From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-ID: <40697320.5010102@iop.kiev.ua> Date: Tue, 30 Mar 2004 16:16:16 +0300 From: "Andriy Dobrovol's'kii" User-Agent: Mozilla/5.0 (X11; U; Linux i686; uk-UA; rv:1.6) Gecko/20040310 X-Accept-Language: uk, ru, en-us MIME-Version: 1.0 To: Community X-Enigmail-Version: 0.83.3.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=KOI8-U; format=flowed Content-Transfer-Encoding: 8bit Subject: [Comm] ldap X-BeenThere: community@altlinux.ru X-Mailman-Version: 2.1.4 Precedence: list Reply-To: community@altlinux.ru List-Id: Mailing list for ALT Linux users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Mar 2004 13:05:21 -0000 Archived-At: List-Archive: List-Post: Hi, Кто-то может пояснить лдапьи ацэли? Не идёт каменный цветок... Не хочет позволять никому кроме админа сервер ничего читать. А в логах тока такое: => access_allowed: search access denied by =n Если поставить отстрел на уровне прохождения ацэлей. Если поднять до 256 то получим такое, например: daemon: conn=1 fd=9 connection from IP=192.168.100.10:32782 (IP=0.0.0.0:389) accepted. Mar 30 14:57:28 dge slapd[440]: conn=1 op=0 BIND dn="" method=128 Mar 30 14:57:28 dge slapd[383]: deferring operation Mar 30 14:57:28 dge slapd[440]: conn=1 op=0 RESULT tag=97 err=0 text= Mar 30 14:57:28 dge slapd[440]: conn=1 op=1 SRCH base="ou=dge,o=ip nasu,o=nasu,c=ua" scope=2 filter="(cn=*)" Mar 30 14:57:28 dge slapd[440]: conn=1 op=1 SEARCH RESULT tag=101 err=0 text= Mar 30 14:57:28 dge slapd[440]: conn=1 op=2 UNBIND Mar 30 14:57:28 dge slapd[440]: conn=-1 fd=9 closed Mar 30 14:58:26 dge slapd[383]: daemon: conn=2 fd=9 connection from IP=192.168.100.10:33181 (IP=0.0.0.0:389) accepted. Mar 30 14:58:26 dge slapd[441]: conn=2 op=0 BIND dn="CN=DOBR,OU=DGE,O=IP NASU,O=NASU,C=UA" method=128 Mar 30 14:58:26 dge slapd[441]: conn=2 op=0 RESULT tag=97 err=0 text= Mar 30 14:58:26 dge slapd[440]: conn=2 op=1 SRCH base="ou=dge,o=ip nasu,o=nasu,c=ua" scope=2 filter="(mail=*)" Mar 30 14:58:26 dge slapd[440]: conn=2 op=1 SEARCH RESULT tag=101 err=0 text= При этом acl прописаны такие: cat slapd.conf |grep ^[^#] include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema pidfile /var/run/slapd.pid argsfile /var/run/slapd.args modulepath /usr/lib/openldap TLSCertificateFile /etc/openldap/ldap.pem TLSCertificateKeyFile /etc/openldap/ldap.pem TLSCACertificateFile /etc/openldap/ldap.pem access to attr=userPassword by self write by anonymous auth by * none access to * by self write access to * by anonymous search access to * by users read access to dn="" by * search database ldbm suffix "ou=dge,o=ip nasu,o=nasu,c=ua" rootdn "cn=Manager,ou=dge,o=ip nasu,o=nasu,c=ua" directory /var/lib/ldap/bases loglevel 256 index objectClass,uid,uidNumber,gidNumber eq index cn,mail,surname,givenname eq,subinitial И по ldapsearch -xLLL "cn=*" получаем отлуп. No such object (32) Хотя объектов с cn в базе хватает. -- Rgrds, Andriy ********************************************************************* email: dobr at iop dot kiev dot ua Kyiv, Ukraine Phone: (380-44) 265-7824 Department of Gas Electronics Fax: (380-44) 265-2329 Institute of Physics of NASU *********************************************************************