LDAP user cannot login - openldap-technical

1 Jul 2009


      Hi,
I'm moving an LDAP server from one system to another. Data I copied 
using slapcat -l ldapdata; slapadd -c -q -l ldapdata on new system, then 
start ldap. But I can't log in as an ordinary user. I've tried resetting 
the user password using JXplorer, but no luck.
Can anyone spot something wrong in what I'm trying to do? Suggestions 
appreciated.
thanks in advance, Dick
slapd.conf contains
access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk" attrs=userPassword
 by anonymous auth
 by self write
 by dn.exact="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
 by dn.exact="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read
slapd -d acl gives at startup
(#) $OpenLDAP: slapd 2.3.43 (Jan 21 2009 03:59:37) $
mockbuild@builder10.centos.org:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd
Backend ACL: access to attrs=SambaLMPassword,SambaNTPassword
        by dn.base="cn=manager,dc=nerc-sf,dc=ac,dc=uk" write
        by * none
Backend ACL: access to dn.base=""
        by * read
Backend ACL: access to dn.base="cn=subschema"
        by * read
Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
 attrs=userPassword
        by anonymous auth
        by self write
        by dn.base="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
        by dn.base="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read
Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
 attrs=userPassword,sambaLMPassword,sambaNTPassword
        by anonymous auth
        by self write
        by dn.base="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
        by dn.base="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read
Backend ACL: access to dn.subtree="ou=admins,dc=nerc-sf,dc=ac,dc=uk"
        by dn.regex="cn=[^,]+,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
        by anonymous auth
Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
        by peername.ip="192.171.172.0%255.255.255.0" read
        by peername.ip="192.171.159.192%255.255.255.192" read
        by peername.ip="127.0.0.1" read
=> bdb_entry_get: found entry: "dc=nerc-sf,dc=ac,dc=uk"
=> access_allowed: search access to 
"uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk" "entryCSN" requested
<= root access granted
slapd starting
When I try to login, slapd gives
=> access_allowed: read access to 
"uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk" "userPassword" requested
=> dn: [1] dc=nerc-sf,dc=ac,dc=uk
=> acl_get: [1] matched
=> acl_get: [1] attr userPassword
access_allowed: no res from state (userPassword)
=> acl_mask: access to entry 
"uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk", attr "userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: anonymous
<= acl_mask: [1] applying auth(=xd) (stop)
<= acl_mask: [1] mask: auth(=xd)
=> access_allowed: read access denied by auth(=xd)
send_search_entry: conn 1 access to attribute userPassword, value #0 not 
allowed
-- 
Richard Gillman
ITC UNIX Systems Group, Maclean Building, Wallingford OX10 8BB
Tel: 01491 - 692 339
Fax: 01491 - 692 424