Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Marc Blumentritt <M.Blumentritt@×××××××××××××××.de>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] openldap: taking too much of time to authenticate
Date: Mon, 28 Aug 2006 13:20:40
Message-Id: 44F2EC27.7090600@tu-braunschweig.de
1 bijayant kumar schrieb:
2 > Marc,
3 > I tried it also, but no luck this time also. Also i want to show you my /var/log/syslog also, which may be useful to rectify my problem :-
4 >
5 >
6 > Aug 28 16:18:01 bijayant slapd[8302]: conn=145 fd=16 ACCEPT from IP=127.0.0.1:49850 (IP=0.0.0.0:389)
7 > Aug 28 16:18:01 bijayant slapd[8302]: conn=145 op=0 BIND dn="cn=Manager,dc=kavach,dc=blr" method=128
8
9 What is it exactly, you are trying to do with
10 dn="cn=Manager,dc=kavach,dc=blr" ? This is your ldap rootdn. It is not a
11 unix-user.
12
13 > Marc Blumentritt <M.Blumentritt@×××××××××××××××.de> wrote:
14 > I looked again at your access rules in slapd.conf: try out these rules:
15 >
16 >
17 > -----
18 >
19 > access to attrs=userPassword,gecos,description,loginShell
20 > by dn="uid=root,ou=people,dc=kavach,dc=blr" write
21 > by anonymous auth
22 > by self write
23 > by * none
24 >
25 > access to *
26 > by dn="uid=root,ou=people,dc=kavach,dc=blr" write
27 > by users read
28 >
29 > -----
30
31 Next thing I just realized: in your /etc/ldap.conf you set
32 nss_base_passwd to "ou=People,dc=kavach,dc=blr?one", while above
33 "people" is not starting with a capital letter! Correct this and while
34 you are at it, change the access rules to this:
35
36 ---
37 access to attrs=userPassword,gecos,description,loginShell
38 by dn="uid=root,ou=people,dc=kavach,dc=blr" write
39 by dn="cn=Manager,dc=kavach,dc=blr" write
40 by anonymous auth
41 by self write
42 by * none
43
44 access to *
45 by dn="uid=root,ou=people,dc=kavach,dc=blr" write
46 by dn="cn=Manager,dc=kavach,dc=blr" write
47 by users read
48 ---
49
50 Since manager is your rootdn, he should have access to everything. In
51 fact, do you really want a root account in your ldap? I think you do not
52 need, so if you aggree, delete the root lines in your access rules.
53
54 How to you plan to add users to ldap? I mean, which tools you use?
55
56 Regards,
57 Marc
58
59 --
60 gentoo-user@g.o mailing list

Replies

Subject Author
Re: [gentoo-user] [Solved] openldap: taking too much of time to authenticate bijayant kumar <bijayant4u@×××××.com>
Report Message
Find on MARC Find on Google Groups