Am Mittwoch, 04. Januar 2017 19:31 CET, Joshua Schaeffer
<[email protected]> schrieb:
> >
> The log here shows a successful BIND.
Hmm, the log
| Jan 2 12:17:22 openldapserver slapd[1082]: conn=2884 op=0 BIND dn=""
method=128
shows a successful _anonymous_ bind, that has nothing to do with the
authentication.
> The "(host) no indexed" entry is not
> an error, it is simply a message telling you that the "host" attribute is a
> candidate to be indexed for your BDB database. If you want that message to
> go away then add an equality index for host.
Side note: some of the openldap folks would consider the bdb backend a little
bit outdated ...
> >
> Were you able to log into this server before changing the password? Do you
> have PAM setup on your client use LDAP as a login source?
The OP didn't tell us what kind of LDAP user authentication he uses. Have you
looked at
the search request (that doesn't find anything)? Reformated, for better
readability:
(&
(&(|
(host=\2A)
(host=elnath))
(!(host=!elnath)))
(&(|
(host=\2A)
(host=elnath))
(!(host=!elnath)))
(uid=le))
What program/tool did create that filter (note the redundant duplicated
subquery. A and A is always A) ?
Since this search fails to find an entry that's the place debugging should
start. N.B.: It looks like this query is
used by the athenticator to map the uid to a dn which would be needed for a
user bind.
HTH Ralf Mattes
