On 04/12/15 22:56 +0800, feora wrote:
I found log in ldap.log file
Apr 12 14:20:54 abc slapd[3136]: => access_allowed: auth access to "uid=bobliu,ou=it,dc=abc,dc=com" "userPassword" requested Apr 12 14:20:54 abc slapd[3136]: => slap_access_allowed: backend default auth access granted to "(anonymous)" Apr 12 14:20:54 abc slapd[3136]: => access_allowed: auth access granted by read(=rscxd) Apr 12 14:20:54 abc slapd[3136]: => access_allowed: backend default write access denied to "uid=bobliu,ou=it,dc=abc,dc=com"
why access granted to anoymous not bobliu.
On 04/12/2015 10:05 PM, feora wrote:
hi, Dan thanks for u answer. I still a little confused about it. I run the following command /opt/openldap/bin/ldappasswd -x -D "uid=bobliu,ou=it,dc=abc,dc=com" -W -S New password: Re-enter new password: Enter LDAP Password: Result: Insufficient access (50)
when I run ldapsearch is ok.
userPassword:: <removed>
Be aware that your ssha password hash is know publicly known.
The above would indicate that you *are* successfully authenticating, since the userPassword attribute was returned. That's assuming that your ACL config below is accurate.
On 04/02/2015 01:40 AM, Dan White wrote:
On 03/31/15 17:47 +0800, rockwang wrote:
access to attrs=userPassword by self write by anonymous auth by dn.base="cn=Manager,dc=abc,dc=com" by * none
This config block has been through the wringer, but verify user userPassword ACL config. Something's up. Run slaptest on your config to verify and verify it's formatted properly.
access to * by self write by dn.base="cn=Manager,dc=abc,dc=com" by * read by * none