RE: invalid credentials (49) for normal user

Chris Jacobs Thu, 30 Dec 2010 10:29:09 -0800

Try:

access to attrs=userPassword
     by dn="uid=root,ou=People,o=M1,c=GB" write
     by self    write
     by anonymous       auth
     by *               none


access to *
     by self    write
     by users   read
     by anonymous       auth

-----Original Message-----
From: [email protected] 
[mailto:[email protected]] On Behalf Of Dieter Kluenter
Sent: Thursday, December 30, 2010 7:56 AM
To: [email protected]
Subject: Re: invalid credentials (49) for normal user

Am Thu, 30 Dec 2010 15:14:34 +0000
schrieb rui <[email protected]>:

> Hi,
>
> This is the output after doing "-d 128"
> http://pastebin.com/6Jb9j7F7
>
> my latest slapd.conf is this:
> ###########################################################################
> # # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable. #
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/dyngroup.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/misc.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/openldap.schema
>
> #######################################################################
> # bdb database definitions
> #######################################################################
> database        bdb
> suffix          "o=M1,c=GB"
> rootdn          "uid=root,ou=People,o=M1,c=GB"
> rootpw          test123
> directory       /var/lib/ldap
>
> # Indices to maintain
> index   objectClass,uid,uidNumber,gidNumber     eq
> index   cn,mail,surname,givenname               eq,subinitial
>
> ## logging.
> #loglevel acl
>
> access to attrs=userPassword
> by self write
> by dn="uid=root,ou=People,o=M1,c=GB" write
> by * auth
>
> access to *
> by self write
> by users read
> by anonymous auth

The warnings in the debugging output (no by clauses specified) should
have raised your attention.
The way access rules are written, is bogus. Access rules have to be put
on a single line, but this line may have continuations. The manual
page slapd.access(5)  and the admin guide
http://www.openldap.org/doc/admin24/access-control.html
give a good idea on how access rules should be written.

-Dieter

--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E


This message is private and confidential. If you have received it in error, 
please notify the sender and remove it from your system.

RE: invalid credentials (49) for normal user

Reply via email to