Hi!
I'mm using openldap 2.0.7 and pam_ldap-98 on a RedHat 7.
Strange problem when you compare scenarios 1 and 2:
[Scenario 1]
slapd.conf (acl part)
--- + ---
access to attrs=userPassword
by self write
by dn=uid=manager,dc=auth write
by * compare
access to *
by * read
--- + ---
Auth process
------------
user crypt (whith crypt password)
OK
user md5 (with md5 password)
pam_ldap: error trying to bind as user "uid=md5, dc=auth" (Invalid
credentials)
[Scenario 2]
slapd.conf (acl part)
--- + ---
access to attrs=userPassword
by self write
by dn=uid=manager,dc=auth write
by * read
access to *
by * read
--- + ---
(the previous is equivalent to "access to * by * read")
Auth process
------------
user crypt (whith crypt password)
OK
user md5 (with md5 password)
OK
Note that the above called "Auth Process" was done with several
applicationss using pam.d files included with pam_ldap-98.
So what happens? Why does it work with 'crypt password' and does
not work with 'md5 passwd' in scenario 1 and both work in scenario 2?
Does anyone have a similar problem? How can an ACL on slapd.conf
cause such behavior?! It does not make any sense...
How exactly is done the password verification?!
Is this a problem from pam_ldap or openssl?
Regards,
--
Paulo Matos
----------------------------------- ----------------------------------
|Sys & Net Admin | Serviço de Informática |
|Faculdade de Ciências e Tecnologia | Tel: +351-21-2941346 |
|Universidade Nova de Lisboa | Fax: +351-21-2948548 |
|P-2825-114 Caparica | e-Mail: pjsm@fct.unl.pt |
----------------------------------- ----------------------------------
