服务器 Gind.cn
  1. 服务器 Gind.cn
  3. arch openldap身份validation失败
Intereting Posts
每个外部网站上的nginx 502坏网关 改变默认的MySQL系统优先级是一个好主意吗? 备份Xen域 apache2 proxypass挂起 连接拒绝邮寄问题 LDAP迁移到新的LDAP服务器 傀儡在UI中主机组上运行导致:无法应用目录:损坏的pipe道 – <STDOUT> AWS:使用iptables从公共私有实例转发SSH ESXi 4.0调整VM硬盘大小 3ware:尝试重build时启动电源重置 保留附件 – – – Microsoft Exchange 2010 Trac在Intranet中的使用情况 Apache Web服务器:从另一台服务器“代理”一个Web应用程序? SQL日志传送报告 PTR会loggingIP的中继邮件吗?

arch openldap身份validation失败

我设置了openldap,一切看起来不错,但我不能设置身份validation, 

#getent shadow | grep user user:*::::::: tuser:*::::::: tuser2:*::::::: #getent passwd | grep user git:!:999:999:git daemon user:/:/bin/bash user:x:10000:2000:Test User:/home/user/:/bin/zsh tuser:x:10000:2000:Test User:/home/user/:/bin/zsh tuser2:x:10002:2000:Test User:/home/tuser2/:/bin/zsh

从根我可以login为这些用户之一 

 #su - tuser2 su: warning: cannot change directory to /home/tuser2/: No such file or directory 10:24 tuser2@juliet:/root

我不能通过SSHlogin也passwd不工作 

 #ldapwhoami -h 192.168.10.156 -D "uid=user,ou=People,dc=xcl,dc=ie" ldap_bind: Server is unwilling to perform (53) additional info: unauthenticated bind (DN with no password) disallowed 10:30 root@juliet:~ #ldapwhoami -h 192.168.10.156 -D "uid=user,ou=People,dc=xcl,dc=ie" -W Enter LDAP Password: ldap_bind: Invalid credentials (49)

我input的密码是正确的

/etc/openldap/slapd.conf访问dn.base =“”通过读取访问dn.base =“cn = Subschema”*通过读取访问*由用户自行写入匿名读取 

 access to * by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write by users read by anonymous auth access to attrs=userPassword,gecos,description,loginShell by self write access to attrs="userPassword" by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write by anonymous auth by self write by * none access to * by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write by dn="uid=achmiel,ou=People,dc=xcl,dc=ie" write by * search access to attrs=userPassword by self =w by anonymous auth access to * by self write by users read database hdb suffix "dc=xcl,dc=ie" rootdn "cn=root,dc=xcl,dc=ie" rootpw "{SSHA}AM14+..."

conf文件的一些部分是/etc/openldap/ldap.conf: 

 BASE dc=xcl,dc=ie URI ldap://192.168.10.156/ TLS_REQCERT allow TIMELIMIT 2

所以我的问题是我缺less的LDAP不允许我通过使用密码login?

好的,我通过删除那些ACL的查询来解决问题 

 access to * by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write by users read by anonymous auth access to attrs=userPassword,gecos,description,loginShell by self write access to attrs="userPassword" by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write by anonymous auth by self write by * none access to * by dn="uid=root,ou=Roles,dc=xcl,dc=ie" write by dn="uid=achmiel,ou=People,dc=xcl,dc=ie" write by * search

我做了更多的变化,但无论如何,这些变化并没有解决这个问题,直到我删除提到的ACL