Re: ldap auth does not works after openldap upgrade

On Thu, Feb 17, 2011 at 1:03 PM, Pierangelo Masarati < masarati(a)aero.polimi.it&gt; wrote: > Dieter Kluenter wrote: > >> Am Thu, 17 Feb 2011 11:28:59 -0200 >> schrieb Leonardo Carneiro <chesterman86(a)gmail.com&gt;: >> >> On Thu, Feb 17, 2011 at 9:09 AM, Andrew Findlay < >>> andrew.findlay(a)skills-1st.co.uk&gt; wrote: >>> >>> On Wed, Feb 16, 2011 at 03:29:45PM -0800, Howard Chu wrote: >>>> >>>> [...] >> >>> Here is the search that Apache is doing. Note that "usuarios" in the >>> search means "users" in portuguese. It doesn't seems even to check if >>> the user really does part of the group defined in the apache config. >>> >>> [...] >> >>> filter="(&(objectClass=*)(uid=lscarneiro))" >>> Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=1 SRCH attr=uid >>> Feb 17 11:11:39 fileserver slapd[2054]: <= bdb_equality_candidates: >>> (uid) not indexed >>> Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=1 ENTRY >>> dn="uid=lscarneiro,ou=usuarios,dc=dominio,dc=com,dc=br" >>> >> >> here uid=lscarneiro has been found >> >> Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=1 SEARCH RESULT >>> tag=101 err=0 nentries=1 text= >>> Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=2 BIND anonymous >>> mech=implicit ssf=0 >>> Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=2 BIND >>> dn="uid=lscarneiro,ou=Usuarios,dc=dominio,dc=com,dc=br" method=128 >>> Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=2 RESULT tag=97 >>> err=49 text= >>> >> >> invalid credentials were presented >> > > Or insufficient access or any other error that would not be disclosed > occurred. > > p. > Hi guys. i saw something interesting now look at here: fileserver:/etc/ldap/slapd.d# smbldap-usershow lscarneiro | grep userPassword userPassword: {CRYPT}$1$IDz3CwLp$r5MsSU8QyMyoHUv8r.eqi. fileserver:/etc/ldap/slapd.d# ldapsearch -v -LLL -h 192.168.0.2 -b "dc=dominio,dc=com,dc=br" -D "cn=root,dc=dominio,dc=com,dc=br" -w [password] "(uid=lscarneiro)" ldap_initialize( ldap://192.168.0.2 ) filter: (uid=lscarneiro) requesting: All userApplication attributes userPassword:: e0NSWVBUfSQxJElEejNDd0xwJHI1TXNTVThReU15b0hVdjhyLmVxaS4= I think this explains why every single bind that i try with users other than cn=root gives me "invalid credentials". Is my assumption correct? Anyone knows why this passwords are not matching?