Gentoo Archives: gentoo-user

From: bijayant kumar <bijayant4u@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] openldap: taking too much of time to authenticate
Date: Mon, 28 Aug 2006 10:52:44
Message-Id: 20060828104718.67124.qmail@web32702.mail.mud.yahoo.com
In Reply to: Re: [gentoo-user] openldap: taking too much of time to authenticate by Marc Blumentritt
1 Marc,
2 I tried it also, but no luck this time also. Also i want to show you my /var/log/syslog also, which may be useful to rectify my problem :-
3
4
5 Aug 28 16:18:01 bijayant slapd[8302]: conn=145 fd=16 ACCEPT from IP=127.0.0.1:49850 (IP=0.0.0.0:389)
6 Aug 28 16:18:01 bijayant slapd[8302]: conn=145 op=0 BIND dn="cn=Manager,dc=kavach,dc=blr" method=128
7 Aug 28 16:18:01 bijayant slapd[8302]: conn=145 op=0 RESULT tag=97 err=49 text=
8 Aug 28 16:18:01 bijayant slapd[8302]: conn=146 fd=17 ACCEPT from IP=127.0.0.1:49851 (IP=0.0.0.0:389)
9 Aug 28 16:18:01 bijayant slapd[8302]: conn=145 op=1 UNBIND
10 Aug 28 16:18:01 bijayant slapd[8302]: conn=145 fd=16 closed
11 Aug 28 16:18:01 bijayant slapd[8302]: conn=146 op=0 BIND dn="cn=Manager,dc=kavach,dc=blr" method=128
12 Aug 28 16:18:01 bijayant slapd[8302]: conn=146 op=0 RESULT tag=97 err=49 text=
13 Aug 28 16:18:01 bijayant slapd[8302]: conn=147 fd=16 ACCEPT from IP=127.0.0.1:49852 (IP=0.0.0.0:389)
14 Aug 28 16:18:01 bijayant slapd[8302]: conn=146 op=1 UNBIND
15 Aug 28 16:18:01 bijayant slapd[8302]: conn=146 fd=17 closed
16 Aug 28 16:18:01 bijayant slapd[8302]: conn=147 op=0 BIND dn="cn=Manager,dc=kavach,dc=blr" method=128
17 Aug 28 16:18:01 bijayant slapd[8302]: conn=147 op=0 RESULT tag=97 err=49 text=
18 Aug 28 16:18:01 bijayant slapd[8302]: conn=147 op=1 UNBIND
19 Aug 28 16:18:01 bijayant slapd[8302]: conn=147 fd=16 closed
20 Aug 28 16:18:05 bijayant slapd[8302]: conn=148 fd=16 ACCEPT from IP=127.0.0.1:49853 (IP=0.0.0.0:389)
21 Aug 28 16:18:05 bijayant slapd[8302]: conn=148 op=0 BIND dn="cn=Manager,dc=kavach,dc=blr" method=128
22 Aug 28 16:18:05 bijayant slapd[8302]: conn=148 op=0 RESULT tag=97 err=49 text=
23 Aug 28 16:18:05 bijayant slapd[8302]: conn=149 fd=17 ACCEPT from IP=127.0.0.1:49854 (IP=0.0.0.0:389)
24 Aug 28 16:18:05 bijayant slapd[8302]: conn=148 op=1 UNBIND
25 Aug 28 16:18:05 bijayant slapd[8302]: conn=148 fd=16 closed
26
27
28 Marc Blumentritt <M.Blumentritt@×××××××××××××××.de> wrote:15-20 seconds is to long. I only authentificate ldap-users via
29 Samba-login with windows machines, and this works fast without any delay.
30
31 For the authentification issue: if your user is in the local user data
32 base, it is authentificated against it (depending on your nsswitch and
33 pam settings), if he is in ldap, he is authentificated against ldap. You
34 should't have users in both, local and ldap.
35
36 I looked again at your access rules in slapd.conf: try out these rules:
37
38
39 -----
40
41 access to attrs=userPassword,gecos,description,loginShell
42 by dn="uid=root,ou=people,dc=kavach,dc=blr" write
43 by anonymous auth
44 by self write
45 by * none
46
47 access to *
48 by dn="uid=root,ou=people,dc=kavach,dc=blr" write
49 by users read
50
51 -----
52
53 The first rule allows root to and self to change the attributes
54 "userPassword,gecos,description,loginShell", anonymous to authentificate
55 (=login!) and * nothing.
56
57 The second rule allows root to change all other attributes and
58 authentificated users to read all other attributes.
59
60 Regards,
61 Marc
62 --
63 gentoo-user@g.o mailing list
64
65
66
67 Send instant messages to your online friends http://uk.messenger.yahoo.com
68 Send instant messages to your online friends http://uk.messenger.yahoo.com