Hello Rich,
the OS is Fedora 9 (64) with all of the recent updates
rpm -qa | grep fedora-ds
fedora-ds-1.1.2-1.fc9.x86_64
fedora-ds-dsgw-1.1.1-1.fc9.x86_64
fedora-ds-admin-1.1.6-1.fc9.x86_64
fedora-ds-admin-console-1.1.2-1.fc9.noarch
fedora-ds-console-1.1.2-2.fc9.noarch
fedora-ds-base-1.1.3-2.fc9.x86_64
Parts of the log files for DSGW authorisation
/var/log/dirsrv/admin-serv/access
- [17/Nov/2008:23:43:45 +0300] "POST /dsgwcmd/dosearch HTTP/1.1" 200
4088
- [17/Nov/2008:23:43:46 +0300]
"GET /dsgwcmd/lang?context=dsgw&file=style.css HTTP/1.1" 302 231
- [17/Nov/2008:23:43:55 +0300] "POST /dsgwcmd/doauth HTTP/1.1" 200 1402
/var/log/dirsrv/admin-serv/error
(here is the strange point, the marked port in this log is 443, but in
reality it is 9830. I have stop apache and close 443 port at all, but in
the log file it is still 443; address and ip here is the same computer
which is localhost for all of the operations)
[Mon Nov 17 23:43:45 2008] [info] Connection to child 12 established
(server
www...:443, client 213.131....)
[Mon Nov 17 23:43:45 2008] [info] Initial (No.1) HTTPS request received
for child 12 (server
www...:443)
[Mon Nov 17 23:43:46 2008] [info] Connection to child 12 closed (server
www-hep.sinp.msu.ru:443, client 213.131...)
[Mon Nov 17 23:43:46 2008] [info] Connection to child 11 established
(server
www...:443, client 213.131....)
[Mon Nov 17 23:43:46 2008] [info] Initial (No.1) HTTPS request received
for child 11 (server
www...:443)
[Mon Nov 17 23:43:46 2008] [info] Connection to child 11 closed (server
www-hep.sinp.msu.ru:443, client 213.131....)
/var/log/dirsrv/slapd-hep/access
[17/Nov/2008:23:43:45 +0300] conn=140 SSL 128-bit RC4
[17/Nov/2008:23:43:45 +0300] conn=140 op=0 BIND dn="" method=128
version=3
[17/Nov/2008:23:43:45 +0300] conn=140 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn=""
[17/Nov/2008:23:43:45 +0300] conn=140 op=1 SRCH base="dc=sinp, dc=msu,
dc=ru" scope=2
filter="(&(objectClass=person)(|(cn=dudko)(sn=dudko)(uid=dudko)))"
attrs="objectClass title"
[17/Nov/2008:23:43:46 +0300] conn=140 op=1 ENTRY
dn="uid=dudko,ou=People, dc=sinp, dc=msu, dc=ru"
[17/Nov/2008:23:43:46 +0300] conn=140 op=1 RESULT err=0 tag=101
nentries=1 etime=1
[17/Nov/2008:23:43:46 +0300] conn=140 op=2 UNBIND
[17/Nov/2008:23:43:46 +0300] conn=140 op=2 fd=70 closed - U1
[17/Nov/2008:23:43:55 +0300] conn=141 fd=70 slot=70 SSL connection from
127.0.0.1 to 127.0.0.1
[17/Nov/2008:23:43:55 +0300] conn=141 SSL 128-bit RC4
[17/Nov/2008:23:43:55 +0300] conn=141 op=0 BIND dn="" method=128
version=3
[17/Nov/2008:23:43:55 +0300] conn=141 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn=""
[17/Nov/2008:23:43:55 +0300] conn=141 op=1 BIND dn="uid=dudko,ou=People,
dc=sinp, dc=msu, dc=ru" method=128 version=3
[17/Nov/2008:23:43:55 +0300] conn=Internal op=-1 SRCH
base="uid=dudko,ou=people,dc=sinp,dc=msu,dc=ru" scope=0
filter="(|(objectclass=*)(objectclass=ldapsubentry))" attrs=ALL
[17/Nov/2008:23:43:55 +0300] conn=Internal op=-1 ENTRY
dn="uid=dudko,ou=People, dc=sinp, dc=msu, dc=ru"
[17/Nov/2008:23:43:55 +0300] conn=Internal op=-1 RESULT err=0 tag=48
nentries=1 etime=0
[17/Nov/2008:23:43:55 +0300] conn=Internal op=-1 MOD
dn="uid=dudko,ou=people,dc=sinp,dc=msu,dc=ru"
[17/Nov/2008:23:43:55 +0300] conn=Internal op=-1 RESULT err=0 tag=48
nentries=0 etime=0
[17/Nov/2008:23:43:55 +0300] conn=141 op=1 RESULT err=49 tag=97
nentries=0 etime=0
[17/Nov/2008:23:43:55 +0300] conn=141 op=-1 fd=70 closed - B1
[17/Nov/2008:23:45:16 +0300] conn=124 op=7 SRCH
base="dc=sinp,dc=msu,dc=ru" scope=2
filter="(&(objectClass=posixAccount)(uid=dudko))" attrs="uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass"
[17/Nov/2008:23:45:18 +0300] conn=124 op=7 ENTRY
dn="uid=dudko,ou=People, dc=sinp, dc=msu, dc=ru"
[17/Nov/2008:23:45:18 +0300] conn=124 op=7 RESULT err=0 tag=101
nentries=1 etime=2
/var/log/dirsrv/slapd-hep/error
[17/Nov/2008:23:43:45 +0300] NSACLPlugin - #### conn=140 op=1 binddn=""
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Searching AVL tree for
update:uid=dudko,ou=people,dc=sinp,dc=msu,dc=ru: container:-1
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Searching AVL tree for
update:ou=people,dc=sinp,dc=msu,dc=ru: container:2
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ************ RESOURCE INFO STARTS
*********
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Client DN:
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - resource type:256(search target_DN )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:
uid=dudko,ou=people,dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ATTR: objectClass
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - rights:search
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ************ RESOURCE INFO ENDS
*********
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Using ACL Cointainer:0 for evaluation
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Using ACL Cointainer:1 for evaluation
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Enable anonymous
access"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:2 ACL_ELEVEL:0
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read target_attr
acltxt target_attr_not allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(userdn )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Directory
Administrators Group"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:4 ACL_ELEVEL:6
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(groupdn ip )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Configuration
Administrators Group"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:5 ACL_ELEVEL:6
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(groupdn ip )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Configuration
Administrator"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:6 ACL_ELEVEL:2
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(userdn ip )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "SIE
Group"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:7 ACL_ELEVEL:6
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(groupdn )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Num of ALLOW Handles:5, DENY handles:0
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Processed attr:objectClass for
entry:uid=dudko,ou=people,dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - 1. Evaluating ALLOW aci(2) " "Enable
anonymous access""
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - conn=140 op=1 (main): Allow search on
entry(uid=dudko,ou=people,dc=sinp,dc=msu,dc=ru).attr(objectCl
ass) to anonymous: allowed by aci(2): aciname= "Enable anonymous access",
acidn="dc=sinp,dc=msu,dc=ru"
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Using ACL Cointainer:0 for evaluation
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Using ACL Cointainer:1 for evaluation
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Enable anonymous
access"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:2 ACL_ELEVEL:0
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read target_attr
acltxt target_attr_not allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(userdn )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Directory
Administrators Group"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:4 ACL_ELEVEL:6
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(groupdn ip )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Configuration
Administrators Group"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:5 ACL_ELEVEL:6
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(groupdn ip )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Configuration
Administrator"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:6 ACL_ELEVEL:2
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(userdn ip )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "SIE
Group"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:7 ACL_ELEVEL:6
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(groupdn )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Num of ALLOW Handles:5, DENY handles:0
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Processed attr:cn for
entry:uid=dudko,ou=people,dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - 1. Evaluating ALLOW aci(2) " "Enable
anonymous access""
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Found SEARCH ALLOW in cache
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - conn=140 op=1 (main): Allow search on
entry(uid=dudko,ou=people,dc=sinp,dc=msu,dc=ru).attr(cn) to a
nonymous: cached allow by aci(2)
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Using ACL Cointainer:0 for evaluation
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Using ACL Cointainer:1 for evaluation
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Enable anonymous
access"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:2 ACL_ELEVEL:0
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read target_attr
acltxt target_attr_not allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(userdn )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Directory
Administrators Group"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:4 ACL_ELEVEL:6
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(groupdn ip )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Configuration
Administrators Group"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:5 ACL_ELEVEL:6
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(groupdn ip )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Configuration
Administrator"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:6 ACL_ELEVEL:2
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(userdn ip )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "SIE
Group"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:7 ACL_ELEVEL:6
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(groupdn )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Num of ALLOW Handles:5, DENY handles:0
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Processed attr:sn;lang-ru for
entry:uid=dudko,ou=people,dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - 1. Evaluating ALLOW aci(2) " "Enable
anonymous access""
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - conn=140 op=1 (main): Allow read on
entry(uid=dudko,ou=people,dc=sinp,dc=msu,dc=ru).attr(sn;lang-ru
) to anonymous: allowed by aci(2): aciname= "Enable anonymous access",
acidn="dc=sinp,dc=msu,dc=ru"
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Using ACL Cointainer:0 for evaluation
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Using ACL Cointainer:1 for evaluation
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Enable anonymous
access"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:2 ACL_ELEVEL:0
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read target_attr
acltxt target_attr_not allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(userdn )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Directory
Administrators Group"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:4 ACL_ELEVEL:6
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(groupdn ip )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Configuration
Administrators Group"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:5 ACL_ELEVEL:6
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(groupdn ip )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "Configuration
Administrator"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:6 ACL_ELEVEL:2
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(userdn ip )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***BEGIN ACL INFO[ Name: "SIE
Group"]***
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACL Index:7 ACL_ELEVEL:6
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI type:(compare search read write delete add
self target_attr acltxt allow_rule )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ACI RULE type:(groupdn )
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Slapi_Entry DN:dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - ***END ACL INFO*****************************
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Num of ALLOW Handles:5, DENY handles:0
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Processed attr:objectClass for
entry:uid=dudko,ou=people,dc=sinp,dc=msu,dc=ru
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - 1. Evaluating ALLOW aci(2) " "Enable
anonymous access""
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - Found READ ALLOW in cache
[17/Nov/2008:23:43:46 +0300] NSACLPlugin - conn=140 op=1 (main): Allow read on
entry(uid=dudko,ou=people,dc=sinp,dc=msu,dc=ru).attr(objectClas
s) to anonymous: cached allow by aci(2)
Just in case, the list of the configuration directories:
/etc/dirsrv/admin-serv/
-rw-r--r-- 1 root root 3984 19:02 admserv.conf
-rw------- 1 nobody root 16384 23:22 secmod.db
-r-------- 1 nobody nobody 50 23:27 password.conf
-r-------- 1 nobody nobody 4581 23:27 nss.conf
-rw-r--r-- 1 root root 27061 03:39 httpd.conf
-rw------- 1 root root 394016 04:52 console.conf
-rw------- 1 nobody root 40 04:56 admpw
-rw------- 1 nobody root 532 05:32 adm.conf
-rw------- 1 nobody root 16384 23:39 key3.db
-rw------- 1 nobody root 65536 23:39 cert8.db
-rw------- 1 nobody root 10259 00:04 local.conf
/etc/dirsrv/dsgw/
-r-------- 1 nobody root 7939 Nov 16 22:16 pb.conf
-r-------- 1 nobody root 9734 Nov 16 22:16 orgchart.conf
-r-------- 1 nobody root 8875 Nov 16 22:16 default.conf
-rw------- 1 nobody root 8867 Nov 16 23:41 dsgw.conf
-rw-r--r-- 1 root root 3192 Nov 16 23:42 dsgw-httpd.conf
One more strange point which is not connected with the main problem. In
the /etc/dirsrv/admin-serv/local.conf
I use only addresses access filter, not hosts. The last one is blank
(looks like * does not work)
configuration.nsAdminAccessAddresses: (127.0.0.1|.....)
configuration.nsAdminAccessHosts:
But with restart of admin server the directive configuration.nsAdminAccessHosts: removed
from local.conf
and server do not start, need to add manually this directive to start the server. Looks
like this is a bug.
Lev
On Пнд, 2008-11-17 at 13:21 -0700, Rich Megginson wrote:
Lev Dudko wrote:
> Dear Directory server experts,
> could you help me, please, to solve the problem with DSGW
> authorization.
> I have successfully setup FDS on Fedora 9 with
> setup-ds-admin.pl
> setup ssl with the help of script from this page:
>
http://www.linuxmail.info/fedora-directory-server-setup-howto-centos-5/
> and run setup-ds-dsgw
> Now, the directory server works, administration server works and
> I can configure everything in DS and Admin server with console
> fedora-idm-console -a
https://localhost:9830
> ldap and ldaps ports are open and accept requests.
>
> I can point my browser to
https://localhost:9830 and use DSGW to
> search successfully,
> but I can not do authorization, when I try to authorize as some user
> (normal user, Directory Manager or admin) I got the error:
> Authentication Failed
> Authentication failed because the password you supplied is incorrect.
> Please click the Retry button and try again. If you have forgotten the
> password for this entry, a directory administrator must reset the
> password for you.
>
> Of course, I am sure that the password is correct. There are no so much
> useful information in the log files. The
> executable /usr/lib64/dirsrv/dsgw-cgi-bin/doauth do this authorization.
>
> I have read available documentation rather careful, but did not find the
> answer. Looks like one of the solution is to use binddnfile directive
> with special text file, but it looks strange for me that it is
> impossible to use normal authorization in LDAP with DSGW.
>
> Have I missed something during the configuration or forgot to add some
> special ACL?
>
What platform?
Any information in your admin server logs at /var/log/dirsrv/admin-serv?
> Lev
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
--
Lev V. Dudko e-mail:dudko@fnal.gov
t. +41(22)7670778
http://top.sinp.msu.ru