I don't know what versions of OpenLDAP are affected, but ITS 4323 snagged me in a very similar situation for several revisions of OL 2.3.1x.
>From the looks of things at http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/backglue.c?hideattic=1&sortbydate=0 the problem was patched before the release of 2.3.21. On Fri, 14 Apr 2006, Douglas B. Jones wrote: > >If I have the following in slapd.conf: > >suffix "dc=a,dc=x,dc=y" >... >subordinate > >suffix "dc=b,dc=x,dc=y" >... >subordinate > >suffix "dc=c,dc=x,dc=y" >... >subordinate > >suffix "dc=x,dc=y" > > >If I verify a user uid=userA,dc=a,dc=x,dc=y with the >correct password, then it works fine. If I try to verify >the user uid=userA,dc=x,dc=y with the correct password, >it fails with the error in the log as: > >RESULT tag=97 err=53 text=unauthenticated bind > (DN with no password) disallowed > >The above is from a web app. I think that has something >to do with config. of the app. If I use the ldapsearch >command, I get: > >BIND dn="uid=userA,dc=x,dc=y" method=128 >Apr 14 12:05:25 c01 slapd[208513]: conn=455 op=0 RESULT tag=97 err=49 text= > >Works fine if I user in ldapsearch -D switch: > >uid=userA,dc=a,dc=x,dc=y > >which is where userA resides. > >I believe I am doing something wrong, but not sure what. >Any ideas? Thanks! > -- Eric Irrgang - UT Austin ITS Unix Systems - (512)475-9342
