Ah! i was testing multiple users. test and test4 both has ACL and has same problem.
On Tue, Sep 25, 2012 at 2:16 PM, Patrick Morris <[email protected]>wrote: > On 9/25/2012 11:07 AM, Satish Patel wrote: > > This is what i got in access logs. > > > [25/Sep/2012:14:04:36 -0400] conn=497 fd=75 slot=75 connection from >> 10.101.100.236 to 10.10.52.10 >> [25/Sep/2012:14:04:36 -0400] conn=497 op=0 BIND dn="cn=Directory Manager" >> method=128 version=3 >> [25/Sep/2012:14:04:36 -0400] conn=497 op=0 RESULT err=0 tag=97 nentries=0 >> etime=0 dn="cn=directory manager" >> [25/Sep/2012:14:04:36 -0400] conn=497 op=1 SRCH base="dc=example,dc=com" >> scope=2 filter="(&(uid=test4)(objectClass=person))" attrs="1.1" >> [25/Sep/2012:14:04:36 -0400] conn=497 op=1 RESULT err=0 tag=101 >> nentries=1 etime=0 >> [25/Sep/2012:14:04:36 -0400] conn=498 fd=76 slot=76 connection from >> 10.101.100.236 to 10.10.52.10 >> [25/Sep/2012:14:04:36 -0400] conn=497 op=2 UNBIND >> [25/Sep/2012:14:04:36 -0400] conn=497 op=2 fd=75 closed - U1 >> [25/Sep/2012:14:04:36 -0400] conn=498 op=0 BIND >> dn="uid=test4,ou=People,dc=example,dc=com" method=128 version=3 >> [25/Sep/2012:14:04:36 -0400] conn=498 op=0 RESULT err=0 tag=97 nentries=0 >> etime=0 dn="uid=test4,ou=people,dc=example,dc=com" >> [25/Sep/2012:14:04:36 -0400] conn=498 op=1 UNBIND >> > > > > > > On Tue, Sep 25, 2012 at 1:46 PM, Grzegorz Dwornicki <[email protected]>wrote: > >> Can you provide logs from FDS when you are trying to login via >> application? >> >> Greg. >> 25 wrz 2012 19:27, "Satish Patel" <[email protected]> napisaĆ(a): >> >>> Hello ALL, >>> >>> I have a web base application and user authenticate web application >>> using Directory Service (FDS). I want to restrict some user to not allow to >>> login so i have implement host base deny ACL. But somehow it doesn't works. >>> may be i am missing something. following acl i have. >>> >>> (targetattr = "*") (version 3.0;acl "Host ACL";deny (all)(userdn = >>>> "ldap:///uid=test,ou=People,dc=example,dc=com";) and >>>> (ip="10.101.100.236");) >>>> >>> >>> But interesting thing is, it works with ldapsearch but not with Web >>> application? >>> >> > Your ACL specifies "uid=test," but that bind was done with "test4". > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
