problem s LDAP

miroslav.ludvik na centrum.cz miroslav.ludvik na centrum.cz
Úterý Červen 25 21:54:15 CEST 2002 

Ahoj vsem,
potrebuju rozbehnout autentikaci Apache proti LDAP.
Zatim jem udelal nasledujici:
1) nainstaloval jsem slapd a ldap util
2) Vytvoril jsem pomoci ldapadd nejake uzivatele (ASI bez hesla)
3) do httpd.con jsem pridal
<Location /test>
        AuthType Basic
        AuthName "Enter username and password"
#       AuthLDAPURL ldap://snezka.luisoft.cz:389
#       AuthUserFile /etc/apache/users
require valid-user
</Location>

4) uzivatele jsem vytvoril takto
ldapadd -xv -D "cn=Manager,o=rdm,c=cz" -W -f /home/ludvikm/pokus 

5) Nedari se mi zmenit heslo uzivatele 
zkousel jsem ldappasswd -xvW -D "cn=LJ,o=luisoft,c=cz" 
samozrejme se me zeptal na heslo a ja mu napsal "secret" (je to v 
konfiguraku a na vytvareni uzivatele to fungovalo. Na heslo 
secret odvetil "Invalid Credentials" a kdyz jsem misto secret 
stisknul pouze enter v domeni, ze uzivatel ma po vytvoreni 
prazdne heslo napsal mi 
"ldap_initialize( <DEFAULT> )
Result: Strong authentication required (8)
Additional info: only authenicated users may change passwords"

6) A kdyz zkusim napsat lynx snezka/test mi vraci chybu 401, ze 
nejsem autorizovan. 

Muzete prosim nekdo poradit
a) jak menit uzivateli heslo
b) co presne napsat do httpd.conf aby vzdy toho uzivatrlr nasel
c) co mam psat do toho username cn=username,o=firma,c=CZ nebo 
jenom to cn nebo sn.

PS: Dulezite soubory prikladam

Vsem dekuji Mirek Ludvik

--------------------
Žena v centru pozornosti na http://zena.centrum.cz 



------------- další část ---------------
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE	dc=example, dc=com
#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT	12
#TIMELIMIT	15
#DEREF		never
HOST	127.0.0.1
BASE	o=luisoft,c=cz
------------- další část ---------------
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/etc/ldap/schema/core.schema
include		/etc/ldap/schema/cosine.schema
include		/etc/ldap/schema/inetorgperson.schema
include		/etc/ldap/schema/nis.schema
#include		/etc/ldap/schema/redhat/rfc822-MailMember.schema
#include		/etc/ldap/schema/redhat/autofs.schema
#include		/etc/ldap/schema/redhat/kerberosobject.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile	//var/run/slapd.pid
argsfile	//var/run/slapd.args

# Create a replication log in /var/lib/ldap for use by slurpd.
replogfile	/var/lib/ldap/master-slapd.replog

# Load dynamic backend modules:
# modulepath	/usr/sbin/openldap
# moduleload	back_ldap.la
# moduleload	back_ldbm.la
# moduleload	back_passwd.la
# moduleload	back_shell.la

#
# The next two lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
#
# Sample Access Control
#	Allow read access of root DSE
#	Allow self write access
#	Allow authenticated users read access
#	Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default is:
#	Allow read by all
#
# rootdn can always write!

#######################################################################
# ldbm database definitions
#######################################################################

database	ldbm
suffix		"o=luisoft,c=cz"
rootdn		"cn=Manager,o=luisoft,c=cz"
#rootdn		"cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		secret
# rootpw		{crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory	/var/lib/ldap
# Indices to maintain
index	objectClass,uid,uidNumber,gidNumber,memberUid	eq
index	cn,mail,surname,givenname			eq,subinitial
# Replicas to which we should propagate changes
#replica host=ldap-1.example.com:389 tls=yes
#	bindmethod=sasl saslmech=GSSAPI
#	authcId=host/ldap-master.example.com na EXAMPLE.COM

------------- další část ---------------
dn: o=luisoft,c=cz
objectClass: dcObject
objectClass: organization
o:  Luisoft, CZ

dn: cn=Miroslav_Ludvik,o=luisoft,c=cz
objectClass: person
cn: Mirek Ludvik
sn: Ludvik

Další informace o konferenci Linux