Please keep replies on the list.
Naveen.X1.Sarabu@chase.com wrote:
Hi,
On the current running prod server i have the same settings(acls). users line is commented but "by * read " should allow users to read the information.
What I'm trying to tell you is that ACL parsing never gets to that "by * read" because it comes __after__ a commented out line. As such, that "by * read" is either a continuation of the comment or garbage. The fact that on the "current running prod server you have the same settings" is irrelevant.
i am suspecting it some thing to do with password scheme. in ldap all passwprds are in {CRYPT}. I dont know in OS level what scheme it is using and how to check?
No, passwords are in whatever hash you created them (default {SSHA}), and {CRYPT} is the worst choice you could make.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
hi p
you are correct . after removing the commented lines it is working fine.
Rgrds, NS
-----Original Message----- From: Pierangelo Masarati [mailto:ando@sys-net.it] Sent: Sunday, August 31, 2008 5:34 PM To: Sarabu, Naveen X1 (Card Services) Cc: OpenLDAP-Software@openldap.org Subject: Re: openldap server migration issue
Please keep replies on the list.
Naveen.X1.Sarabu@chase.com wrote:
Hi,
On the current running prod server i have the same settings(acls). users line is commented but "by * read " should allow users to read the information.
What I'm trying to tell you is that ACL parsing never gets to that "by * read" because it comes __after__ a commented out line. As such, that "by * read" is either a continuation of the comment or garbage. The fact that on the "current running prod server you have the same settings" is irrelevant.
i am suspecting it some thing to do with password scheme. in ldap all passwprds are in {CRYPT}. I dont know in OS level what scheme it is using and how to check?
No, passwords are in whatever hash you created them (default {SSHA}), and {CRYPT} is the worst choice you could make.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
----------------------------------------- This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you.
openldap-software@openldap.org
-
Naveen.X1.Sarabu@chase.com -
Pierangelo Masarati