[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap auth does not works after openldap upgrade



On Thu, Feb 17, 2011 at 1:03 PM, Pierangelo Masarati <masarati@aero.polimi.it> wrote:
Dieter Kluenter wrote:
Am Thu, 17 Feb 2011 11:28:59 -0200
schrieb Leonardo Carneiro <chesterman86@gmail.com>:

On Thu, Feb 17, 2011 at 9:09 AM, Andrew Findlay <
andrew.findlay@skills-1st.co.uk> wrote:

On Wed, Feb 16, 2011 at 03:29:45PM -0800, Howard Chu wrote:

[...]
Here is the search that Apache is doing. Note that "usuarios" in the
search means "users" in portuguese. It doesn't seems even to check if
the user really does part of the group defined in the apache config.

[...]
filter="(&(objectClass=*)(uid=lscarneiro))"
Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=1 SRCH attr=uid
Feb 17 11:11:39 fileserver slapd[2054]: <= bdb_equality_candidates:
(uid) not indexed
Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=1 ENTRY
dn="uid=lscarneiro,ou=usuarios,dc=dominio,dc=com,dc=br"

here uid=lscarneiro has been found

Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=2 BIND anonymous
mech=implicit ssf=0
Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=2 BIND
dn="uid=lscarneiro,ou=Usuarios,dc=dominio,dc=com,dc=br" method=128
Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=2 RESULT tag=97
err=49 text=

invalid credentials were presented

Or insufficient access or any other error that would not be disclosed occurred.

p.
Hi guys. i saw something interesting now look at here:

fileserver:/etc/ldap/slapd.d# smbldap-usershow lscarneiro | grep userPassword
userPassword: {CRYPT}$1$IDz3CwLp$r5MsSU8QyMyoHUv8r.eqi.
fileserver:/etc/ldap/slapd.d# ldapsearch -v -LLL -h 192.168.0.2 -b "dc=dominio,dc=com,dc=br" -D "cn=root,dc=dominio,dc=com,dc=br" -w [password] "(uid=lscarneiro)"
ldap_initialize( ldap://192.168.0.2 )
filter: (uid=lscarneiro)
requesting: All userApplication attributes
userPassword:: e0NSWVBUfSQxJElEejNDd0xwJHI1TXNTVThReU15b0hVdjhyLmVxaS4=

I think this explains why every single bind that i try with users other than cn=root gives me "invalid credentials". Is my assumption correct? Anyone knows why this passwords are not matching?

Tks in advance.