Re: ldap auth does not works after openldap upgrade

On Tue, Feb 15, 2011 at 4:40 PM, Andrew Findlay < andrew.findlay(a)skills-1st.co.uk&gt; wrote: > On Tue, Feb 15, 2011 at 04:04:57PM -0200, Leonardo Carneiro wrote: > > > Hmm, still did not worked. > > > > If i do a ldapsearch specifying '-D cn=root,dc=dominio,dc=com,dc=br" and > the > > password, the search goes ok. if i do not specify, is asks me for a > sasl/md5 > > authentication and fails, and just asks for a password. if i include a > '-x' > > parameter, also does not work: > > > > chester@reploid:~$ ldapsearch -v -h 192.168.0.2 -b > "dc=dominio,dc=com,dc=br" > > '(objectclass=*)' -LLL -x > > ldap_initialize( ldap://192.168.0.2 ) > > filter: (objectclass=*) > > requesting: All userApplication attributes > > No such object (32) > > You always need the -x flag. (You can only leave it out if > you supply SASL credentials, and that is a complexity we do > not need right now). > > Things are just complicated the way they are. if this will bring a extra layer of complexity I WILL NOT use right now. :) > It seems that anon users still cannot see the suffix entry > at all. > > Try adding this line just under your 'lastmod off' line: > > access to * by * read > > Make sure that you restart the slapd process after doing > this. Then try the search: > > ldapsearch -x -v -h 192.168.0.2 -b "dc=dominio,dc=com,dc=br" > '(objectclass=*)' > > If you still get nothing, set SLAPD_OPTIONS="-d 128" in > /etc/default/slapd and restart the server. It should not go > into the background, and should produce some output on the > screen. DO NOT REBOOT with this setting in place. > Now retry just the search above, and post the debug output > along with the new state of the slapd config file. > Remove the "-d 128" again. > > > Putting the "-d 128" made the script that starts the server do not go into the background, but it did not throw any output, so i called the server "by hand" with the following command: fileserver:/etc/ldap# /usr/sbin/slapd -h ldapi:/// ldap:/// -g openldap -u openldap -F /etc/ldap/slapd.d -d 128 @(#) $OpenLDAP: slapd 2.4.23 (Nov 22 2010 23:39:34) $ @biber:/build/buildd-openldap_2.4.23-7-i386-mi96UQ/openldap-2.4.23/debian/build/servers/slapd => access_allowed: search access to "cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "cn=module{0},cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "cn={0}core,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "cn={1}cosine,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "cn={2}nis,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "cn={3}inetorgperson,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "cn={4}samba,cn=schema,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) => access_allowed: search access to "olcDatabase={-1}frontend,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) Backend ACL: access to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * +0 break Backend ACL: access to dn.base="" by * read Backend ACL: access to dn.base="cn=subschema" by * read => access_allowed: search access to "olcDatabase={0}config,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) Backend ACL: access to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * +0 break /etc/ldap/slapd.d: line 1: warning: cannot assess the validity of the ACL scope within backend naming context Backend ACL: access to * by * none /etc/ldap/slapd.d: line 1: warning: cannot assess the validity of the ACL scope within backend naming context => access_allowed: search access to "olcDatabase={1}bdb,cn=config" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) Does these changes that we are making into slapd.conf really being processed? Normally, i see just the "-F /etc/ldap/slapd.d" flag and never the "-f /etc/ldap/slapd.conf".