[gull] problem de connexion ldap
Vuko Brigljevic
Vuko.Brigljevic at cern.ch
Fri Mar 4 09:51:02 CET 2005
J'ai un probleme de connexion avec mon serveur ldap que j'utilise
pour l'authentication en connexion avec pam. Je n'arrive plus a me
logger apres qu'il ait fonctionne sans probleme pendant de longs mois.
Chaque essai est bloque avec le message "(Insufficient access)"
(voir log exhaustif au bas de ce message).
Aujourd'hui, pour ajouter de nouveaux utilisateurs, j'ai
"decommente" la commande "rootpw" dans slapd.conf,
puis je l'ai recommentee apres l'avoir fait mais
depuis rien ne va plus, et je n'arrive pas a voir
ce que j'ai pu changer d'autre.
Quelqu'un voit-il une possible raison a mon
probleme. Si dessous, les extraits les plus
significatifs de mon ficher slapd.conf et
de /var/log/messages (avec mon nom d'institution
et de domaine changes):
Merci,
Vuko
slapd.conf:
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/ldap-certs/server/server.crt
TLSCertificateKeyFile /etc/ldap-certs/server/server.key
TLSCACertificateFile /etc/ldap-certs/ca/ca.crt
database ldbm
suffix "dc=irb,dc=hr"
rootdn "uid=root,ou=People,dc=irb,dc=hr"
# rootpw secret
directory /var/lib/ldap/
# Indices to maintain
index objectClass,uid,uidNumber,gidNumber eq
index cn,mail,surname,givenname eq,subinitial
access to dn=".*,ou=People,dc=myCompany,dc=MyDomain"
attr=userPassword
by ssf=128 self write
by ssf=128 dn="uid=root,ou=People,dc=myCompany,dcMyDomain" write
# ssf=128
access to dn=".*,dc=myCompany,dc=MyDomain"
by self write
by dn="uid=root,ou=People,dc=myCompany,dc=MyDomain" write
by * read
extrait de /var/log/messages:
(...)
>>> dnPrettyNormal: <uid=vuko,ou=People,dc=myCompany,dc=MyDomain>
daemon: activity on 1 descriptors
<<< dnPrettyNormal: <uid=vuko,ou=People,dc=myCompany,dc=MyDomain>,
<uid=vuko,ou=people,dc=myCompany,dc=MyDomain>
daemon: select: listen=6 active_threads=1 tvp=NULL
do_bind: version=3 dn="uid=vuko,ou=People,dc=myCompany,dc=MyDomain"
method=128
conn=4 op=3 BIND dn="uid=vuko,ou=People,dc=myCompany,dc=MyDomain" method=128
==> ldbm_back_bind: dn: uid=vuko,ou=People,dc=myCompany,dc=MyDomain
dn2entry_r: dn: "uid=vuko,ou=people,dc=myCompany,dc=MyDomain"
=> dn2id( "uid=vuko,ou=people,dc=myCompany,dc=MyDomain" )
====> cache_find_entry_dn2id("uid=vuko,ou=people,dc=myCompany,dc=MyDomain"):
121 (1 tries)
<= dn2id 121 (in cache)
=> id2entry_r( 121 )
====> cache_find_entry_id( 121 )
"uid=vuko,ou=People,dc=myCompany,dc=MyDomain" (found) (1 tries)
<= id2entry_r( 121 ) 0x81ca750 (cache)
=> access_allowed: auth access to
"uid=vuko,ou=People,dc=myCompany,dc=MyDomain" "userPassword" requested
=> dnpat: [1] .*,ou=People,dc=myCompany,dc=MyDomain nsub: 0
=> acl_get: [1] matched
=> acl_get: [1] check attr userPassword
<= acl_get: [1] acl uid=vuko,ou=People,dc=myCompany,dc=MyDomain attr:
userPassword
=> acl_mask: access to entry "uid=vuko,ou=People,dc=myCompany,dc=MyDomain",
attr "userPassword" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: uid=root,ou=People,dc=myCompany,dc=MyDomain
=> string_expand: pattern: uid=root,ou=People,dc=myCompany,dc=MyDomain
=> string_expand: expanded: uid=root,ou=People,dc=myCompany,dc=MyDomain
=> regex_matches: string:
=> regex_matches: rc: 1 no matches
<= acl_mask: no more <who> clauses, returning =n (stop)
=> access_allowed: auth access denied by =n
send_ldap_result: conn=4 op=3 p=3
send_ldap_result: err=50 matched="" text=""
send_ldap_response: msgid=4 tag=97 err=50
pam_ldap: error trying to bind as user
"uid=vuko,ou=People,dc=myCompany,dc=MyDomain" (Insufficient access)
conn=4 op=3 RESULT tag=97 err=50 text=
====> cache_return_entry_r( 121 ): returned (0)
--
===========================================================|
Vuko Brigljevic |
Rudjer Boskovic Institute |
--------------------------------------------------------- |
Mail Address: Bijenicka cesta 54, P.O.B. 180 |
10002 Zagreb Croatia |
Phone : +385-1- 468 0204 |
www : http://cern.ch/vuko |
===========================================================|
One Word to rule them all, One Explorer to find them,
One Windows to bring them all and in the darkness bind them
More information about the gull
mailing list