I have to admit I thought that access log for webapp will show anomaly but I was wrong. If ldapsearch does not bind please show us logs of thesse. Maybe comparing the logs will tell us something...
Greg. 25 wrz 2012 20:17, "Satish Patel" <[email protected]> napisał(a): > Ah! i was testing multiple users. test and test4 both has ACL and has same > problem. > > On Tue, Sep 25, 2012 at 2:16 PM, Patrick Morris <[email protected]>wrote: > >> On 9/25/2012 11:07 AM, Satish Patel wrote: >> >> This is what i got in access logs. >> >> >> [25/Sep/2012:14:04:36 -0400] conn=497 fd=75 slot=75 connection from >>> 10.101.100.236 to 10.10.52.10 >>> [25/Sep/2012:14:04:36 -0400] conn=497 op=0 BIND dn="cn=Directory >>> Manager" method=128 version=3 >>> [25/Sep/2012:14:04:36 -0400] conn=497 op=0 RESULT err=0 tag=97 >>> nentries=0 etime=0 dn="cn=directory manager" >>> [25/Sep/2012:14:04:36 -0400] conn=497 op=1 SRCH base="dc=example,dc=com" >>> scope=2 filter="(&(uid=test4)(objectClass=person))" attrs="1.1" >>> [25/Sep/2012:14:04:36 -0400] conn=497 op=1 RESULT err=0 tag=101 >>> nentries=1 etime=0 >>> [25/Sep/2012:14:04:36 -0400] conn=498 fd=76 slot=76 connection from >>> 10.101.100.236 to 10.10.52.10 >>> [25/Sep/2012:14:04:36 -0400] conn=497 op=2 UNBIND >>> [25/Sep/2012:14:04:36 -0400] conn=497 op=2 fd=75 closed - U1 >>> [25/Sep/2012:14:04:36 -0400] conn=498 op=0 BIND >>> dn="uid=test4,ou=People,dc=example,dc=com" method=128 version=3 >>> [25/Sep/2012:14:04:36 -0400] conn=498 op=0 RESULT err=0 tag=97 >>> nentries=0 etime=0 dn="uid=test4,ou=people,dc=example,dc=com" >>> [25/Sep/2012:14:04:36 -0400] conn=498 op=1 UNBIND >>> >> >> >> >> >> >> On Tue, Sep 25, 2012 at 1:46 PM, Grzegorz Dwornicki <[email protected]>wrote: >> >>> Can you provide logs from FDS when you are trying to login via >>> application? >>> >>> Greg. >>> 25 wrz 2012 19:27, "Satish Patel" <[email protected]> napisał(a): >>> >>>> Hello ALL, >>>> >>>> I have a web base application and user authenticate web application >>>> using Directory Service (FDS). I want to restrict some user to not allow to >>>> login so i have implement host base deny ACL. But somehow it doesn't works. >>>> may be i am missing something. following acl i have. >>>> >>>> (targetattr = "*") (version 3.0;acl "Host ACL";deny (all)(userdn = >>>>> "ldap:///uid=test,ou=People,dc=example,dc=com";) and >>>>> (ip="10.101.100.236");) >>>>> >>>> >>>> But interesting thing is, it works with ldapsearch but not with Web >>>> application? >>>> >>> >> Your ACL specifies "uid=test," but that bind was done with "test4". >> >> -- >> 389 users mailing list >> [email protected] >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
