'[ldap] Re: ldapmodify, bound as "self"'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ldap
Subject:    [ldap] Re: ldapmodify, bound as "self"
From:       Martin Schwartz <martin.schwartz () java-info ! de>
Date:       2006-10-20 7:49:59
Message-ID: 1161330599.6475.15.camel () strauss ! nacho ! de
[Download RAW message or body]


Am Donnerstag, den 19.10.2006, 21:36 +0200 schrieb Dieter Kluenter:
> Martin Schwartz <martin.schwartz@java-info.de> writes:
> > 
> > I have an elementary problem and simply can't find the solution. I want
> > my users being able to modify their own data. Modification by others
> > should be forbidden. My test goes:
> [...]
> > Can someone explain why, and what to do instead?
> > 
> set loglevel 128 in slapd.conf.

I'm afraid it doesn't help. I tried even more verbose logging, but still
no clue.

But then... I simply moved on with my tests yesterday to the real
platform (mediawiki plus LdapAuthentication) and adapted it for user
based authentication. Amazingly it works just out of the box.

So why is the command line "ldapmodify" failing while other means work
just fine? I'm not sure I really understand the logs: it looks for me
like ldapmodify is authenticating and then simply stops with error.

Somebody an idea?

Thanks

Martin


> ldapmodify -x -D "uid=martin,ou=user,dc=mydomain,dc=de" -y pw2 -f change.ldif
Result: ldap_bind: Invalid credentials (49)

=== syslog (slapd.conf:loglevel=128):
Oct 20 09:30:44 x slapd[12073]: => access_allowed: auth access to \
                "uid=martin,ou=user,dc=mydomain,dc=de" "userPas
Oct 20 09:30:44 x slapd[12073]: => acl_get: [1] attr userPassword
Oct 20 09:30:44 x slapd[12073]: access_allowed: no res from state (userPassword)
Oct 20 09:30:44 x slapd[12073]: => acl_mask: access to entry \
                "uid=martin,ou=user,dc=mydomain,dc=de", attr "userPa
Oct 20 09:30:44 x slapd[12073]: => acl_mask: to value by "", (=0)
Oct 20 09:30:44 x slapd[12073]: <= check a_dn_pat: cn=admin,dc=mydomain,dc=de
Oct 20 09:30:44 x slapd[12073]: <= check a_dn_pat: anonymous
Oct 20 09:30:44 x slapd[12073]: <= acl_mask: [2] applying auth(=xd) (stop)
Oct 20 09:30:44 x slapd[12073]: <= acl_mask: [2] mask: auth(=xd)
Oct 20 09:30:44 x slapd[12073]: => access_allowed: auth access granted by auth(=xd)
===



---
You are currently subscribed to ldap@umich.edu as: [ldap@progressive-comp.com]
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the \
SUBJECT of the message.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic