[BSD] ldap auth problem

2014. Dec. 7., V, 14:53:07 CET

- root = user0 - átírtam a userneveket, ezt elnéztem. - NINCS köze a rendszer root-hoz :)
- Password ellenőrzés - ha jól sejtem - a BIND-el történik
---  1. fázis (Search): van-é ilyen user; 2. fázis: Jó é a passwordje (BIND)
- a harmadik php-ből az apache-csal már autentikált user program általi ellenőrzése a következő session elején
- cn és uid azonos tartalmú, eredetileg uid volt az apache auth-nál is, kínomban próbálkoztam a cn-nel.
Mindenesetre csatolom a javított usernévvel
Üdv,
Gazsi

2014.12.07. 14:09 keltezéssel, Gabor HALASZ írta:
> Elég fura. A userA-ból miért lesz root? Honnan lesz hozzá passwordje? A harmadik az ldapsearch kézzel? Ez esetben miért uid és nem cn a filter?
>
>
> --
> Magyar BSD Levelezőlista
>
11:59:39 server slapd[474]: conn=47996 fd=33 ACCEPT from IP=127.0.0.1:48767 (IP=0.0.0.0:389)
11:59:39 server slapd[474]: conn=47996 op=0 BIND dn="cn=searchUser,ou=mgmt,o=ceg" method=128
11:59:39 server slapd[474]: conn=47996 op=0 BIND dn="cn=searchUser,ou=mgmt,o=ceg" mech=SIMPLE ssf=0
11:59:39 server slapd[474]: conn=47996 op=0 RESULT tag=97 err=0 text=
11:59:39 server slapd[474]: conn=47996 op=1 SRCH base="ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" scope=2 deref=3 filter="(&(objectClass=*)(cn=user0))"
11:59:39 server slapd[474]: conn=47996 op=1 SRCH attr=cn
11:59:39 server slapd[474]: conn=47996 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
11:59:39 server slapd[474]: conn=47996 op=2 BIND anonymous mech=implicit ssf=0
11:59:39 server slapd[474]: conn=47996 op=2 BIND dn="uid=user0,ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" method=128
11:59:39 server slapd[474]: conn=47996 op=2 BIND dn="uid=user0,ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" mech=SIMPLE ssf=0
11:59:39 server slapd[474]: conn=47996 op=2 RESULT tag=97 err=0 text=
12:09:09 server slapd[474]: conn=47996 op=3 SRCH base="ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" scope=2 deref=3 filter="(&(objectClass=*)(cn=userA))"
12:09:09 server slapd[474]: conn=47996 op=3 SRCH attr=cn
12:09:09 server slapd[474]: conn=47996 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
12:09:51 server slapd[474]: conn=47996 op=4 SRCH base="ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" scope=2 deref=3 filter="(&(objectClass=*)(cn=userB))"
12:09:51 server slapd[474]: conn=47996 op=4 SRCH attr=cn
12:09:51 server slapd[474]: conn=47996 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
12:10:15 server slapd[474]: conn=47996 op=5 SRCH base="ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" scope=2 deref=3 filter="(&(objectClass=*)(cn=userB))"
12:10:15 server slapd[474]: conn=47996 op=5 SRCH attr=cn
12:10:15 server slapd[474]: conn=47996 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
12:10:20 server slapd[474]: conn=47996 op=6 SRCH base="ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" scope=2 deref=3 filter="(&(objectClass=*)(cn=userB))"
12:10:20 server slapd[474]: conn=47996 op=6 SRCH attr=cn
12:10:20 server slapd[474]: conn=47996 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text=
12:10:25 server slapd[474]: conn=47996 op=7 SRCH base="ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" scope=2 deref=3 filter="(&(objectClass=*)(cn=userB))"
12:10:25 server slapd[474]: conn=47996 op=7 SRCH attr=cn
12:10:25 server slapd[474]: conn=47996 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
user at server:/var/log #
user at server:/var/log #
user at server:/var/log #
user at server:/var/log # cat debug.log | grep 47991
11:58:57 server slapd[474]: conn=47991 fd=26 ACCEPT from IP=127.0.0.1:48766 (IP=0.0.0.0:389)
11:58:57 server slapd[474]: conn=47991 op=0 BIND dn="cn=searchUser,ou=mgmt,o=ceg" method=128
11:58:57 server slapd[474]: conn=47991 op=0 BIND dn="cn=searchUser,ou=mgmt,o=ceg" mech=SIMPLE ssf=0
11:58:57 server slapd[474]: conn=47991 op=0 RESULT tag=97 err=0 text=
11:58:57 server slapd[474]: conn=47991 op=1 SRCH base="ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" scope=2 deref=3 filter="(&(objectClass=*)(cn=userB))"
11:58:57 server slapd[474]: conn=47991 op=1 SRCH attr=cn
11:58:57 server slapd[474]: conn=47991 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
11:58:57 server slapd[474]: conn=47991 op=2 BIND anonymous mech=implicit ssf=0
11:58:57 server slapd[474]: conn=47991 op=2 BIND dn="uid=userB,ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" method=128
11:58:57 server slapd[474]: conn=47991 op=2 BIND dn="uid=userB,ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" mech=SIMPLE ssf=0
11:58:57 server slapd[474]: conn=47991 op=2 RESULT tag=97 err=0 text=
12:09:25 server slapd[474]: conn=47991 op=3 SRCH base="ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" scope=2 deref=3 filter="(&(objectClass=*)(cn=userC))"
12:09:25 server slapd[474]: conn=47991 op=3 SRCH attr=cn
12:09:25 server slapd[474]: conn=47991 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
12:10:33 server slapd[474]: conn=47991 op=4 SRCH base="ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" scope=2 deref=3 filter="(&(objectClass=*)(cn=userB))"
12:10:33 server slapd[474]: conn=47991 op=4 SRCH attr=cn
12:10:33 server slapd[474]: conn=47991 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
12:10:33 server slapd[474]: conn=47991 op=5 BIND anonymous mech=implicit ssf=0
12:10:33 server slapd[474]: conn=47991 op=5 BIND dn="uid=userB,ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" method=128
12:10:33 server slapd[474]: conn=47991 op=5 BIND dn="uid=userB,ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" mech=SIMPLE ssf=0
12:10:33 server slapd[474]: conn=47991 op=5 RESULT tag=97 err=0 text=
12:10:44 server slapd[474]: conn=47991 op=6 SRCH base="ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" scope=2 deref=3 filter="(&(objectClass=*)(cn=userA))"
12:10:44 server slapd[474]: conn=47991 op=6 SRCH attr=cn
12:10:44 server slapd[474]: conn=47991 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text=
12:11:58 server slapd[474]: conn=47991 op=7 SRCH base="ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" scope=2 deref=3 filter="(&(objectClass=*)(?cn=))"
12:11:58 server slapd[474]: conn=47991 op=7 SRCH attr=cn
12:11:58 server slapd[474]: conn=47991 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
user at server:/var/log #
user at server:/var/log #
user at server:/var/log #
user at server:/var/log # cat debug.log | grep 48096
12:10:33 server slapd[474]: conn=48096 fd=52 ACCEPT from PATH=/var/run/openldap/ldapi (PATH=/var/run/openldap/ldapi)
12:10:33 server slapd[474]: conn=48096 op=0 BIND dn="cn=searchUser,ou=mgmt,o=ceg" method=128
12:10:33 server slapd[474]: conn=48096 op=0 BIND dn="cn=searchUser,ou=mgmt,o=ceg" mech=SIMPLE ssf=0
12:10:33 server slapd[474]: conn=48096 op=0 RESULT tag=97 err=0 text=
12:10:33 server slapd[474]: conn=48096 op=1 SRCH base="ou=web,dc=domain,dc=server,ou=mgmt,o=ceg" scope=2 deref=0 filter="(uid=userB)"
12:10:33 server slapd[474]: conn=48096 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
12:10:33 server slapd[474]: conn=48096 op=2 UNBIND
12:10:33 server slapd[474]: conn=48096 fd=52 closed