[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap auth does not works after openldap upgrade

To: "Leonardo Carneiro" <chesterman86@gmail.com>
Subject: Re: ldap auth does not works after openldap upgrade
From: masarati@aero.polimi.it
Date: Sat, 19 Feb 2011 13:16:28 +0100 (CET)
Cc: openldap-technical@openldap.org
Importance: Normal
In-reply-to: <AANLkTikPjcdgPocQPn6bo6E1uT0cYsgnKWmsNggPTt+n@mail.gmail.com>
References: <20110215163018.GD13985@slab.skills-1st.co.uk> <AANLkTimz5SB0AYmHnyGF8oDmUcngiyVYyh15sxnEpN9m@mail.gmail.com> <20110215172026.GE13985@slab.skills-1st.co.uk> <AANLkTinJLZhsjq+-P-CXZpwHdkbPP21vo2Ou5MTv9N7R@mail.gmail.com> <20110215184000.GF13985@slab.skills-1st.co.uk> <AANLkTin6mjH+s-3tprRnv8yKyHopZ2JJohojshVj=4nR@mail.gmail.com> <20110216104327.GG22964@slab.skills-1st.co.uk> <4D5BAC27.6030201@symas.com> <20110216121636.GG13985@slab.skills-1st.co.uk> <4D5C5DE9.3080901@symas.com> <20110217110950.GL13985@slab.skills-1st.co.uk> <AANLkTim4C8fmVuPNCF7=bXne_AUtD0FXMUKKYRVHSWvb@mail.gmail.com> <20110217153102.67100031@rubin.avci.de> <4D5D38CC.10207@aero.polimi.it> <AANLkTikPjcdgPocQPn6bo6E1uT0cYsgnKWmsNggPTt+n@mail.gmail.com>
User-agent: SquirrelMail/1.4.15

> On Thu, Feb 17, 2011 at 1:03 PM, Pierangelo Masarati <
> masarati@aero.polimi.it> wrote:
>
>> Dieter Kluenter wrote:
>>
>>> Am Thu, 17 Feb 2011 11:28:59 -0200
>>> schrieb Leonardo Carneiro <chesterman86@gmail.com>:
>>>
>>>  On Thu, Feb 17, 2011 at 9:09 AM, Andrew Findlay <
>>>> andrew.findlay@skills-1st.co.uk> wrote:
>>>>
>>>>  On Wed, Feb 16, 2011 at 03:29:45PM -0800, Howard Chu wrote:
>>>>>
>>>>>  [...]
>>>
>>>> Here is the search that Apache is doing. Note that "usuarios" in the
>>>> search means "users" in portuguese. It doesn't seems even to check if
>>>> the user really does part of the group defined in the apache config.
>>>>
>>>>  [...]
>>>
>>>> filter="(&(objectClass=*)(uid=lscarneiro))"
>>>> Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=1 SRCH attr=uid
>>>> Feb 17 11:11:39 fileserver slapd[2054]: <= bdb_equality_candidates:
>>>> (uid) not indexed
>>>> Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=1 ENTRY
>>>> dn="uid=lscarneiro,ou=usuarios,dc=dominio,dc=com,dc=br"
>>>>
>>>
>>> here uid=lscarneiro has been found
>>>
>>>  Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=1 SEARCH RESULT
>>>> tag=101 err=0 nentries=1 text=
>>>> Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=2 BIND anonymous
>>>> mech=implicit ssf=0
>>>> Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=2 BIND
>>>> dn="uid=lscarneiro,ou=Usuarios,dc=dominio,dc=com,dc=br" method=128
>>>> Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=2 RESULT tag=97
>>>> err=49 text=
>>>>
>>>
>>> invalid credentials were presented
>>>
>>
>> Or insufficient access or any other error that would not be disclosed
>> occurred.
>>
>> p.
>>
> Hi guys. i saw something interesting now look at here:
>
> fileserver:/etc/ldap/slapd.d# smbldap-usershow lscarneiro | grep
> userPassword
> userPassword: {CRYPT}$1$IDz3CwLp$r5MsSU8QyMyoHUv8r.eqi.
> fileserver:/etc/ldap/slapd.d# ldapsearch -v -LLL -h 192.168.0.2 -b
> "dc=dominio,dc=com,dc=br" -D "cn=root,dc=dominio,dc=com,dc=br" -w
> [password]
> "(uid=lscarneiro)"
> ldap_initialize( ldap://192.168.0.2 )
> filter: (uid=lscarneiro)
> requesting: All userApplication attributes
> userPassword:: e0NSWVBUfSQxJElEejNDd0xwJHI1TXNTVThReU15b0hVdjhyLmVxaS4=
>
> I think this explains why every single bind that i try with users other
> than
> cn=root gives me "invalid credentials". Is my assumption correct? Anyone
> knows why this passwords are not matching?

The two passwords match perfectly; only, the latter is base64-encoded for
LDIF presentation (as indicated by the double colon ('::')).

I suggest you run slapd with -d acl in order to see whether the
authentication failure is related to access control, incorrect password or
so.

p.

Follow-Ups:
- Re: ldap auth does not works after openldap upgrade
  - From: Leonardo Carneiro <chesterman86@gmail.com>

References:
- Re: ldap auth does not works after openldap upgrade
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: ldap auth does not works after openldap upgrade
  - From: Leonardo Carneiro <chesterman86@gmail.com>
- Re: ldap auth does not works after openldap upgrade
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: ldap auth does not works after openldap upgrade
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: ldap auth does not works after openldap upgrade
  - From: Leonardo Carneiro <chesterman86@gmail.com>
- Re: ldap auth does not works after openldap upgrade
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: ldap auth does not works after openldap upgrade
  - From: Howard Chu <hyc@symas.com>
- Re: ldap auth does not works after openldap upgrade
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: ldap auth does not works after openldap upgrade
  - From: Howard Chu <hyc@symas.com>
- Re: ldap auth does not works after openldap upgrade
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: ldap auth does not works after openldap upgrade
  - From: Leonardo Carneiro <chesterman86@gmail.com>
- Re: ldap auth does not works after openldap upgrade
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: ldap auth does not works after openldap upgrade
  - From: Pierangelo Masarati <masarati@aero.polimi.it>
- Re: ldap auth does not works after openldap upgrade
  - From: Leonardo Carneiro <chesterman86@gmail.com>

Prev by Date: Re: ldap auth does not works after openldap upgrade
Next by Date: Re: ldap auth does not works after openldap upgrade
Index(es):
- Chronological
- Thread