OpenLDAP Commands Over TLS/SSL Behaves Differently?
Endless fun with OpenLDAP...
Two related problems, if anybody can help me out it would save me from the headache this is giving me, conf files at the bottom of the post. Cheers, Rob. a) Does ldappasswd behave differently over a TLS connection than a non-TLS connection? The reason I ask is that when I had a non-TLS connection, I could do the following: Given I have an administrator setup in slapd.conf, the following command would work: ldapsearch -x -D "cn=admin,dc=intbus,dc=net" -W -s sub "objectclass=*" Given I have a user: Code:
dn: uid=testuser,ou=Users,dc=intbus,dc=net ldappasswd -x -D "cn=admin,dc=intbus,dc=net" -W -S "uid=testuser,ou=Users,dc=intbus,dc=net" Followed by: ldapsearch -x -D "uid=testuser,ou=Users,dc=intbus,dc=net" -W -s sub "objectclass=*" And this would work. However, since I switched to TLS/SSL, I go through the same motions, and I now get Invalid Credentials. Using -d255 shows the last parts of the debug as: Code:
ldap_parse_result ldapsearch -x -D "cn=admin,dc=intbus,dc=net" -W -s sub "objectclass=*" I'm wondering if the password in the slapd.conf is resolved correctly, but the passwords I enter using ldappasswd are being stored in a different format, so the request cannot match them up.... The other possibility is my ACLs are getting in the way somehow.... ???? --- b) I assumed that by setting the server/client TLS options to 'demand' enforced use of TLS connections. By this assumption, I thought the below two commands would be the same: ldapsearch -x -D "cn=admin,dc=intbus,dc=net" -W -s sub "objectclass=*" ldapsearch -x -D "cn=admin,dc=intbus,dc=net" -W -s sub "objectclass=*" -ZZ However, the first one works fine, the second throws the usual SSL error: Code:
ldap_start_tls: Connect error (-11) --- .conf files /etc/openldap/slapd.conf Code:
include /etc/openldap/schema/core.schema Code:
URI ldap://intbus.net/ Code:
base dc=intbus,dc=net |
Okay,
After trial and error, found the answer to problem a) The issue was with the ACL: Code:
access to attrs=userPassword,sambaLMPassword,sambaNTPassword Code:
access to attrs=userPassword,sambaLMPassword,sambaNTPassword Now I just need to figure out whether or not the system really is using TLS or not.... Rob. |
All times are GMT -5. The time now is 05:09 AM. |