[389-users] ldapsearch is fine but from authentication purpose its not doing anything
Grzegorz Dwornicki
gd1100 at gmail.com
Mon Jul 30 12:36:09 UTC 2012
Hi again
all informations you provided looks ok. At times like this when error was
hard to find I looked /var/log/dirsrv/slapd-instance_name/access log for
debug info. Run tail -f on access log and try to use id command again. The
logs will provide some tracing info commbined with information you provided
already.
Greg.
2012/7/28 Fosiul Alam <fosiul at gmail.com>
> HI thanks
>
> if i try this
>
> ldapsearch -x -ZZ -D "uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" -w
> xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" dn
> cn sn
>
> now if i give a wrong password it will say , authentication failed
>
> but with correct password..
> It does not return anything ..
> and i get this in the log
>
> http://fpaste.org/SA47/
>
> On Sat, Jul 28, 2012 at 8:31 PM, yersinia <yersinia.spiros at gmail.com>
> wrote:
> > Sorry for the top posting.
> >
> > But your test is not sufficient. can you do a ldap simple bind with
> > the user , not with the directory admin, you want to authenticate ?
> > This is the first question to answer . so you can be sure no ldap acl
> > problem, no password mismatch and the like.
> >
> > Regards
> >
> > 2012/7/28, Fosiul Alam <fosiul at gmail.com>:
> >> Hi
> >> I have setup ldap server and from client its returning example :
> >>
> >> [root at home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h
> >> ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
> >> # extended LDIF
> >> #
> >> # LDAPv3
> >> # base <dc=fosiul,dc=lan> with scope subtree
> >> # filter: (cn=Fosiul Alam)
> >> # requesting: ALL
> >> #
> >>
> >> # falam, users, uk, fosiul.lan
> >> dn: uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
> >> givenName: Fosiul
> >> sn: Alam
> >> loginShell: /bin/bash/bash
> >> uidNumber: 1000
> >> gidNumber: 3000
> >> objectClass: top
> >> objectClass: person
> >> objectClass: organizationalPerson
> >> objectClass: inetorgperson
> >> objectClass: posixAccount
> >> uid: falam
> >> cn: Fosiul Alam
> >> homeDirectory: /home/falam
> >> userPassword:: e1NTSEF9UGtqNjhvSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
> >> =
> >>
> >> # search result
> >> search: 3
> >> result: 0 Success
> >>
> >> # numResponses: 2
> >> # numEntries: 1
> >>
> >> and in the access log :
> >>
> >> 28/Jul/2012:15:42:57 +0100] conn=229 fd=70 slot=70 connection from
> >> 192.0.0.4 to 192.0.0.9
> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 EXT
> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=0 RESULT err=0 tag=120
> >> nentries=0 etime=0
> >> [28/Jul/2012:15:42:57 +0100] conn=229 SSL 256-bit AES
> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 BIND dn="cn=Directory
> >> manager" method=128 version=3
> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=1 RESULT err=0 tag=97
> >> nentries=0 etime=0 dn="cn=directory manager"
> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 SRCH
> >> base="dc=fosiul,dc=lan" scope=2 filter="(cn=Fosiul Alam)" attrs=ALL
> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=2 RESULT err=0 tag=101
> >> nentries=1 etime=0
> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 UNBIND
> >> [28/Jul/2012:15:42:57 +0100] conn=229 op=3 fd=70 closed - U1
> >>
> >>
> >> But From command line , when i do
> >> [root at home ~]# id falam
> >> id: falam: No such user
> >>
> >>
> >>
> >> [28/Jul/2012:15:44:26 +0100] conn=230 fd=70 slot=70 connection from
> >> 192.0.0.4 to 192.0.0.9
> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 EXT
> >> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=0 RESULT err=0 tag=120
> >> nentries=0 etime=0
> >> [28/Jul/2012:15:44:26 +0100] conn=230 SSL 256-bit AES
> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 BIND dn="" method=128
> version=3
> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=1 RESULT err=0 tag=97
> >> nentries=0 etime=0 dn=""
> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 SRCH
> >> base="dc=fosiul,dc=lan" scope=2
> >> filter="(&(objectClass=posixAccount)(uid=falam))" attrs="uid
> >> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> >> description objectClass"
> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=2 RESULT err=0 tag=101
> >> nentries=0 etime=0
> >> [28/Jul/2012:15:44:26 +0100] conn=230 op=-1 fd=70 closed - B1
> >>
> >>
> >> So basically, ldapsearch is working but authentication is not working
> ..
> >>
> >> Can any one please help me with this .
> >> and i am using Centos 5.8
> >>
> >> Fosiul.
> >> --
> >> 389 users mailing list
> >> 389-users at lists.fedoraproject.org
> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> > --
> > Inviato dal mio dispositivo mobile
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> Regards
> Fosiul Alam
> 07877100621
> http://www.fosiul.co.uk
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120730/52e029a9/attachment.html>
More information about the 389-users
mailing list