On Tue, Feb 15, 2011 at 5:08 PM, Leonardo Carneiro chesterman86@gmail.comwrote:
On Tue, Feb 15, 2011 at 4:40 PM, Andrew Findlay < andrew.findlay@skills-1st.co.uk> wrote:
On Tue, Feb 15, 2011 at 04:04:57PM -0200, Leonardo Carneiro wrote:
Hmm, still did not worked.
If i do a ldapsearch specifying '-D cn=root,dc=dominio,dc=com,dc=br" and
the
password, the search goes ok. if i do not specify, is asks me for a
sasl/md5
authentication and fails, and just asks for a password. if i include a
'-x'
parameter, also does not work:
chester@reploid:~$ ldapsearch -v -h 192.168.0.2 -b
"dc=dominio,dc=com,dc=br"
'(objectclass=*)' -LLL -x ldap_initialize( ldap://192.168.0.2 ) filter: (objectclass=*) requesting: All userApplication attributes No such object (32)
You always need the -x flag. (You can only leave it out if you supply SASL credentials, and that is a complexity we do not need right now).
Things are just complicated the way they are. if this will bring a extra layer of complexity I WILL NOT use right now. :)
It seems that anon users still cannot see the suffix entry at all.
Try adding this line just under your 'lastmod off' line:
access to * by * read
Make sure that you restart the slapd process after doing this. Then try the search:
ldapsearch -x -v -h 192.168.0.2 -b "dc=dominio,dc=com,dc=br" '(objectclass=*)'
If you still get nothing, set SLAPD_OPTIONS="-d 128" in /etc/default/slapd and restart the server. It should not go into the background, and should produce some output on the screen. DO NOT REBOOT with this setting in place. Now retry just the search above, and post the debug output along with the new state of the slapd config file. Remove the "-d 128" again.
Putting the "-d 128" made the script that starts the server do not go into
the background, but it did not throw any output, so i called the server "by hand" with the following command:
fileserver:/etc/ldap# /usr/sbin/slapd -h ldapi:/// ldap:/// -g openldap -u openldap -F /etc/ldap/slapd.d -d 128 @(#) $OpenLDAP: slapd 2.4.23 (Nov 22 2010 23:39:34) $
@biber:/build/buildd-openldap_2.4.23-7-i386-mi96UQ/openldap-2.4.23/debian/build/servers/slapd => access_allowed: search access to "cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "cn=module{0},cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "cn={0}core,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "cn={1}cosine,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "cn={2}nis,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "cn={3}inetorgperson,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "cn={4}samba,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "olcDatabase={-1}frontend,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) Backend ACL: access to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * +0 break
Backend ACL: access to dn.base="" by * read
Backend ACL: access to dn.base="cn=subschema" by * read
=> access_allowed: search access to "olcDatabase={0}config,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) Backend ACL: access to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * +0 break
/etc/ldap/slapd.d: line 1: warning: cannot assess the validity of the ACL scope within backend naming context Backend ACL: access to * by * none
/etc/ldap/slapd.d: line 1: warning: cannot assess the validity of the ACL scope within backend naming context => access_allowed: search access to "olcDatabase={1}bdb,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd)
Does these changes that we are making into slapd.conf really being processed? Normally, i see just the "-F /etc/ldap/slapd.d" flag and never the "-f /etc/ldap/slapd.conf".
I uninstalled the recommended upgrade from the first link (the one that told to upgrade from libnss-ldap and libpam-ldap to libnss-ldapd and libpam-ldapd). Now i can do 'su - [login]' and have normal access to files again.