Hello all, I am trying to create a user and authenticate this user. I need to give an admin a way to access and modify account. I was able to succeffuly add a user, but can not connect using this account. The only way I am able to connect is using the Manager's DN. I keep on getting invalid credentials.
I have reset the password for this user few times to make sure it's correct. Still unable to authenticate. I am using JXplorer to connect to that server. Here's the corresponding section from the log file. I hope it helps.
Dec 1 13:52:11 neptune slapd[13518]: >>> slap_listener(ldap:///) Dec 1 13:52:11 neptune slapd[13518]: connection_get(12): got connid=13 Dec 1 13:52:11 neptune slapd[13518]: connection_read(12): checking for input on id=13 Dec 1 13:52:11 neptune slapd[13518]: do_bind Dec 1 13:52:11 neptune slapd[13518]: >>> dnPrettyNormal: <uid=user,dc=test,dc=com> Dec 1 13:52:11 neptune slapd[13518]: <<< dnPrettyNormal: <uid=user,dc=test,dc=com>, <uid=user,dc=test,dc=com> Dec 1 13:52:11 neptune slapd[13518]: do_bind: version=3 dn="uid=user,dc=test,dc=com" method=128 Dec 1 13:52:11 neptune slapd[13518]: bdb_dn2entry("uid=user,dc=test,dc=com") Dec 1 13:52:11 neptune slapd[13518]: send_ldap_result: conn=13 op=0 p=3 Dec 1 13:52:11 neptune slapd[13518]: send_ldap_response: msgid=1 tag=97 err=49 Dec 1 13:52:11 neptune slapd[13518]: connection_get(12): got connid=13 Dec 1 13:52:11 neptune slapd[13518]: connection_read(12): checking for input on id=13 Dec 1 13:52:11 neptune slapd[13518]: ber_get_next on fd 12 failed errno=0 (Success) Dec 1 13:52:11 neptune slapd[13518]: connection_closing: readying conn=13 sd=12 for close Dec 1 13:52:11 neptune slapd[13518]: connection_close: conn=13 sd=-1
I don't know what I am missing, but I have been trying to resolve this for few hours with no success.
Ok, I resolved the issue. It was little forgotten line at the end of the /etc/openldap/test/access.conf. The line says:
access to * by * none
I have learned that "cn=Manager,dc=test,dc=com" is never affected by any ACL, which is the reason it was authenticating properly, but not any other user. Commented out the line, restarted ldap, and everything is great.
Thank you
openldap-technical@openldap.org