Wed, Feb 16, 2011 at 04:37:45PM -0200, Leonardo Carneiro wrote:

> The new slapd.d was created successfully and now i can do searches
> anonymously. Searches like:
> ldapsearch -x -h server -D cn=config -w [passwd] -b cn=config
> ldapsearch -x -h server -b "dc=dominio,dc=com,dc=br"
> are working ok now. Unfortunally, services are not able to do the search
> yet. At least with the configuration that was working before the upgrade.

OK - at least you now have some control over the server.

> I notice some of my services do bind as cn=root,dc=dominio,dc=com,dc=br.

That may not be best practice, but I would leave it as-is for now.

> Here it is a example of the apache:
>                 AuthBasicProvider ldap
>                 AuthName "who are you?"
>                 AuthzLDAPAuthoritative OFF
>                 AuthLDAPURL "ldap://
>                 AuthLDAPGroupAttribute memberUid
>                 AuthLDAPGroupAttributeIsDN OFF
>                 AuthLDAPBindDN "cn=root,dc=dominio,dc=com,dc=br"
>                 AuthLDAPBindPassword "[password]"
>                 Require ldap-group
> cn=devteam,ou=groups,dc=dominio,dc=com,dc=br
> In the apache log, it just seams that the apache did bind it to ldap, but
> the search results were null. It should work ok know, since i can even bind
> anonymous, write?

That depends on what searches Apache is issuing, and what data is really
in the LDAP server. One way to find out is to turn up the logging in
slapd. Something like:

loglevel 768

This will cause LDAP requests and results to be logged - probably to

|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |