- PR -

LDAPを利用した基本認証について

投稿者	投稿内容
きょんた会議室デビュー日: 2005/06/30 投稿数: 1	投稿日時: 2005-06-30 14:36 LDAPを利用した基本認証を行いたいのですが、うまく動作しません。環境 FedoraCore3 openldap-2.2.26 Apache/2.0.52 jk2-2.0.4 tomcat5.0.28 Apache の httpd.conf と Tomcat の servlet.xml と別々に設定してみましたが、同じような結果でした。ちなみに ldapsearch でのバインドや LDAP Brouser を利用してのバインドは成功しています。(ldap コマンドで認証する時は -x を指定しています。） userPassword は何も指定しないユーザと{SHA}でハッシュしたユーザを作っていますが、いずれも同じでした。認証時の slapd のログは以下の通りです。 ------------------------------------------------------------------ daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: new connection on 10 ldap_pvt_gethostbyname_a: host=fc3.opt.co.jp, r=0 daemon: added 10r daemon: activity on: daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: activity on: 10r daemon: read activity on 10 connection_get(10) connection_get(10): got connid=0 connection_read(10): checking for input on id=0 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 01 60 07 02 0....`.. ldap_read: want=6, got=6 0000: 01 03 04 00 80 00 ...... ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x0890b890 ptr=0x0890b890 end=0x0890b89c len=12 0000: 02 01 01 60 07 02 01 03 04 00 80 00 ...`........ ber_get_next ldap_read: want=8 error=Resource temporarily unavailable ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable) do_bind daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL ber_scanf fmt ({imt) ber: ber_dump: buf=0x0890b890 ptr=0x0890b893 end=0x0890b89c len=9 0000: 60 07 02 01 03 04 00 80 00 `........ ber_scanf fmt (m}) ber: ber_dump: buf=0x0890b890 ptr=0x0890b89a end=0x0890b89c len=2 0000: 00 00 .. >>> dnPrettyNormal: <> <<< dnPrettyNormal: <>, <> do_bind: version=3 dn="" method=128 send_ldap_result: conn=0 op=0 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=1 tag=97 err=0 ber_flush: 14 bytes to sd 10 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ do_bind: v3 anonymous bind daemon: activity on 1 descriptors daemon: activity on: 10r daemon: read activity on 10 connection_get(10) connection_get(10): got connid=0 connection_read(10): checking for input on id=0 ber_get_next ldap_read: want=8, got=8 0000: 30 67 02 01 02 63 45 04 0g...cE. ldap_read: want=97, got=97 0000: 16 6f 75 3d 55 73 65 72 73 2c 64 63 3d 6f 70 74 .ou=Users,dc=opt 0010: 2c 64 63 3d 63 6f 6d 0a 01 01 0a 01 03 02 01 00 ,dc=com......... 0020: 02 01 00 01 01 00 a3 0c 04 03 75 69 64 04 05 75 ..........uid..u 0030: 73 65 72 31 30 0e 04 0c 75 73 65 72 50 61 73 73 ser10...userPass 0040: 77 6f 72 64 a0 1b 30 19 04 17 32 2e 31 36 2e 38 word..0...2.16.8 0050: 34 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 40.1.113730.3.4. 0060: 32 2 ber_get_next: tag 0x30 len 103 contents: ber_dump: buf=0x0890ca20 ptr=0x0890ca20 end=0x0890ca87 len=103 0000: 02 01 02 63 45 04 16 6f 75 3d 55 73 65 72 73 2c ...cE..ou=Users, 0010: 64 63 3d 6f 70 74 2c 64 63 3d 63 6f 6d 0a 01 01 dc=opt,dc=com... 0020: 0a 01 03 02 01 00 02 01 00 01 01 00 a3 0c 04 03 ................ 0030: 75 69 64 04 05 75 73 65 72 31 30 0e 04 0c 75 73 uid..user10...us 0040: 65 72 50 61 73 73 77 6f 72 64 a0 1b 30 19 04 17 erPassword..0... 0050: 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 2.16.840.1.11373 0060: 30 2e 33 2e 34 2e 32 0.3.4.2 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable) daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL do_search ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x0890ca20 ptr=0x0890ca23 end=0x0890ca87 len=100 0000: 63 45 04 16 6f 75 3d 55 73 65 72 73 2c 64 63 3d cE..ou=Users,dc= 0010: 6f 70 74 2c 64 63 3d 63 6f 6d 0a 01 01 0a 01 03 opt,dc=com...... 0020: 02 01 00 02 01 00 01 01 00 a3 0c 04 03 75 69 64 .............uid 0030: 04 05 75 73 65 72 31 30 0e 04 0c 75 73 65 72 50 ..user10...userP 0040: 61 73 73 77 6f 72 64 a0 1b 30 19 04 17 32 2e 31 assword..0...2.1 0050: 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 33 6.840.1.113730.3 0060: 2e 34 2e 32 .4.2 >>> dnPrettyNormal: <ou=Users,dc=opt,dc=com> => ldap_bv2dn(ou=Users,dc=opt,dc=com,0) ldap_err2string <= ldap_bv2dn(ou=Users,dc=opt,dc=com)=0 Success => ldap_dn2bv(272) ldap_err2string <= ldap_dn2bv(ou=Users,dc=opt,dc=com)=0 Success => ldap_dn2bv(272) ldap_err2string <= ldap_dn2bv(ou=users,dc=opt,dc=com)=0 Success <<< dnPrettyNormal: <ou=Users,dc=opt,dc=com>, <ou=users,dc=opt,dc=com> SRCH "ou=Users,dc=opt,dc=com" 1 3 0 0 0 begin get_filter EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x0890ca20 ptr=0x0890ca4c end=0x0890ca87 len=59 0000: a3 0c 04 03 75 69 64 04 05 75 73 65 72 31 30 0e ....uid..user10. 0010: 04 0c 75 73 65 72 50 61 73 73 77 6f 72 64 a0 1b ..userPassword.. 0020: 30 19 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 0...2.16.840.1.1 0030: 31 33 37 33 30 2e 33 2e 34 2e 32 13730.3.4.2 end get_filter 0 filter: (uid=user1) ber_scanf fmt ({M}}) ber: ber_dump: buf=0x0890ca20 ptr=0x0890ca5a end=0x0890ca87 len=45 0000: 00 0e 04 0c 75 73 65 72 50 61 73 73 77 6f 72 64 ....userPassword 0010: a0 1b 30 19 04 17 32 2e 31 36 2e 38 34 30 2e 31 ..0...2.16.840.1 0020: 2e 31 31 33 37 33 30 2e 33 2e 34 2e 32 .113730.3.4.2 => get_ctrls ber_scanf fmt ({m) ber: ber_dump: buf=0x0890ca20 ptr=0x0890ca6c end=0x0890ca87 len=27 0000: 30 19 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 0...2.16.840.1.1 0010: 31 33 37 33 30 2e 33 2e 34 2e 32 13730.3.4.2 => get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical) <= get_ctrls: n=1 rc=0 err="" attrs: userPassword ==> limits_get: conn=0 op=1 dn="[anonymous]" => bdb_search bdb_dn2entry("ou=users,dc=opt,dc=com") => bdb_dn2id( "dc=opt,dc=com" ) <= bdb_dn2id: got id=0x00000001 => bdb_dn2id( "ou=users,dc=opt,dc=com" ) <= bdb_dn2id: got id=0x00000003 entry_decode: "ou=Users,dc=opt,dc=com" <= entry_decode(ou=Users,dc=opt,dc=com) search_candidates: base="ou=users,dc=opt,dc=com" (0x00000003) scope=1 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (objectClass) => key_read bdb_idl_fetch_key: [01872a84] <= bdb_index_read: failed (-30990) <= bdb_equality_candidates: id=0, first=0, last=0 <= bdb_filter_candidates: id=0 first=0 last=0 => bdb_dn2idl( "ou=users,dc=opt,dc=com" ) bdb_idl_fetch_key: %ou=users,dc=opt,dc=com <= bdb_dn2idl: id=4 first=17 last=20 => bdb_filter_candidates AND => bdb_list_candidates 0xa0 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (uid) <= bdb_equality_candidates: (uid) index_param failed (18) <= bdb_filter_candidates: id=-1 first=1 last=20 <= bdb_list_candidates: id=-1 first=17 last=20 <= bdb_filter_candidates: id=-1 first=17 last=20 bdb_search_candidates: id=-1 first=17 last=20 entry_decode: "uid=user1,ou=Users,dc=opt,dc=com" <= entry_decode(uid=user1,ou=Users,dc=opt,dc=com) => bdb_dn2id( "uid=user1,ou=users,dc=opt,dc=com" ) <= bdb_dn2id: got id=0x00000011 => test_filter EQUALITY => access_allowed: search access to "uid=user1,ou=Users,dc=opt,dc=com" "uid" requested => acl_get: [2] attr uid => acl_mask: access to entry "uid=user1,ou=Users,dc=opt,dc=com", attr "uid" requested => acl_mask: to value by "", (=n) <= check a_dn_pat: cn=manager,dc=opt,dc=com <= check a_dn_pat: self <= check a_dn_pat: * <= acl_mask: [3] applying read(=rscx) (stop) <= acl_mask: [3] mask: read(=rscx) => access_allowed: search access granted by read(=rscx) <= test_filter 6 => send_search_entry: dn="uid=user1,ou=Users,dc=opt,dc=com" => access_allowed: read access to "uid=user1,ou=Users,dc=opt,dc=com" "entry" requested => acl_get: [2] attr entry => acl_mask: access to entry "uid=user1,ou=Users,dc=opt,dc=com", attr "entry" requested => acl_mask: to all values by "", (=n) <= check a_dn_pat: cn=manager,dc=opt,dc=com <= check a_dn_pat: self <= check a_dn_pat: * <= acl_mask: [3] applying read(=rscx) (stop) <= acl_mask: [3] mask: read(=rscx) => access_allowed: read access granted by read(=rscx) => access_allowed: read access to "uid=user1,ou=Users,dc=opt,dc=com" "userPassword" requested => acl_get: [1] attr userPassword access_allowed: no res from state (userPassword) => acl_mask: access to entry "uid=user1,ou=Users,dc=opt,dc=com", attr "userPassword" requested => acl_mask: to value by "", (=n) <= check a_dn_pat: self <= check a_dn_pat: cn=manager,dc=opt,dc=com <= check a_dn_pat: anonymous <= acl_mask: [3] applying auth(=x) (stop) <= acl_mask: [3] mask: auth(=x) => access_allowed: read access denied by auth(=x) send_search_entry: conn 0 access to attribute userPassword, value #0 not allowed ber_flush: 43 bytes to sd 10 0000: 30 29 02 01 02 64 24 04 20 75 69 64 3d 75 73 65 0)...d$. uid=use 0010: 72 31 2c 6f 75 3d 55 73 65 72 73 2c 64 63 3d 6f r1,ou=Users,dc=o 0020: 70 74 2c 64 63 3d 63 6f 6d 30 00 pt,dc=com0. ldap_write: want=43, written=43 0000: 30 29 02 01 02 64 24 04 20 75 69 64 3d 75 73 65 0)...d$. uid=use 0010: 72 31 2c 6f 75 3d 55 73 65 72 73 2c 64 63 3d 6f r1,ou=Users,dc=o 0020: 70 74 2c 64 63 3d 63 6f 6d 30 00 pt,dc=com0. ------------------------------------------------------------------ 宜しくお願いします。

投稿者

投稿内容

きょんた: 会議室デビュー日: 2005/06/30; 投稿数: 1

投稿日時: 2005-06-30 14:36

LDAPを利用した基本認証を行いたいのですが、うまく動作しません。
環境
FedoraCore3
openldap-2.2.26
Apache/2.0.52
jk2-2.0.4
tomcat5.0.28
Apache の httpd.conf と Tomcat の servlet.xml と別々に設定してみましたが、
同じような結果でした。
ちなみに ldapsearch でのバインドや LDAP Brouser を利用してのバインドは成功しています。(ldap コマンドで認証する時は -x を指定しています。）
userPassword は何も指定しないユーザと{SHA}でハッシュしたユーザを作っていますが、
いずれも同じでした。
認証時の slapd のログは以下の通りです。
------------------------------------------------------------------
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: new connection on 10
ldap_pvt_gethostbyname_a: host=fc3.opt.co.jp, r=0
daemon: added 10r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 60 07 02 0....`..
ldap_read: want=6, got=6
0000: 01 03 04 00 80 00 ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x0890b890 ptr=0x0890b890 end=0x0890b89c len=12
0000: 02 01 01 60 07 02 01 03 04 00 80 00 ...`........
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
do_bind
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x0890b890 ptr=0x0890b893 end=0x0890b89c len=9
0000: 60 07 02 01 03 04 00 80 00 `........
ber_scanf fmt (m}) ber:
ber_dump: buf=0x0890b890 ptr=0x0890b89a end=0x0890b89c len=2
0000: 00 00 ..
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 10
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
do_bind: v3 anonymous bind
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
0000: 30 67 02 01 02 63 45 04 0g...cE.
ldap_read: want=97, got=97
0000: 16 6f 75 3d 55 73 65 72 73 2c 64 63 3d 6f 70 74 .ou=Users,dc=opt
0010: 2c 64 63 3d 63 6f 6d 0a 01 01 0a 01 03 02 01 00 ,dc=com.........
0020: 02 01 00 01 01 00 a3 0c 04 03 75 69 64 04 05 75 ..........uid..u
0030: 73 65 72 31 30 0e 04 0c 75 73 65 72 50 61 73 73 ser10...userPass
0040: 77 6f 72 64 a0 1b 30 19 04 17 32 2e 31 36 2e 38 word..0...2.16.8
0050: 34 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 40.1.113730.3.4.
0060: 32 2
ber_get_next: tag 0x30 len 103 contents:
ber_dump: buf=0x0890ca20 ptr=0x0890ca20 end=0x0890ca87 len=103
0000: 02 01 02 63 45 04 16 6f 75 3d 55 73 65 72 73 2c ...cE..ou=Users,
0010: 64 63 3d 6f 70 74 2c 64 63 3d 63 6f 6d 0a 01 01 dc=opt,dc=com...
0020: 0a 01 03 02 01 00 02 01 00 01 01 00 a3 0c 04 03 ................
0030: 75 69 64 04 05 75 73 65 72 31 30 0e 04 0c 75 73 uid..user10...us
0040: 65 72 50 61 73 73 77 6f 72 64 a0 1b 30 19 04 17 erPassword..0...
0050: 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 2.16.840.1.11373
0060: 30 2e 33 2e 34 2e 32 0.3.4.2
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x0890ca20 ptr=0x0890ca23 end=0x0890ca87 len=100
0000: 63 45 04 16 6f 75 3d 55 73 65 72 73 2c 64 63 3d cE..ou=Users,dc=
0010: 6f 70 74 2c 64 63 3d 63 6f 6d 0a 01 01 0a 01 03 opt,dc=com......
0020: 02 01 00 02 01 00 01 01 00 a3 0c 04 03 75 69 64 .............uid
0030: 04 05 75 73 65 72 31 30 0e 04 0c 75 73 65 72 50 ..user10...userP
0040: 61 73 73 77 6f 72 64 a0 1b 30 19 04 17 32 2e 31 assword..0...2.1
0050: 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 33 6.840.1.113730.3
0060: 2e 34 2e 32 .4.2
>>> dnPrettyNormal: <ou=Users,dc=opt,dc=com>
=> ldap_bv2dn(ou=Users,dc=opt,dc=com,0)
ldap_err2string
<= ldap_bv2dn(ou=Users,dc=opt,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(ou=Users,dc=opt,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(ou=users,dc=opt,dc=com)=0 Success
<<< dnPrettyNormal: <ou=Users,dc=opt,dc=com>, <ou=users,dc=opt,dc=com>
SRCH "ou=Users,dc=opt,dc=com" 1 3 0 0 0
begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0x0890ca20 ptr=0x0890ca4c end=0x0890ca87 len=59
0000: a3 0c 04 03 75 69 64 04 05 75 73 65 72 31 30 0e ....uid..user10.
0010: 04 0c 75 73 65 72 50 61 73 73 77 6f 72 64 a0 1b ..userPassword..
0020: 30 19 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 0...2.16.840.1.1
0030: 31 33 37 33 30 2e 33 2e 34 2e 32 13730.3.4.2
end get_filter 0
filter: (uid=user1)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x0890ca20 ptr=0x0890ca5a end=0x0890ca87 len=45
0000: 00 0e 04 0c 75 73 65 72 50 61 73 73 77 6f 72 64 ....userPassword
0010: a0 1b 30 19 04 17 32 2e 31 36 2e 38 34 30 2e 31 ..0...2.16.840.1
0020: 2e 31 31 33 37 33 30 2e 33 2e 34 2e 32 .113730.3.4.2
=> get_ctrls
ber_scanf fmt ({m) ber:
ber_dump: buf=0x0890ca20 ptr=0x0890ca6c end=0x0890ca87 len=27
0000: 30 19 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 0...2.16.840.1.1
0010: 31 33 37 33 30 2e 33 2e 34 2e 32 13730.3.4.2
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
attrs: userPassword
==> limits_get: conn=0 op=1 dn="[anonymous]"
=> bdb_search
bdb_dn2entry("ou=users,dc=opt,dc=com")
=> bdb_dn2id( "dc=opt,dc=com" )
<= bdb_dn2id: got id=0x00000001
=> bdb_dn2id( "ou=users,dc=opt,dc=com" )
<= bdb_dn2id: got id=0x00000003
entry_decode: "ou=Users,dc=opt,dc=com"
<= entry_decode(ou=Users,dc=opt,dc=com)
search_candidates: base="ou=users,dc=opt,dc=com" (0x00000003) scope=1
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (objectClass)
=> key_read
bdb_idl_fetch_key: [01872a84]
<= bdb_index_read: failed (-30990)
<= bdb_equality_candidates: id=0, first=0, last=0
<= bdb_filter_candidates: id=0 first=0 last=0
=> bdb_dn2idl( "ou=users,dc=opt,dc=com" )
bdb_idl_fetch_key: %ou=users,dc=opt,dc=com
<= bdb_dn2idl: id=4 first=17 last=20
=> bdb_filter_candidates
AND
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (uid)
<= bdb_equality_candidates: (uid) index_param failed (18)
<= bdb_filter_candidates: id=-1 first=1 last=20
<= bdb_list_candidates: id=-1 first=17 last=20
<= bdb_filter_candidates: id=-1 first=17 last=20
bdb_search_candidates: id=-1 first=17 last=20
entry_decode: "uid=user1,ou=Users,dc=opt,dc=com"
<= entry_decode(uid=user1,ou=Users,dc=opt,dc=com)
=> bdb_dn2id( "uid=user1,ou=users,dc=opt,dc=com" )
<= bdb_dn2id: got id=0x00000011
=> test_filter
EQUALITY
=> access_allowed: search access to "uid=user1,ou=Users,dc=opt,dc=com" "uid" requested
=> acl_get: [2] attr uid
=> acl_mask: access to entry "uid=user1,ou=Users,dc=opt,dc=com", attr "uid" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: cn=manager,dc=opt,dc=com
<= check a_dn_pat: self
<= check a_dn_pat: *
<= acl_mask: [3] applying read(=rscx) (stop)
<= acl_mask: [3] mask: read(=rscx)
=> access_allowed: search access granted by read(=rscx)
<= test_filter 6
=> send_search_entry: dn="uid=user1,ou=Users,dc=opt,dc=com"
=> access_allowed: read access to "uid=user1,ou=Users,dc=opt,dc=com" "entry" requested
=> acl_get: [2] attr entry
=> acl_mask: access to entry "uid=user1,ou=Users,dc=opt,dc=com", attr "entry" requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: cn=manager,dc=opt,dc=com
<= check a_dn_pat: self
<= check a_dn_pat: *
<= acl_mask: [3] applying read(=rscx) (stop)
<= acl_mask: [3] mask: read(=rscx)
=> access_allowed: read access granted by read(=rscx)
=> access_allowed: read access to "uid=user1,ou=Users,dc=opt,dc=com" "userPassword" requested
=> acl_get: [1] attr userPassword
access_allowed: no res from state (userPassword)
=> acl_mask: access to entry "uid=user1,ou=Users,dc=opt,dc=com", attr "userPassword" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: cn=manager,dc=opt,dc=com
<= check a_dn_pat: anonymous
<= acl_mask: [3] applying auth(=x) (stop)
<= acl_mask: [3] mask: auth(=x)
=> access_allowed: read access denied by auth(=x)
send_search_entry: conn 0 access to attribute userPassword, value #0 not allowed
ber_flush: 43 bytes to sd 10
0000: 30 29 02 01 02 64 24 04 20 75 69 64 3d 75 73 65 0)...d$. uid=use
0010: 72 31 2c 6f 75 3d 55 73 65 72 73 2c 64 63 3d 6f r1,ou=Users,dc=o
0020: 70 74 2c 64 63 3d 63 6f 6d 30 00 pt,dc=com0.
ldap_write: want=43, written=43
0000: 30 29 02 01 02 64 24 04 20 75 69 64 3d 75 73 65 0)...d$. uid=use
0010: 72 31 2c 6f 75 3d 55 73 65 72 73 2c 64 63 3d 6f r1,ou=Users,dc=o
0020: 70 74 2c 64 63 3d 63 6f 6d 30 00 pt,dc=com0.
------------------------------------------------------------------
宜しくお願いします。

＠IT SpecialPR

LDAPを利用した基本認証について

スキルアップ／キャリアアップ（JOB@IT）