Re: slapd auth problem
Stefan Kremer schrieb:
hi
ich habe mein system nun neu aufgesetzt (basisinstallation).
danach erneut mit
apt-get install slapd ldap-util libpam-ldap
den ldap server installiert. die config dateien, die debian angelegt hat,
stehen weiter unten.
/etc/ldap/slapd.conf:
# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Where to store the replica logs
replogfile /var/lib/ldap/replog
# Read slapd.conf(5) for possible values
loglevel 0
#########################################################
##############
# ldbm database definitions
#########################################################
##############
# The backend type, ldbm, is the default standard
database ldbm
# The base of your directory
suffix "o=Testfirma,c=DE"
# Where the database file are physically stored
directory "/var/lib/ldap"
# Indexing options
index objectClass eq
# Save the time that the entry gets modified
lastmod on
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
by dn="cn=admin,o=Testfirma,c=DE" write
by anonymous auth
by self write
by * none
# The admin dn has full write access
access to *
by dn="cn=admin,o=Testfirma,c=DE" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
access to dn=".*,ou=Roaming,o=morsnet"
by dn="cn=admin,o=Testfirma,c=DE" write
by dnattr=owner write
Du MUSST hier noch angeben wer der Admin ist,z.B.:
rootdn "cn=admin,dc=test,dc=de"
UND wie das Passwort ist,z.B.:
rootpw {SSHA},6s4BGR%gmQWavMEdVCFW6tk7H%D4dVwJ8
/etc/ldap/ldap.conf:
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05
17:54:38 kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
und ein slapcat bei gestopptem slapd ergibt:
dn: o=Testfirma,c=DE
objectClass: organization
o: Testfirma
dn: cn=admin,o=Testfirma,c=DE
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: admin
description: LDAP administrator
userPassword:: e0NSWVBUfUNkcTZqTndJWXhKZG8=
dn: ou=People,o=Testfirma,c=DE
objectClass: organizationalUnit
ou: People
dn: ou=Roaming,o=Testfirma,c=DE
objectClass: organizationalUnit
ou: Roaming
mit welchem hash wird das userPassword generiert?
ich habe versucht mittels slappasswd -h {hash} auf das passwort zu
kommen, dass ich während der installation eingegeben habe, aber
irgendwie unterscheiden sich die passwörter.
gruss
stefan
--
Mit freundlichen Gruessen
Bjoern Schmidt
Reply to: