Hi , guys:
I have a problem on the openldap Manager account login :
The server is running CentOS 5.3 i386 and I have
phpldapadmin-1.0.1-1.el5.noarch.rpm
installed .
It's running apache 2.2.3 with php 5.1.6 and openldap 2.3.34.
I believe I have slapd setup correctly but I'm not completely sure.
My /etc/openldap/slapd.conf file has...
access to *
by self write
by * read
by anonymous auth
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
rootpw {SSHA}xxxxx
My /etc/ldap.conf has the following lines (among others)...
host 127.0.0.1
base dc=my-domain,dc=com
If I do the following command...
ldapsearch -x -D "cn=Manager,dc=my-domain,dc=com" -W
from the command line it asks for a password.
If I type the password I created with slapppassd and have as rootpw in
slapd.conf it carries on and returns the following (with comments
removed)...
search: 2
result: 32 No such object
So it appears that from the command line authentication with ldap is
working.
In my phpldapadmin config.php file i've modified the following lines...
$ldapservers->SetValue($i,'server','host','127.0.0.1');
$ldapservers->SetValue($i,'server','port','389');
$ldapservers->SetValue($i,'server','auth_type','session');
When I go to phpldapadmin and do "Anonymous Bind" it connects and
allows
me to view the ldap tree.
If I try and login with user "Manager" and the password I use on
the
command line, it doesn't work giving me... "Bad username or password.
Please
try again."
I've also tried putting the following line to my config.php file but to no
avail...
$ldapservers->SetValue($i,'server','base',array('my-domain',
'com'));
Am I using the correct username?
Are there any commands I can do to further check my ldap server is setup
correctly?
Are there any log files I can look at?
Thanks for all your help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20100419/a7fb0079/attachment-0002.html>
> Hi , guys: > > I have a problem on the openldap Manager account login :> rootdn "cn=Manager,dc=my-domain,dc=com"> If I do the following command... > > ldapsearch -x -D "cn=Manager,dc=my-domain,dc=com" -W > > from the command line it asks for a password. > > If I type the password I created with slapppassd and have as rootpw in > slapd.conf it carries on and returns the following (with comments > removed)... > > search: 2 > result: 32 No such object > > So it appears that from the command line authentication with ldap is > working. > > In my phpldapadmin config.php file i've modified the following lines... > $ldapservers->SetValue($i,'server','host','127.0.0.1'); > $ldapservers->SetValue($i,'server','port','389'); > $ldapservers->SetValue($i,'server','auth_type','session');> If I try and login with user "Manager" and the password I use on the > command line, it doesn't work giving me... "Bad username or password. > Please try again."Your login user is "cn=Manager,dc=my-domain,dc=com", not just "Manager". Alexander
On Mon, 2010-04-19 at 17:12 +0800, sync wrote:> Hi , guys: > > I have a problem on the openldap Manager account login : > > The server is running CentOS 5.3 i386 and I have > phpldapadmin-1.0.1-1.el5.noarch.rpm installed . > It's running apache 2.2.3 with php 5.1.6 and openldap 2.3.34. > > I believe I have slapd setup correctly but I'm not completely > sure. > > My /etc/openldap/slapd.conf file has... > > access to * > by self write > by * read > by anonymous auth---- this doesn't seem right to me - at the point you do access to * by *, every other ACL below that becomes meaningless. ----> > database bdb > suffix "dc=my-domain,dc=com" > rootdn "cn=Manager,dc=my-domain,dc=com" > rootpw {SSHA}xxxxx > > My /etc/ldap.conf has the following lines (among others)... > host MailScanner warning: numerical links are often malicious: > 127.0.0.1 > base dc=my-domain,dc=com > > If I do the following command... > > ldapsearch -x -D "cn=Manager,dc=my-domain,dc=com" -W > > from the command line it asks for a password. > > If I type the password I created with slapppassd and have as > rootpw in slapd.conf it carries on and returns the following (with > comments removed)... > > search: 2 > result: 32 No such object---- you didn't give it an object to search for ----> > So it appears that from the command line authentication with ldap > is working.---- yes, it is working ----> > In my phpldapadmin config.php file i've modified the following > lines... > $ldapservers->SetValue($i,'server','host','MailScanner warning: > numerical links are often malicious: 127.0.0.1'); > $ldapservers->SetValue($i,'server','port','389'); > $ldapservers->SetValue($i,'server','auth_type','session'); > > When I go to phpldapadmin and do "Anonymous Bind" it connects and > allows me to view the ldap tree.---- yes, you allow that with your ACL's ----> If I try and login with user "Manager" and the password I use on > the command line, it doesn't work giving me... "Bad username or > password. Please try again." > > I've also tried putting the following line to my config.php file but > to no avail... > $ldapservers->SetValue($i,'server','base',array('my-domain', > 'com')); > > Am I using the correct username? > Are there any commands I can do to further check my ldap server is > setup correctly? > Are there any log files I can look at? > > Thanks for all your help.---- your login 'name' in phpldapadmin would likely have to be the rootbinddn at this stage... cn=Manager,dc=my-domain,dc=com as I think Alexander has already pointed out. The 'server' base array should be 'dc=my-domain,dc=com' Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.