Hi,
After running slapd with "-d 128" i have found lot of messages like this.
Can somebody point me to standard acl for users, i want to authenticate for every user using ldap browser or c ldap api with ldap_simple_bind with binddn bindn=uid=rui,ou=People,o=m1,c=GB
############################### Dec 29 14:13:53 m4mrh01 slapd: => acl_mask: access to entry "cn=rui,ou=Group,o=m1,c=GB", attr "objectClass" requested Dec 29 14:13:53 m4mrh01 slapd: => acl_mask: to value by "", (=n) Dec 29 14:13:54 m4mrh01 slapd: <= acl_mask: no more <who> clauses, returning =n (stop) Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access denied by =n Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access to "cn=m4musers,ou=Group,o=m1,c=GB" "memberUid" requested Dec 29 14:13:54 m4mrh01 slapd: => acl_get: [2] attr memberUid Dec 29 14:13:54 m4mrh01 slapd: => acl_mask: access to entry "cn=m4musers,ou=Group,o=m1,c=GB", attr "memberUid" requested Dec 29 14:13:54 m4mrh01 slapd: => acl_mask: to value by "", (=n) Dec 29 14:13:54 m4mrh01 slapd: <= acl_mask: no more <who> clauses, returning =n (stop) Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access denied by =n Dec 29 14:18:04 m4mrh01 slapd: => access_allowed: auth access to "uid=rui,ou=People,o=m1,c=GB" "userPassword" requested Dec 29 14:18:04 m4mrh01 slapd: => acl_get: [1] attr userPassword Dec 29 14:18:04 m4mrh01 slapd: => acl_mask: access to entry "uid=rui,ou=People,o=m1,c=GB", attr "userPassword" requested Dec 29 14:18:04 m4mrh01 slapd: => acl_mask: to all values by "", (=n) Dec 29 14:18:04 m4mrh01 slapd: <= acl_mask: no more <who> clauses, returning =n (stop) Dec 29 14:18:04 m4mrh01 slapd: => access_allowed: auth access denied by =n ###############################
I have also changed slapd.conf slightly
#############################
access to attr=userPassword by self write by dn="uid=root,ou=People,o=M1,c=GB" write by * read
access to * by self write by users read by anonymous auth
###############################
Regards, rui
1. invalid credentials (49) for normal user (rui) 2. Re: invalid credentials (49) for normal user (Dieter Kluenter)
Message: 1 Date: Fri, 24 Dec 2010 10:32:03 +0000 From: rui guideveloper@gmail.com To: openldap-technical@openldap.org Subject: invalid credentials (49) for normal user Message-ID: AANLkTikbS2LTj4D-0WMBdJXzMeBMpb3qO2=Y4wzPLv0G@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1
Hi,
I have imported my passwd and groups file in ldap using migrate_all_online.sh script.
I am able to simple bind to ldap using binddn= uid=root,ou=People,o=M1,c=GB but i can't seem to bind with any other user like rui etc with their linux password. Its says invalid credentials.
I need to bind for authentication and then get all the primary and secondary groups of a user(how can i do that). Why am i having this problem - do i have to do something extra?
When bound as root, if i do "memberUid=root" i get all the secondary groups but i want to do it for any user.
I am using c ldap api at the moment.
Here is my slapd.conf file: ################################################## # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema
####################################################################### # ldbm database definitions ####################################################################### database ldbm suffix "o=M1,c=GB" rootdn "uid=root,ou=People,o=M1,c=GB" rootpw abc123 directory /var/lib/ldap
# Indices to maintain index objectClass,uid,uidNumber,gidNumber eq index cn,mail,surname,givenname eq,subinitial
# # ACLs # #access to dn="ou=People,o=M1,c=GB" #attr=userPassword #by self write #by dn="uid=root,ou=People,o=M1,c=GB" write #by * auth access to dn=".*,o=M1,c=GB" by self write #by dn="uid=root,ou=People,o=M1,c=GB" write #by * read access to dn=".*,o= M1,c=GB" #by * read defaultaccess read
access to attr=userpassword by self write by dn="uid=root,ou=People,o=M1,c=GB" write by * read
access to * by self write by dn=".+" read by * read
###############################################
Regards, rui
Message: 2 Date: Sat, 25 Dec 2010 22:58:14 +0100 From: "Dieter Kluenter" dieter@dkluenter.de To: openldap-technical@openldap.org Subject: Re: invalid credentials (49) for normal user Message-ID: 87d3op1pmx.fsf@rubin.avci.de Content-Type: text/plain; charset=utf-8
rui guideveloper@gmail.com writes:
Hi,
I have imported my passwd and groups file in ldap using migrate_all_online.sh script.
I am able to simple bind to ldap using binddn= uid=root,ou=People,o=M1,c=GB but i can't seem to bind with any other user like rui etc with their linux password. Its says invalid credentials.
[...]
run slapd in debugging mode, i.e. -d acl
############
# ldbm database definitions ####################################################################### database ldbm
ldbm is historic and not supported.
-Dieter
-- Dieter Kl?nter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53?37'09,95"N 10?08'02,42"E
openldap-technical mailing list openldap-technical@openldap.org http://www.openldap.org/lists/mm/listinfo/openldap-technical
End of openldap-technical Digest, Vol 37, Issue 22