Re: Trouble with authentication

Chris Irwin (cirwin@concept5.com)
Thu, 08 Aug 1996 09:14:29 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris Irwin: "Authentication"
Previous message: Christine Place-Sweet: "Re: best way to debug slapd"

Gordon,

I also tried an ldapmodify and get a sort of different error although I
suspect it also a bind problem. THe command line is

# ldapsearch -D 'cn=Christopher S. Irwin, o=Concept Five Technologies,
c=US' -w none 'objectclass=person'
ldap_bind: No such object
ldap_bind: matched: o=Concept Five Technologies,c=US

the slapd -d 129 output is:

do_bind
do_bind: version 2 dn (cn=Christopher S Irwin,o=Concept Five
Technologies,c=US) method 128
=> dn2id( "cn=Christopher S Irwin,o=Concept Five Technologies,c=US" )
=> ldbm_cache_open( "/usr/local/ldap/db/dn2id.gdbm", 2, 600 )
<= ldbm_cache_open (opened 0)
<= dn2id 2
=> id2entry( 2 )
=> ldbm_cache_open( "/usr/local/ldap/db/id2entry.gdbm", 2, 600 )
<= ldbm_cache_open (opened 1)
=> str2entry
<= str2entry 0x63eb0
<= id2entry( 2 ) 0x63eb0 (disk)
send_ldap_result 0::
do_modify
add_lastmods
=> dn2id( "cn=Christopher S Irwin, o=Concept Five Technologies, c=US" )
=> ldbm_cache_open( "/usr/local/ldap/db/dn2id.gdbm", 2, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id 2
=> id2entry( 2 )
<= id2entry 0x63eb0 (cache)
=> acl_get: entry (cn=Christopher S Irwin, o=Concept Five Technologies,
c=US) attr (favoritedrink)
<= acl_get: no match
=> acl: write access to value "Pete's Wicked Summer Brew" by
"cn=Christopher S Irwin,o=Concept Five Technologies,c=US"
<= acl: denied by default (no matching to)
send_ldap_result 50::
do_unbind

my acls look like this:

#
# access control definitions
#
access to filter="objectclass=person" attr=acLevel,signatureLevel
by self read
by dn="cn=Admin, o=Concept Five Technologies, c=US" write
by * read

access to filter="objectclass=person" attr=userPassword
by self write
by dn="cn=Admin, o=Concept Five Technologies, c=US" write
by * none

access to dn=".*, o=Concept Five Technologies, c=US"
by self write
by dn="cn=Admin, o=Concept Five Technologies, c=US" write
by * compare

I thought that the last ACL should get a match on the 'to' field unlike
the trace output seems to indicate ?

Any thoughts ?

Thanks,

Chris

-- 
Christopher S. Irwin
Concept Five Technologies, Inc.		Phone: 703-610-1920
7525 Colshire Drive			Fax:   703-610-1853
McLean Virginia 22102-7400		Email: cirwin@concept5.com

Next message: Chris Irwin: "Authentication"
Previous message: Christine Place-Sweet: "Re: best way to debug slapd"