authentication problems

Jason Cross (jcross01@eng.eds.com)
Mon, 12 Dec 1994 12:43:41 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Anake sirinantavit: "unsubscribe"
Previous message: Jason Cross: "authentication problems"

I'm having a problem with an LDAP client application I'm writing,
and at this point I'm not too sure if it's a quipu problem or an
LDAP problem.

It appears that, when I use 'ldap_simple_bind_s' in the client
application and attempt to bind as a specific user, I'm still
considered to be an anonymous user and cannot access the 'homePhone'
attribute, although I should have read access to the 'homePhone'
attribute according to the ACL.

I have the following ACL set-up for entries in the directory.
In essence I want everyone to be able to read all entries except
'userPassword' and 'homePhone'. When I use dish and authenticate
as anonymous, I can't read 'userPassword' or 'homePhone'. When
I use dish and authenticate with the proper password as 'Admin'
or the user, I can read 'homePhone', as dictated by the ACL.

acl= group # c=US@o=Acme@cn=Admin # write # entry &\
group # c=US@o=Acme@cn=Admin # write # attributes # userPassword &\
group # c=US@o=Acme@cn=Admin # write # attributes # homePhone &\
group # c=US@o=Acme@cn=Admin # read # attributes # homePhone &\
self # write # entry &\
self # write # default &\
self # write # attributes # userPassword &\
self # write # attributes # homePhone &\
self # read # attributes # homePhone &\
others # read # entry &\
others # read # default &\
others # compare # attributes # userPassword &\
others # none # attributes # homePhone

However in the LDAP client application when I authenticate as the 'Admin'
or the user, I *cannot* read the 'homePhone' attribute.

The following is from quipulog showing the login:

12/10 11:59:24 xtquipu- 09524 (root ) X500 DAP context association (4):
Internet=131.175.179.40+34910
12/10 11:59:24 xtquipu- 09524 (root ) Bind (4) (simple):
c=US@o=Acme@cn=Admin
12/10 11:59:25 xtquipu- 09524 (root ) Search (4): c=US@o=Acme
12/10 11:59:25 xtquipu- 09524 (root ) Search subtree (sn=smith)
12/10 11:59:25 xtquipu- 09524 (root ) Result sent (4)
12/10 11:59:25 xtquipu- 09524 (root ) Unbind (4) (responder):
c=US@o=Acme@cn=Admin

I have noticed when I change the ACL for others:

FROM: others # none # attributes # homePhone
TO: others # read # attributes # homePhone

I can read the 'homePhone' attribute via the application. Any help will
be appreciated. thanks.

Next message: Anake sirinantavit: "unsubscribe"
Previous message: Jason Cross: "authentication problems"