does the ldap ptloader have to use authz?
Tarjei Huse
tarjei at nu.no
Sun Jul 10 15:55:21 EDT 2005
Hi, I'm trying to use the ldap ptloader with the following :
ldap_base: dc=naturvern,dc=no
ldap_member_base: dc=naturvern,dc=no
ldap_group_base: ou=groups,dc=naturvern,dc=no
#ldap_member_method: attribute
#ldap_member_filter: (memberUid: %u)
#ldap_member_scope: sub
#ldap_mech: plain login
# I've alos tried ldap_sasl: 0
ldap_sasl: no
ldap_restart: 1
#ldap_start_tls:0
ldap_timeout: 4
ldap_tls_cacert_dir: /etc/ssl/certs
ldap_tls_check_peer: no
ldap_uri: ldap://mail.naturvern.no/ ldap://felles.naturvern.no/
Here's what the logs say when ptloader connects to the ldapserver:
l 10 21:44:59 mail slapd[9431]: daemon: read activity on 20
Jul 10 21:44:59 mail slapd[9431]: connection_get(20)
Jul 10 21:44:59 mail slapd[9431]: connection_get(20): got connid=15
Jul 10 21:44:59 mail slapd[9431]: connection_read(20): checking for
input on id=15
Jul 10 21:44:59 mail slapd[9431]: ber_get_next on fd 20 failed errno=11
(Resource temporarily unavailable)
Jul 10 21:44:59 mail slapd[9431]: do_extended
Jul 10 21:44:59 mail slapd[9431]: => get_ctrls
Jul 10 21:44:59 mail slapd[9431]: => get_ctrls:
oid="2.16.840.1.113730.3.4.18" (critical)
Jul 10 21:44:59 mail slapd[9431]: parseProxyAuthz: conn 15
authzid="u:tarjeih"
Jul 10 21:44:59 mail slapd[9431]: slap_sasl_getdn: id=u:tarjeih [len=9]
Jul 10 21:44:59 mail slapd[9431]: slap_sasl_getdn: u:id converted to
uid=tarjeih,cn=SIMPLE,cn=auth
Jul 10 21:44:59 mail slapd[9431]: >>> dnNormalize:
<uid=tarjeih,cn=SIMPLE,cn=auth>
Jul 10 21:44:59 mail slapd[9431]: <<< dnNormalize:
<uid=tarjeih,cn=simple,cn=auth>
Jul 10 21:44:59 mail slapd[9431]: ==>slap_sasl2dn: converting SASL name
uid=tarjeih,cn=simple,cn=auth to a DN
Jul 10 21:44:59 mail slapd[9431]: slap_sasl_regexp: converting SASL name
uid=tarjeih,cn=simple,cn=auth
Jul 10 21:44:59 mail slapd[9431]: <==slap_sasl2dn: Converted SASL name
to <nothing>
Jul 10 21:44:59 mail slapd[9431]: parseProxyAuthz: conn=15
"uid=tarjeih,cn=simple,cn=auth"
Jul 10 21:44:59 mail slapd[9431]: ==>slap_sasl_authorized: can (null)
become uid=tarjeih,cn=simple,cn=auth?
Jul 10 21:44:59 mail slapd[9431]: <== slap_sasl_authorized: return 48
Jul 10 21:44:59 mail slapd[9431]: <= get_ctrls: n=1 rc=47 err="not
authorized to assume identity"
Jul 10 21:44:59 mail slapd[9431]: send_ldap_result: conn=15 op=10 p=3
Jul 10 21:44:59 mail slapd[9431]: send_ldap_result: err=47 matched=""
text="not authorized to assume identity"
Jul 10 21:44:59 mail slapd[9431]: send_ldap_response: msgid=11 tag=120
err=47
Jul 10 21:44:59 mail slapd[9431]: do_extended: get_ctrls failed
Now, as far as I understand, this shouldn't happen as ptloader has
better things to do. I just want it to use a simple anonymous bind. What
should I do to get that?
kind regards,
Tarjei
--
Tarjei Huse <tarjei at nu.no>
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list