[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: slapd auth problem

Stefan Kremer schrieb:

hi

ich habe mein system nun neu aufgesetzt (basisinstallation).

danach erneut mit

apt-get install slapd ldap-util libpam-ldap
den ldap server installiert. die config dateien, die debian angelegt hat, stehen weiter unten. 

/etc/ldap/slapd.conf:

# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema

# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck     on

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile         /var/run/slapd.pid

# List of arguments that were passed to the server
argsfile        /var/run/slapd.args

# Where to store the replica logs
replogfile	/var/lib/ldap/replog

# Read slapd.conf(5) for possible values
loglevel        0

#########################################################
##############
# ldbm database definitions
#########################################################
##############

# The backend type, ldbm, is the default standard
database        ldbm

# The base of your directory
suffix          "o=Testfirma,c=DE"

# Where the database file are physically stored
directory       "/var/lib/ldap"

# Indexing options
index objectClass eq

# Save the time that the entry gets modified
lastmod on

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
        by dn="cn=admin,o=Testfirma,c=DE" write
        by anonymous auth
        by self write
        by * none

# The admin dn has full write access
access to *
        by dn="cn=admin,o=Testfirma,c=DE" write
        by * read

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
access to dn=".*,ou=Roaming,o=morsnet"
        by dn="cn=admin,o=Testfirma,c=DE" write
        by dnattr=owner write



Du MUSST hier noch angeben wer der Admin ist,z.B.:
rootdn          "cn=admin,dc=test,dc=de"

UND wie das Passwort ist,z.B.:
rootpw          {SSHA},6s4BGR%gmQWavMEdVCFW6tk7H%D4dVwJ8





/etc/ldap/ldap.conf:
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $ 
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE	dc=example, dc=com
#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT	12
#TIMELIMIT	15
#DEREF		never


und ein slapcat bei gestopptem slapd ergibt:

dn: o=Testfirma,c=DE
objectClass: organization
o: Testfirma

dn: cn=admin,o=Testfirma,c=DE
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: admin
description: LDAP administrator
userPassword:: e0NSWVBUfUNkcTZqTndJWXhKZG8=

dn: ou=People,o=Testfirma,c=DE
objectClass: organizationalUnit
ou: People

dn: ou=Roaming,o=Testfirma,c=DE
objectClass: organizationalUnit
ou: Roaming


mit welchem hash wird das userPassword generiert?
ich habe versucht mittels slappasswd -h {hash} auf das passwort zu kommen, dass ich während der installation eingegeben habe, aber irgendwie unterscheiden sich die passwörter. 

gruss
stefan






--
Mit freundlichen Gruessen
Bjoern Schmidt
Reply to: