[CentOS] {Disarmed} Problem with first login
Craig White
craigwhite at azapple.com
Mon Apr 19 13:08:48 UTC 2010
On Mon, 2010-04-19 at 17:12 +0800, sync wrote:
> Hi , guys:
>
> I have a problem on the openldap Manager account login :
>
> The server is running CentOS 5.3 i386 and I have
> phpldapadmin-1.0.1-1.el5.noarch.rpm installed .
> It's running apache 2.2.3 with php 5.1.6 and openldap 2.3.34.
>
> I believe I have slapd setup correctly but I'm not completely
> sure.
>
> My /etc/openldap/slapd.conf file has...
>
> access to *
> by self write
> by * read
> by anonymous auth
----
this doesn't seem right to me - at the point you do access to * by *,
every other ACL below that becomes meaningless.
----
>
> database bdb
> suffix "dc=my-domain,dc=com"
> rootdn "cn=Manager,dc=my-domain,dc=com"
> rootpw {SSHA}xxxxx
>
> My /etc/ldap.conf has the following lines (among others)...
> host MailScanner warning: numerical links are often malicious:
> 127.0.0.1
> base dc=my-domain,dc=com
>
> If I do the following command...
>
> ldapsearch -x -D "cn=Manager,dc=my-domain,dc=com" -W
>
> from the command line it asks for a password.
>
> If I type the password I created with slapppassd and have as
> rootpw in slapd.conf it carries on and returns the following (with
> comments removed)...
>
> search: 2
> result: 32 No such object
----
you didn't give it an object to search for
----
>
> So it appears that from the command line authentication with ldap
> is working.
----
yes, it is working
----
>
> In my phpldapadmin config.php file i've modified the following
> lines...
> $ldapservers->SetValue($i,'server','host','MailScanner warning:
> numerical links are often malicious: 127.0.0.1');
> $ldapservers->SetValue($i,'server','port','389');
> $ldapservers->SetValue($i,'server','auth_type','session');
>
> When I go to phpldapadmin and do "Anonymous Bind" it connects and
> allows me to view the ldap tree.
----
yes, you allow that with your ACL's
----
> If I try and login with user "Manager" and the password I use on
> the command line, it doesn't work giving me... "Bad username or
> password. Please try again."
>
> I've also tried putting the following line to my config.php file but
> to no avail...
> $ldapservers->SetValue($i,'server','base',array('my-domain',
> 'com'));
>
> Am I using the correct username?
> Are there any commands I can do to further check my ldap server is
> setup correctly?
> Are there any log files I can look at?
>
> Thanks for all your help.
----
your login 'name' in phpldapadmin would likely have to be the rootbinddn
at this stage... cn=Manager,dc=my-domain,dc=com as I think Alexander has
already pointed out. The 'server' base array should be
'dc=my-domain,dc=com'
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the CentOS
mailing list