Re: ldap auth does not works after openldap upgrade
On Wed, Feb 16, 2011 at 04:37:45PM -0200, Leonardo Carneiro wrote:
The new slapd.d was created successfully and now i can do searches
anonymously. Searches like:
ldapsearch -x -h server -D cn=config -w [passwd] -b cn=config
ldapsearch -x -h server -b "dc=dominio,dc=com,dc=br"
are working ok now. Unfortunally, services are not able to do the search
yet. At least with the configuration that was working before the upgrade.
OK - at least you now have some control over the server.
I notice some of my services do bind as
cn=root,dc=dominio,dc=com,dc=br.
That may not be best practice, but I would leave it as-is for now.
Here it is a example of the apache:
AuthBasicProvider ldap
AuthName "who are you?"
AuthzLDAPAuthoritative OFF
AuthLDAPURL "ldap://
192.168.0.2/ou=users,dc=dominio,dc=com,dc=br?uid"
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN OFF
AuthLDAPBindDN "cn=root,dc=dominio,dc=com,dc=br"
AuthLDAPBindPassword "[password]"
Require ldap-group
cn=devteam,ou=groups,dc=dominio,dc=com,dc=br
In the apache log, it just seams that the apache did bind it to ldap, but
the search results were null. It should work ok know, since i can even bind
anonymous, write?
That depends on what searches Apache is issuing, and what data is really
in the LDAP server. One way to find out is to turn up the logging in
slapd. Something like:
loglevel 768
This will cause LDAP requests and results to be logged - probably to
/var/log/syslog
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------