On 04/15/2010 04:42 PM, Dan White wrote: > On 15/04/10 15:33 +0200, Giovanni Malfarà wrote: >> In slapd (slapd -d -1) debug messages I get: >> >> SASL [conn=7] Debug: DIGEST-MD5 server step 2 >> slap_sasl_getdn: u:id converted to >> uid=test@xxxxxxxxxxxx,cn=DIGEST-MD5,cn=auth >>>>> dnNormalize: <uid=test@xxxxxxxxxxxx,cn=DIGEST-MD5,cn=auth> >> <<< dnNormalize: <uid=test@xxxxxxxxxxxx,cn=digest-md5,cn=auth> >> ==>slap_sasl2dn: converting SASL name >> uid=test@xxxxxxxxxxxx,cn=digest-md5,cn=auth to a DN >> slap_authz_regexp: converting SASL name >> uid=test@xxxxxxxxxxxx,cn=digest-md5,cn=auth >> <==slap_sasl2dn: Converted SASL name to <nothing> >> SASL [conn=7] Failure: no secret in database > > I have a similar configuration to your's except that I use the > authz-regexp > and authz-policy statements instead of what you have. I'm using version > 2.4.15: > > authz-regexp > "uid=([^,]+),cn=([^,]+),cn=auth" > > ldap:///ou=people,dc=example,dc=net??one?(&(btcAltUid=$1)(!(btcAccountStatus=suspended))) > > > authz-policy to > > (btcAltUID and btcAccountStatus are non-standard attributes) > > This looks alarming: > > access to * attrs=userPassword by self write by * write > > I have (slightly modified): > > access to > attrs=userPassword,shadowLastChange,sambaPwdLastSet,sambaLMPassword,sambaNTPassword,krb5KeyVersionNumber,krb5Key > > by anonymous auth > by self write > by * none > Nothing happens using authz-regexp and auth-policy and modifying the access rule. What else can I check? Thank you! -- Giovanni Malfarà Per favore non mandatemi allegati in Word o PowerPoint. Si veda http://www.gnu.org/philosophy/no-word-attachments.it.html "Ciò che conta in guerra non sono gli uomini, è l'uomo cioè il soldato che sa battersi fino in fondo, difendendo un pezzo di terra o, contro ogni logica, un brandello di idea". (Napoleone Bonaparte).
begin:vcard fn;quoted-printable:Giovanni Malfar=C3=A0 n;quoted-printable:Malfar=C3=A0;Giovanni email;internet:giovanni.malfara@xxxxxxxxx x-mozilla-html:FALSE version:2.1 end:vcard
