Hi, After running slapd with "-d 128" i have found lot of messages like this.
Can somebody point me to standard acl for users, i want to authenticate for every user using ldap browser or c ldap api with ldap_simple_bind with binddn bindn=uid=rui,ou=People,o=m1,c=GB ############################### Dec 29 14:13:53 m4mrh01 slapd: => acl_mask: access to entry "cn=rui,ou=Group,o=m1,c=GB", attr "objectClass" requested Dec 29 14:13:53 m4mrh01 slapd: => acl_mask: to value by "", (=n) Dec 29 14:13:54 m4mrh01 slapd: <= acl_mask: no more <who> clauses, returning =n (stop) Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access denied by =n Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access to "cn=m4musers,ou=Group,o=m1,c=GB" "memberUid" requested Dec 29 14:13:54 m4mrh01 slapd: => acl_get: [2] attr memberUid Dec 29 14:13:54 m4mrh01 slapd: => acl_mask: access to entry "cn=m4musers,ou=Group,o=m1,c=GB", attr "memberUid" requested Dec 29 14:13:54 m4mrh01 slapd: => acl_mask: to value by "", (=n) Dec 29 14:13:54 m4mrh01 slapd: <= acl_mask: no more <who> clauses, returning =n (stop) Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access denied by =n Dec 29 14:18:04 m4mrh01 slapd: => access_allowed: auth access to "uid=rui,ou=People,o=m1,c=GB" "userPassword" requested Dec 29 14:18:04 m4mrh01 slapd: => acl_get: [1] attr userPassword Dec 29 14:18:04 m4mrh01 slapd: => acl_mask: access to entry "uid=rui,ou=People,o=m1,c=GB", attr "userPassword" requested Dec 29 14:18:04 m4mrh01 slapd: => acl_mask: to all values by "", (=n) Dec 29 14:18:04 m4mrh01 slapd: <= acl_mask: no more <who> clauses, returning =n (stop) Dec 29 14:18:04 m4mrh01 slapd: => access_allowed: auth access denied by =n ############################### I have also changed slapd.conf slightly ############################# access to attr=userPassword by self write by dn="uid=root,ou=People,o=M1,c=GB" write by * read access to * by self write by users read by anonymous auth ############################### Regards, rui > 1. invalid credentials (49) for normal user (rui) > 2. Re: invalid credentials (49) for normal user (Dieter Kluenter) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 24 Dec 2010 10:32:03 +0000 > From: rui <[email protected]> > To: [email protected] > Subject: invalid credentials (49) for normal user > Message-ID: > <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi, > > I have imported my passwd and groups file in ldap using > migrate_all_online.sh script. > > I am able to simple bind to ldap using > binddn= uid=root,ou=People,o=M1,c=GB but i can't seem to bind with any > other user like rui etc with their linux password. Its says invalid > credentials. > > I need to bind for authentication and then get all the primary and > secondary groups of a user(how can i do that). Why am i having this > problem - do i have to do something extra? > > When bound as root, if i do "memberUid=root" i get all the secondary > groups but i want to do it for any user. > > I am using c ldap api at the moment. > > > Here is my slapd.conf file: > ################################################## > # # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. # > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/dyngroup.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/misc.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/openldap.schema > > ####################################################################### > # ldbm database definitions > ####################################################################### > database ldbm > suffix "o=M1,c=GB" > rootdn "uid=root,ou=People,o=M1,c=GB" > rootpw abc123 > directory /var/lib/ldap > > # Indices to maintain > index objectClass,uid,uidNumber,gidNumber eq > index cn,mail,surname,givenname eq,subinitial > > # # ACLs # > #access to dn="ou=People,o=M1,c=GB" > #attr=userPassword > #by self write > #by dn="uid=root,ou=People,o=M1,c=GB" write > #by * auth access to dn=".*,o=M1,c=GB" by self write > #by dn="uid=root,ou=People,o=M1,c=GB" write > #by * read access to dn=".*,o= M1,c=GB" > #by * read defaultaccess read > > access to attr=userpassword > by self write > by dn="uid=root,ou=People,o=M1,c=GB" write > by * read > > access to * > by self write > by dn=".+" read > by * read > > ############################################### > > Regards, > rui > > > ------------------------------ > > Message: 2 > Date: Sat, 25 Dec 2010 22:58:14 +0100 > From: "Dieter Kluenter" <[email protected]> > To: [email protected] > Subject: Re: invalid credentials (49) for normal user > Message-ID: <[email protected]> > Content-Type: text/plain; charset=utf-8 > > rui <[email protected]> writes: > >> Hi, >> >> I have imported my passwd and groups file in ldap using >> migrate_all_online.sh script. >> >> I am able to simple bind to ldap using >> binddn= uid=root,ou=People,o=M1,c=GB but i can't seem to bind with any >> other user like rui etc with their linux password. Its says invalid >> credentials. > [...] > > run slapd in debugging mode, i.e. -d acl > > > ############ >> # ldbm database definitions >> ####################################################################### >> database ldbm > > ldbm is historic and not supported. > > -Dieter > > -- > Dieter Kl?nter | Systemberatung > http://dkluenter.de > GPG Key ID:DA147B05 > 53?37'09,95"N > 10?08'02,42"E > > > ------------------------------ > > _______________________________________________ > openldap-technical mailing list > [email protected] > http://www.openldap.org/lists/mm/listinfo/openldap-technical > > > End of openldap-technical Digest, Vol 37, Issue 22 > ************************************************** >
