[CentOS] {Disarmed} Problem with first login

Mon Apr 19 13:08:48 UTC 2010
Craig White <craigwhite at azapple.com>

On Mon, 2010-04-19 at 17:12 +0800, sync wrote:
> Hi , guys:
> 
>     I have a problem  on the openldap Manager account login : 
> 
>    The server is running CentOS 5.3 i386  and I have
> phpldapadmin-1.0.1-1.el5.noarch.rpm  installed .
>      It's running apache 2.2.3  with php 5.1.6 and openldap 2.3.34.
> 
>     I believe I have slapd setup correctly but I'm not completely
> sure.
> 
>     My /etc/openldap/slapd.conf file has...
> 
>       access to *
>         by self write
>         by * read
>         by anonymous auth
----
this doesn't seem right to me - at the point you do access to * by *,
every other ACL below that becomes meaningless.
----
> 
>      database        bdb
>      suffix          "dc=my-domain,dc=com"
>     rootdn         "cn=Manager,dc=my-domain,dc=com"
>     rootpw         {SSHA}xxxxx
> 
>     My /etc/ldap.conf has the following lines (among others)...
>      host MailScanner warning: numerical links are often malicious:
> 127.0.0.1
>      base dc=my-domain,dc=com
> 
>    If I do the following command...
> 
>     ldapsearch -x -D "cn=Manager,dc=my-domain,dc=com" -W
> 
>    from the command line it asks for a password. 
>  
>    If  I type the password I created with slapppassd and have as
> rootpw in slapd.conf it carries on and returns the following (with
> comments removed)...
> 
>    search: 2
>    result: 32 No such object
----
you didn't give it an object to search for
----
> 
>    So it appears that from the command line authentication with ldap
> is working.
----
yes, it is working
----
> 
>    In my phpldapadmin config.php file i've modified the following
> lines...
>   $ldapservers->SetValue($i,'server','host','MailScanner warning:
> numerical links are often malicious: 127.0.0.1');
>    $ldapservers->SetValue($i,'server','port','389');
>   $ldapservers->SetValue($i,'server','auth_type','session');
> 
>    When I go to phpldapadmin and do "Anonymous Bind" it connects and
> allows me to view the ldap tree.
----
yes, you allow that with your ACL's
----
>    If I try and login with user "Manager" and the password I use on
> the command line, it doesn't work giving me... "Bad username or
> password. Please try again."
> 
>   I've also tried putting the following line to my config.php file but
> to no avail...
>   $ldapservers->SetValue($i,'server','base',array('my-domain',
> 'com'));
> 
>    Am I using the correct username?
>   Are there any commands I can do to further check my ldap server is
> setup correctly?
>   Are there any log files I can look at?
> 
>   Thanks for all your help. 
----
your login 'name' in phpldapadmin would likely have to be the rootbinddn
at this stage... cn=Manager,dc=my-domain,dc=com as I think Alexander has
already pointed out. The 'server' base array should be
'dc=my-domain,dc=com'

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.