[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: Re: [pamldap] ldap Authentication via ldapsearch suceeded, via pam_ldap
From: Martin Kufner <mk () kufnerfutures ! com>
Date: 2005-07-26 4:48:00
Message-ID: 42E5C080.3090905 () kufnerfutures ! com
[Download RAW message or body]
Hi Ken!
ksmith@barton.ca wrote:
> Just something to try:
>
> try "id test" and see if you get the proper response.
>
>
Works: uid=1000(test) gid=1000(test) groups=1000(test)
> also try "ldapsearch -x -h ldapservername" and see if it lists your entire
>
>
Works,complete listig without attr:userPassword
> directory
>
> then try "ldapsearch -x -h ldapservername -D directory-managers-DN -w
> directory-managers-password" and see if it still lists the entire
> directory
>
>
Works ,complete listing with attr:userPassword
ldapsearch -U test -h localhost -D
"uid=test,ou=People,dc=kufnerfutures,dc=com" -Y DIGEST-MD5 "(uid=test)"
Works,user test with attr:userPassword
ldapsearch -U test -h localhost -D
"uid=test,ou=People,dc=kufnerfutures,dc=com" -Y PLAIN "(uid=test)"
Works,user test without attr:userPassword
> Let me know what your find out.
>
> Ken Smith
> Network Systems Engineer
> Barton Insurance Brokers Ltd
> TEL:(604)703-7056
> CEL:(604)793-3703
> FAX (604)703-7099
> ksmith@barton.ca
>
> "FAILURE is not an option ... it's built in to all MicroSoft products!"
>
>
>
> Martin Kufner \
> <mk@kufnerfutures To: ksmith@barton.ca \
>
> .com> cc: \
>
> Subject: Re: [pamldap] ldap Authentication via ldapsearch suceeded, via pam_ldap \
> 07/25/2005 09:22 failed \
> AM \
>
>
>
>
>
>
> Hi Ken!
>
> the admin password is in /etc/ldap.secret and it is mode 600.
>
> Pam can connect, and it does. first when it tries to bind as the user it
> fails.
>
> Analyzing the listings I feel that it might have to do something with
> proxuser-authentication.
>
> ksmith@barton.ca wrote:
>
>
>
> > It sounds like your directory is working but pamldap is not being able to
> > read it. Just a guess but did you put your ldap administrator's password
> > into /etc/ldap.secret and change the permissions to 600 to prevent anyone
> > else from seeing it?
> >
> > Ken Smith
> > Network Systems Engineer
> > Barton Insurance Brokers Ltd
> > TEL:(604)703-7056
> > CEL:(604)793-3703
> > FAX (604)703-7099
> > ksmith@barton.ca
> >
> > "FAILURE is not an option ... it's built in to all MicroSoft products!"
> >
> >
> >
> > Martin Kufner
> > <mk@kufnerfutures To: pamldap@padl.com
> > .com> cc:
> > Sent by: Subject: [pamldap] ldap
> >
> >
> Authentication via ldapsearch suceeded, via pam_ldap failed
>
>
> > owner-pamldap@pad
> > l.com
> >
> >
> > 07/25/2005 08:24
> > AM
> >
> >
> >
> >
> >
> >
> > Hi there!
> >
> > I just finished searching the archives.
> > My problem is:
> >
> > I want to use pam_ldap and tls(later on, when this problem is fixed)
> >
> > Ldapsearch
> > with simple authentication works
> > with sasl with method PLAIN or DIGEST-MD5 works
> >
> > When I try to login via pam_ldap it fails.
> > pam_ldap does not seem to do simple authentication (slapd-log:"invalid
> > credentials"), and I found no way to force it
> > when I try sasl method DIGEST-MD5 it fails with
> > slapd-log:"authentication failure: client response doesn't match what we
> > generated"
> > when I try sasl method PLAIN it fails with slapd-log:"No matching
> > key/data pair found".
> > I mentioned, that the converted sasl-name using PLAIN is
> > uid=test@kufnerfutures.com,ou=People, ..., while using DIGEST-MD5 it is
> > -correctly- uid=test,ou=People, ... - don't know the reason why. I just
> > switched (pam_sasl_method).
> >
> > Im stuck with this more than one week.
> >
> > I couldnt find answers to:
> > - which type of password (cleartext,crypt,md5, ..) to use in the
> > ldap-directory for PAM_LDAP
> > - why ldapsearch switches to "proxy authorisazion" and PAM does not.
> >
> > Is there a "Big Picture of LDAP/SASL/PAM" where man can understand
> > what's going on?
> >
> > I would be glad if someone can help me finding a way to use pam_ldap
> > either with authentication simple with TLS or with working SASL
> >
> > Sincerely yours
> > Martin Kufner
> >
> > below:
> > ldap.conf
> > pam_ldap.conf
> > excerpts of syslog (slapd)
> > - using pam_ldap
> > - using ldapsearch
> > slapd.conf
> > --------------------------------------------
> >
> > #/etc/ldap/ldap.conf
> >
> > BASE dc=kufnerfutures,dc=com
> > URI ldap://localhost
> > #URI ldap://ldap.example.com ldap://ldap-master.example.com:666
> >
> > #SIZELIMIT 12
> > #TIMELIMIT 15
> > #DEREF never
> >
> > #TLS_CACERT /etc/ssl/cacert.pem
> > #TLS_REQCERT demand
> > SASL_SECPROPS none
> > SASL_REALM KUFNERFUTURES.COM
> > SASL_MECH PLAIN
> > #DIGEST-MD5
> >
> > use_sasl on
> > -----------------------------------
> >
> >
> > #/etc/pam_ldap.conf
> >
> > host 127.0.0.1
> > base dc=kufnerfutures,dc=com
> > ldap_version 3
> > pam_password clear
> > sasl_secprops maxssf=0
> > pam_sasl_mech DIGEST-MD5
> > # PLAIN
> >
> > ----------------------------------------------
> > slapd log with PAM_ldap login Mech=DIGEST-MD5
> >
> > SASL Canonicalize [conn=26]:
> > slapAuthcDN="uid=test,ou=people,dc=kufnerfutures,dc=com"
> > => bdb_search
> > bdb_dn2entry("uid=test,ou=people,dc=kufnerfutures,dc=com")
> > base_candidates: base: "uid=test,ou=people,dc=kufnerfutures,dc=com"
> > (0x0000000c)
> > slap_auxprop: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined
> > send_ldap_result: conn=26 op=0 p=3
> > send_ldap_result: err=0 matched="" text=""
> > SASL Canonicalize [conn=26]: authzid="test"
> > SASL [conn=26] Failure: client response doesn't match what we generated
> > send_ldap_result: conn=26 op=4 p=3
> > send_ldap_result: err=49 matched="" text="SASL(-13): authentication
> > failure: client response doesn't match what we generated"
> > send_ldap_response: msgid=5 tag=97 err=49
> > conn=26 op=4 RESULT tag=97 err=49 text=SASL(-13): authentication
> > failure: client response doesn't match what we generated
> >
> > FAIL!
> > ---------------------------
> > slapd log with: ldapsearch -U test -v -Y DIGEST-MD5 "(uid=test)" -D
> > "uid=test,ou=People,dc=kufnerfutures,dc=com"
> >
> > SASL Canonicalize [conn=21]:
> > slapAuthcDN="uid=test,ou=people,dc=kufnerfutures,dc=com"
> > => bdb_search
> > bdb_dn2entry("uid=test,ou=people,dc=kufnerfutures,dc=com")
> > base_candidates: base: "uid=test,ou=people,dc=kufnerfutures,dc=com"
> > (0x0000000c)
> > slap_auxprop: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined
> > send_ldap_result: conn=21 op=0 p=3
> > send_ldap_result: err=0 matched="" text=""
> > SASL Canonicalize [conn=21]: authzid="test"
> > SASL proxy authorize [conn=21]: authcid="test@KUFNERFUTURES.COM"
> > authzid="test@KUFNERFUTURES.COM"
> > conn=21 op=1 BIND authcid="test@KUFNERFUTURES.COM"
> > SASL Authorize [conn=21]: proxy authorization allowed
> > send_ldap_sasl: err=0 len=40
> > send_ldap_response: msgid=2 tag=97 err=0
> > <== slap_sasl_bind: rc=0
> > conn=21 op=1 BIND dn="uid=test,ou=people,dc=kufnerfutures,dc=com"
> > mech=DIGEST-MD5 ssf=128
> > do_bind: SASL/DIGEST-MD5 bind:
> > dn="uid=test,ou=people,dc=kufnerfutures,dc=com" ssf=128
> > connection_get(9)
> >
> > SUCCESS!
> >
> > ------------------------------------
> >
> > /etc/ldap/slapd.conf
> >
> > #######################################################################
> > # Global Directives:
> >
> > # Features to permit
> > #allow bind_v2
> >
> > # Schema and objectClass definitions
> > include /etc/ldap/schema/core.schema
> > include /etc/ldap/schema/cosine.schema
> > include /etc/ldap/schema/nis.schema
> > include /etc/ldap/schema/inetorgperson.schema
> >
> > # Schema check allows for forcing entries to
> > # match schemas for their objectClasses's
> > schemacheck on
> >
> > # Where the pid file is put. The init.d script
> > # will not stop the server if you change this.
> > pidfile /var/run/slapd/slapd.pid
> >
> > # List of arguments that were passed to the server
> > argsfile /var/run/slapd.args
> >
> > # Read slapd.conf(5) for possible values
> > #loglevel 768
> > loglevel 775
> > #768
> > #2304
> >
> > # Where the dynamically loaded modules are stored
> > modulepath /usr/lib/ldap
> > moduleload back_bdb
> >
> >
> > # kufnerfutures
> > #TLSCertificateFile /etc/ssl/certs/hostnamecert.pem
> > #TLSCertificateKeyFile /etc/ssl/private/hostnamekey.pem
> > #TLSCACertificateFile /etc/ssl/cacert.pem
> > password-hash {CLEARTEXT}
> >
> > #######################################################################
> > # Specific Backend Directives for bdb:
> > # Backend specific directives apply to this backend until another
> > # 'backend' directive occurs
> > backend bdb
> > checkpoint 512 30
> >
> > #######################################################################
> > # Specific Backend Directives for 'other':
> > # Backend specific directives apply to this backend until another
> > # 'backend' directive occurs
> > #backend <other>
> >
> >
> > #######################################################################
> > # Specific Directives for database #1, of type bdb:
> > # Database specific directives apply to this databasse until another
> > # 'database' directive occurs
> > database bdb
> >
> > sasl-realm KUFNERFUTURES.COM
> > sasl-host localhost
> > #ns1.kufnerfutures.com
> > sasl-secprops none
> > sasl-regexp
> > uid=(.*),cn=KUFNERFUTURES.COM,cn=.*,cn=auth
> > uid=$1,ou=People,dc=kufnerfutures,dc=com
> > # ldap://ou=People,dc=kufnerfutures,dc=com??one?(uid=$1)
> >
> > # The base of your directory in database #1
> > suffix "dc=kufnerfutures,dc=com"
> >
> > # Where the database file are physically stored for database #1
> > directory "/var/lib/ldap"
> >
> > # Indexing options for database #1
> > #index objectClass eq
> > index objectClass,uid,gidNumber eq
> > index cn,mail,surname,givenName eq,subinitial
> > index default eq
> > #index objectClass eq
> > index phpgwContactOwner pres,eq,sub
> > index uidNumber pres,eq
> >
> >
> > # Save the time that the entry gets modified, for database #1
> > lastmod on
> >
> > # Where to store the replica logs for database #1
> > # replogfile /var/lib/ldap/replog
> >
> >
> >
> >
> > # The userPassword by default can be changed
> > # by the entry owning it if they are authenticated.
> > # Others should not be able to see it, except the
> > # admin entry below
> > # These access lines apply to database #1 only
> > access to attrs=userPassword
> > by dn="cn=admin,dc=kufnerfutures,dc=com" write
> > by anonymous auth
> > by self write
> > by * none
> >
> > # Ensure read access to the base for things like
> > # supportedSASLMechanisms. Without this you may
> > # have problems with SASL not knowing what
> > # mechanisms are available and the like.
> > # Note that this is covered by the 'access to *'
> > # ACL below too but if you change that as people
> > # are wont to do you'll still need this if you
> > # want SASL (and possible other things) to work
> > # happily.
> > access to dn.base="" by * read
> >
> > # The admin dn has full write access, everyone else
> > # can read everything.
> > access to *
> > by dn="cn=admin,dc=kufnerfutures,dc=com" write
> > by * read
> >
> >
> >
> >
> > --
> > kufner futures ges.m.b.h.
> > fn 243798 b HG Wien
> > Linke Wienzeile 178/3/142
> > A-1060 Wien / Europe
> > Tel +43 1 4854200 Fax +43 1 4854200 30
> > mailto:office@kufnerfutures.com
> > http://www.kufnerfutures.com
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> kufner futures ges.m.b.h.
> fn 243798 b HG Wien
> Linke Wienzeile 178/3/142
> A-1060 Wien / Europe
> Tel +43 1 4854200 Fax +43 1 4854200 30
> mailto:office@kufnerfutures.com
> http://www.kufnerfutures.com
>
>
>
>
>
>
>
--
kufner futures ges.m.b.h.
fn 243798 b HG Wien
Linke Wienzeile 178/3/142
A-1060 Wien / Europe
Tel +43 1 4854200 Fax +43 1 4854200 30
mailto:office@kufnerfutures.com
http://www.kufnerfutures.com
Kurs: Selbstverteidigung und Zivilcourage
Einsatzkräfte brauchen in Österreich 8-10 Minuten um an Ort und Stelle zu sein.
Im Kurs wird vermittelt wie ich in diesen 8-10 Minuten
* gefährliche Situationen deeskalieren kann,
* mich und Andere vor 90% der Gewaltkriminalität schützen kann,
* andere Personen aus Gefahren bergen kann,
und dabei nicht mit dem Gesetz in Konflikt komme.
Zusätzlich lernen Frauen in einer eigenen Übungs-Einheit, wie sie sich vor \
Vergewaltigung schützen können.
http://www.kufnerfutures.com/ihl
[Attachment #3 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Ken!<br>
<br>
<a class="moz-txt-link-abbreviated" \
href="mailto:ksmith@barton.ca">ksmith@barton.ca</a> wrote: <blockquote
cite="midOF4E15FE31.A8C85E82-ON88257049.0083C8E3-8825704A.00007622@bartoninsurance.com"
type="cite">
<pre wrap="">Just something to try:
try "id test" and see if you get the proper response.
</pre>
</blockquote>
Works: uid=1000(test) gid=1000(test) groups=1000(test)<br>
<br>
<br>
<blockquote
cite="midOF4E15FE31.A8C85E82-ON88257049.0083C8E3-8825704A.00007622@bartoninsurance.com"
type="cite">
<pre wrap="">
also try "ldapsearch -x -h ldapservername" and see if it lists your entire
</pre>
</blockquote>
Works,complete listig without attr:userPassword<br>
<br>
<blockquote
cite="midOF4E15FE31.A8C85E82-ON88257049.0083C8E3-8825704A.00007622@bartoninsurance.com"
type="cite">
<pre wrap="">directory
then try "ldapsearch -x -h ldapservername -D directory-managers-DN -w
directory-managers-password" and see if it still lists the entire
directory
</pre>
</blockquote>
Works ,complete listing with attr:userPassword<br>
<br>
ldapsearch -U test -h localhost -D
"uid=test,ou=People,dc=kufnerfutures,dc=com" -Y DIGEST-MD5 "(uid=test)"<br>
Works,user test with attr:userPassword<br>
<br>
ldapsearch -U test -h localhost -D
"uid=test,ou=People,dc=kufnerfutures,dc=com" -Y PLAIN "(uid=test)"<br>
Works,user test without attr:userPassword<br>
<br>
<blockquote
cite="midOF4E15FE31.A8C85E82-ON88257049.0083C8E3-8825704A.00007622@bartoninsurance.com"
type="cite">
<pre wrap="">
Let me know what your find out.
Ken Smith
Network Systems Engineer
Barton Insurance Brokers Ltd
TEL:(604)703-7056
CEL:(604)793-3703
FAX (604)703-7099
<a class="moz-txt-link-abbreviated" \
href="mailto:ksmith@barton.ca">ksmith@barton.ca</a>
"FAILURE is not an option ... it's built in to all MicroSoft products!"
\
Martin Kufner \
<a class="moz-txt-link-rfc2396E" \
href="mailto:mk@kufnerfuturesTo:ksmith@barton.ca.com"><mk@kufnerfutures To: \
ksmith@barton.ca \
.com></a> cc: \
Subject: Re: [pamldap] ldap \
Authentication via ldapsearch suceeded, via pam_ldap
07/25/2005 09:22 failed \
AM \
\
\
Hi Ken!
the admin password is in /etc/ldap.secret and it is mode 600.
Pam can connect, and it does. first when it tries to bind as the user it
fails.
Analyzing the listings I feel that it might have to do something with
proxuser-authentication.
<a class="moz-txt-link-abbreviated" \
href="mailto:ksmith@barton.ca">ksmith@barton.ca</a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">It sounds like your directory is working but pamldap is not being \
able to read it. Just a guess but did you put your ldap administrator's password
into /etc/ldap.secret and change the permissions to 600 to prevent anyone
else from seeing it?
Ken Smith
Network Systems Engineer
Barton Insurance Brokers Ltd
TEL:(604)703-7056
CEL:(604)793-3703
FAX (604)703-7099
<a class="moz-txt-link-abbreviated" \
href="mailto:ksmith@barton.ca">ksmith@barton.ca</a>
"FAILURE is not an option ... it's built in to all MicroSoft products!"
Martin Kufner
<a class="moz-txt-link-rfc2396E" \
href="mailto:mk@kufnerfuturesTo:pamldap@padl.com.com"><mk@kufnerfutures To: \
pamldap@padl.com
.com></a> cc:
Sent by: Subject: [pamldap] ldap
</pre>
</blockquote>
<pre wrap=""><!---->Authentication via ldapsearch suceeded, via pam_ldap failed
</pre>
<blockquote type="cite">
<pre wrap=""> owner-pamldap@pad
l.com
07/25/2005 08:24
AM
Hi there!
I just finished searching the archives.
My problem is:
I want to use pam_ldap and tls(later on, when this problem is fixed)
Ldapsearch
with simple authentication works
with sasl with method PLAIN or DIGEST-MD5 works
When I try to login via pam_ldap it fails.
pam_ldap does not seem to do simple authentication (slapd-log:"invalid
credentials"), and I found no way to force it
when I try sasl method DIGEST-MD5 it fails with
slapd-log:"authentication failure: client response doesn't match what we
generated"
when I try sasl method PLAIN it fails with slapd-log:"No matching
key/data pair found".
I mentioned, that the converted sasl-name using PLAIN is
<a class="moz-txt-link-abbreviated" \
href="mailto:uid=test@kufnerfutures.com,ou=People">uid=test@kufnerfutures.com,ou=People</a>, \
..., while using DIGEST-MD5 it is
-correctly- uid=test,ou=People, ... - don't know the reason why. I just
switched (pam_sasl_method).
Im stuck with this more than one week.
I couldnt find answers to:
- which type of password (cleartext,crypt,md5, ..) to use in the
ldap-directory for PAM_LDAP
- why ldapsearch switches to "proxy authorisazion" and PAM does not.
Is there a "Big Picture of LDAP/SASL/PAM" where man can understand
what's going on?
I would be glad if someone can help me finding a way to use pam_ldap
either with authentication simple with TLS or with working SASL
Sincerely yours
Martin Kufner
below:
ldap.conf
pam_ldap.conf
excerpts of syslog (slapd)
- using pam_ldap
- using ldapsearch
slapd.conf
--------------------------------------------
#/etc/ldap/ldap.conf
BASE dc=kufnerfutures,dc=com
URI <a class="moz-txt-link-freetext" href="ldap://localhost">ldap://localhost</a>
#URI <a class="moz-txt-link-freetext" \
href="ldap://ldap.example.com">ldap://ldap.example.com</a> <a \
class="moz-txt-link-freetext" \
href="ldap://ldap-master.example.com:666">ldap://ldap-master.example.com:666</a>
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
#TLS_CACERT /etc/ssl/cacert.pem
#TLS_REQCERT demand
SASL_SECPROPS none
SASL_REALM KUFNERFUTURES.COM
SASL_MECH PLAIN
#DIGEST-MD5
use_sasl on
-----------------------------------
#/etc/pam_ldap.conf
host 127.0.0.1
base dc=kufnerfutures,dc=com
ldap_version 3
pam_password clear
sasl_secprops maxssf=0
pam_sasl_mech DIGEST-MD5
# PLAIN
----------------------------------------------
slapd log with PAM_ldap login Mech=DIGEST-MD5
SASL Canonicalize [conn=26]:
slapAuthcDN="uid=test,ou=people,dc=kufnerfutures,dc=com"
=> bdb_search
bdb_dn2entry("uid=test,ou=people,dc=kufnerfutures,dc=com")
base_candidates: base: "uid=test,ou=people,dc=kufnerfutures,dc=com"
(0x0000000c)
slap_auxprop: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined
send_ldap_result: conn=26 op=0 p=3
send_ldap_result: err=0 matched="" text=""
SASL Canonicalize [conn=26]: authzid="test"
SASL [conn=26] Failure: client response doesn't match what we generated
send_ldap_result: conn=26 op=4 p=3
send_ldap_result: err=49 matched="" text="SASL(-13): authentication
failure: client response doesn't match what we generated"
send_ldap_response: msgid=5 tag=97 err=49
conn=26 op=4 RESULT tag=97 err=49 text=SASL(-13): authentication
failure: client response doesn't match what we generated
FAIL!
---------------------------
slapd log with: ldapsearch -U test -v -Y DIGEST-MD5 "(uid=test)" -D
"uid=test,ou=People,dc=kufnerfutures,dc=com"
SASL Canonicalize [conn=21]:
slapAuthcDN="uid=test,ou=people,dc=kufnerfutures,dc=com"
=> bdb_search
bdb_dn2entry("uid=test,ou=people,dc=kufnerfutures,dc=com")
base_candidates: base: "uid=test,ou=people,dc=kufnerfutures,dc=com"
(0x0000000c)
slap_auxprop: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined
send_ldap_result: conn=21 op=0 p=3
send_ldap_result: err=0 matched="" text=""
SASL Canonicalize [conn=21]: authzid="test"
SASL proxy authorize [conn=21]: authcid=<a class="moz-txt-link-rfc2396E" \
href="mailto:test@KUFNERFUTURES.COM">"test@KUFNERFUTURES.COM"</a> authzid=<a \
class="moz-txt-link-rfc2396E" \
href="mailto:test@KUFNERFUTURES.COM">"test@KUFNERFUTURES.COM"</a> conn=21 op=1 BIND \
authcid=<a class="moz-txt-link-rfc2396E" \
href="mailto:test@KUFNERFUTURES.COM">"test@KUFNERFUTURES.COM"</a> SASL Authorize \
[conn=21]: proxy authorization allowed
send_ldap_sasl: err=0 len=40
send_ldap_response: msgid=2 tag=97 err=0
<== slap_sasl_bind: rc=0
conn=21 op=1 BIND dn="uid=test,ou=people,dc=kufnerfutures,dc=com"
mech=DIGEST-MD5 ssf=128
do_bind: SASL/DIGEST-MD5 bind:
dn="uid=test,ou=people,dc=kufnerfutures,dc=com" ssf=128
connection_get(9)
SUCCESS!
------------------------------------
/etc/ldap/slapd.conf
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Read slapd.conf(5) for possible values
#loglevel 768
loglevel 775
#768
#2304
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb
# kufnerfutures
#TLSCertificateFile /etc/ssl/certs/hostnamecert.pem
#TLSCertificateKeyFile /etc/ssl/private/hostnamekey.pem
#TLSCACertificateFile /etc/ssl/cacert.pem
password-hash {CLEARTEXT}
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
checkpoint 512 30
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
sasl-realm KUFNERFUTURES.COM
sasl-host localhost
#ns1.kufnerfutures.com
sasl-secprops none
sasl-regexp
uid=(.*),cn=KUFNERFUTURES.COM,cn=.*,cn=auth
uid=$1,ou=People,dc=kufnerfutures,dc=com
# <a class="moz-txt-link-freetext" \
href="ldap://ou=People,dc=kufnerfutures,dc=com??one?(uid=$1">ldap://ou=People,dc=kufnerfutures,dc=com??one?(uid=$1</a>)
# The base of your directory in database #1
suffix "dc=kufnerfutures,dc=com"
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# Indexing options for database #1
#index objectClass eq
index objectClass,uid,gidNumber eq
index cn,mail,surname,givenName eq,subinitial
index default eq
#index objectClass eq
index phpgwContactOwner pres,eq,sub
index uidNumber pres,eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword
by dn="cn=admin,dc=kufnerfutures,dc=com" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=kufnerfutures,dc=com" write
by * read
--
kufner futures ges.m.b.h.
fn 243798 b HG Wien
Linke Wienzeile 178/3/142
A-1060 Wien / Europe
Tel +43 1 4854200 Fax +43 1 4854200 30
<a class="moz-txt-link-freetext" \
href="mailto:office@kufnerfutures.com">mailto:office@kufnerfutures.com</a> <a \
class="moz-txt-link-freetext" \
href="http://www.kufnerfutures.com">http://www.kufnerfutures.com</a>
</pre>
</blockquote>
<pre wrap=""><!---->
--
kufner futures ges.m.b.h.
fn 243798 b HG Wien
Linke Wienzeile 178/3/142
A-1060 Wien / Europe
Tel +43 1 4854200 Fax +43 1 4854200 30
<a class="moz-txt-link-freetext" \
href="mailto:office@kufnerfutures.com">mailto:office@kufnerfutures.com</a> <a \
class="moz-txt-link-freetext" \
href="http://www.kufnerfutures.com">http://www.kufnerfutures.com</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
kufner futures ges.m.b.h.
fn 243798 b HG Wien
Linke Wienzeile 178/3/142
A-1060 Wien / Europe
Tel +43 1 4854200 Fax +43 1 4854200 30
<a class="moz-txt-link-freetext" \
href="mailto:office@kufnerfutures.com">mailto:office@kufnerfutures.com</a> <a \
class="moz-txt-link-freetext" \
href="http://www.kufnerfutures.com">http://www.kufnerfutures.com</a>
Kurs: Selbstverteidigung und Zivilcourage
Einsatzkräfte brauchen in Österreich 8-10 Minuten um an Ort und Stelle zu \
sein.
Im Kurs wird vermittelt wie ich in diesen 8-10 Minuten
* gefährliche Situationen deeskalieren kann,
* mich und Andere vor 90% der Gewaltkriminalität schützen kann,
* andere Personen aus Gefahren bergen kann,
und dabei nicht mit dem Gesetz in Konflikt komme.
Zusätzlich lernen Frauen in einer eigenen Übungs-Einheit, wie sie sich vor \
Vergewaltigung schützen können.
<a class="moz-txt-link-freetext" \
href="http://www.kufnerfutures.com/ihl">http://www.kufnerfutures.com/ihl</a>
</pre>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic