Am Mittwoch, 04. Januar 2017 19:31 CET, Joshua Schaeffer jschaeffer0922@gmail.com schrieb:
The log here shows a successful BIND.
Hmm, the log
| Jan 2 12:17:22 openldapserver slapd[1082]: conn=2884 op=0 BIND dn="" method=128
shows a successful _anonymous_ bind, that has nothing to do with the authentication.
The "(host) no indexed" entry is not an error, it is simply a message telling you that the "host" attribute is a candidate to be indexed for your BDB database. If you want that message to go away then add an equality index for host.
Side note: some of the openldap folks would consider the bdb backend a little bit outdated ...
Were you able to log into this server before changing the password? Do you have PAM setup on your client use LDAP as a login source?
The OP didn't tell us what kind of LDAP user authentication he uses. Have you looked at the search request (that doesn't find anything)? Reformated, for better readability:
(& (&(| (host=\2A) (host=elnath)) (!(host=!elnath))) (&(| (host=\2A) (host=elnath)) (!(host=!elnath))) (uid=le))
What program/tool did create that filter (note the redundant duplicated subquery. A and A is always A) ?
Since this search fails to find an entry that's the place debugging should start. N.B.: It looks like this query is used by the athenticator to map the uid to a dn which would be needed for a user bind.
HTH Ralf Mattes