OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ferris, Shawn (Shawn.Ferristwtelecom.com)
Date: Sat Sep 29 2001 - 09:25:04 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I am having a problem w/ either OpenLDAP and/or pam_ldap. I have the
    LDAP server running, pam_ldap configured w/ nss_ldap. If I turn the ACL
    off in the slapd.conf file everything works fine. (albeit- Insecure)
    However, using the following access lines result in a non-functioning
    pam_ldap system.

    access to attrs=userPassword
            by self write
            by anonymous auth
            by dn="cn=manager,dc=VirtualSMF,dc=net" write
            by * none

    access to *
            by self write
            by dn="cn=manager,dc=VirtualSMF,dc=net" write
            by * read

    Once these permissions are installed, nothing is able to see the
    userPassword attribute. The ldap.log file looks OK to me, but the record
    returned doesn't show the password. EG:

    $ ldapsearch -x -b 'uid=sferris,ou=People,dc=example,dc=net'
    version: 2
    #
    # filter: (objectclass=*)
    # requesting: ALL
    #

    # sferris,People,dc=example,dc=net
    dn: uid=sferris,ou=People,dc=example,dc=net
    uid: sferris
    cn: Shawn M Ferris
    objectClass: account
    objectClass: posixAccount
    objectClass: top
    gidNumber: 500
    homeDirectory: /home/sferris
    gecos: Shawn M Ferris
    loginShell: /bin/bash
    uidNumber: 500

    # search result
    search: 2
    result: 0 Success

    # numResponses: 2
    # numEntries: 1
    ------------------------------------------------------------------------ 

    ----

    /var/log/ldap.log:
slapd[21321]: daemon: conn=4 fd=7 connection from IP=192.168.0.1:50484
(IP=0.0.0.0:34049) accepted.
slapd[21321]: conn=4 op=0 BIND dn="" method=128
slapd[21321]: conn=4 op=0 RESULT tag=97 err=0 text=
slapd[21321]: conn=4 op=1 SRCH
base="uid=sferris,ou=People,dc=example,dc=net" scope=2
filter="(objectClass=*)"
slapd[21321]: conn=4 op=1 SEARCH RESULT tag=101 err=0 text=
slapd[21321]: conn=4 op=2 UNBIND
slapd[21321]: conn=-1 fd=7 closed
------------------------------------------------------------------------
----

    Can anyone help me.. I'm at my wits end. I've been working on this for 2
weeks now and have looked far and wide on the net to noavail.

    I would greatly appreciate all help provided!

    Shawn Ferris 8)
Oracle DBA

    _______________________________________________ Pam-list mailing list Pam-listredhat.com https://listman.redhat.com/mailman/listinfo/pam-list