Re: [gentoo-user] openldap: taking too much of time to authenticate

Mon, 28 Aug 2006 03:53:17 -0700

Marc,
              I tried it also, but no luck this time also. Also i want to show you my /var/log/syslog also, which may be useful to rectify my problem :-


Aug 28 16:18:01 bijayant slapd[8302]: conn=145 fd=16 ACCEPT from IP=127.0.0.1:49850 (IP=0.0.0.0:389)
Aug 28 16:18:01 bijayant slapd[8302]: conn=145 op=0 BIND dn="cn=Manager,dc=kavach,dc=blr" method=128
Aug 28 16:18:01 bijayant slapd[8302]: conn=145 op=0 RESULT tag=97 err=49 text=
Aug 28 16:18:01 bijayant slapd[8302]: conn=146 fd=17 ACCEPT from IP=127.0.0.1:49851 (IP=0.0.0.0:389)
Aug 28 16:18:01 bijayant slapd[8302]: conn=145 op=1 UNBIND
Aug 28 16:18:01 bijayant slapd[8302]: conn=145 fd=16 closed
Aug 28 16:18:01 bijayant slapd[8302]: conn=146 op=0 BIND dn="cn=Manager,dc=kavach,dc=blr" method=128
Aug 28 16:18:01 bijayant slapd[8302]: conn=146 op=0 RESULT tag=97 err=49 text=
Aug 28 16:18:01 bijayant slapd[8302]: conn=147 fd=16 ACCEPT from IP=127.0.0.1:49852 (IP=0.0.0.0:389)
Aug 28 16:18:01 bijayant slapd[8302]: conn=146 op=1 UNBIND
Aug 28 16:18:01 bijayant slapd[8302]: conn=146 fd=17 closed
Aug 28 16:18:01 bijayant slapd[8302]: conn=147 op=0 BIND dn="cn=Manager,dc=kavach,dc=blr" method=128
Aug 28 16:18:01 bijayant slapd[8302]: conn=147 op=0 RESULT tag=97 err=49 text=
Aug 28 16:18:01 bijayant slapd[8302]: conn=147 op=1 UNBIND
Aug 28 16:18:01 bijayant slapd[8302]: conn=147 fd=16 closed
Aug 28 16:18:05 bijayant slapd[8302]: conn=148 fd=16 ACCEPT from IP=127.0.0.1:49853 (IP=0.0.0.0:389)
Aug 28 16:18:05 bijayant slapd[8302]: conn=148 op=0 BIND dn="cn=Manager,dc=kavach,dc=blr" method=128
Aug 28 16:18:05 bijayant slapd[8302]: conn=148 op=0 RESULT tag=97 err=49 text=
Aug 28 16:18:05 bijayant slapd[8302]: conn=149 fd=17 ACCEPT from IP=127.0.0.1:49854 (IP=0.0.0.0:389)
Aug 28 16:18:05 bijayant slapd[8302]: conn=148 op=1 UNBIND
Aug 28 16:18:05 bijayant slapd[8302]: conn=148 fd=16 closed


Marc Blumentritt <[EMAIL PROTECTED]> wrote:
15-20 seconds is to long. I only authentificate ldap-users via
Samba-login with windows machines, and this works fast without any delay.

For the authentification issue: if your user is in the local user data
base, it is authentificated against it (depending on your nsswitch and
pam settings), if he is in ldap, he is authentificated against ldap. You
should't have users in both, local and ldap.

I looked again at your access rules in slapd.conf: try out these rules:


-----

access to attrs=userPassword,gecos,description,loginShell
by dn="uid=root,ou=people,dc=kavach,dc=blr" write
by anonymous auth
by self write
by * none

access to *
by dn="uid=root,ou=people,dc=kavach,dc=blr" write
by users read

-----

The first rule allows root to and self to change the attributes
"userPassword,gecos,description,loginShell", anonymous to authentificate
(=login!) and * nothing.

The second rule allows root to change all other attributes and
authentificated users to read all other attributes.

Regards,
Marc
--
gentoo-user@gentoo.org mailing list


Send instant messages to your online friends http://uk.messenger.yahoo.com

Send instant messages to your online friends http://uk.messenger.yahoo.com

Reply via email to