[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authentication

To: Mark Whitehouse <markwhitehouse@home.com>
Subject: Re: authentication
From: Hugo.van.der.Kooij@caiw.nl
Date: Wed, 4 Oct 2000 08:35:32 +0200 (CEST)
Cc: openldap <openldap-software@OpenLDAP.org>
In-reply-to: <LCECIEENMIFONLOGAKPFIEMGCFAA.markwhitehouse@home.com>

On Tue, 3 Oct 2000, Mark Whitehouse wrote:

> Just ran into a wierd authentication problem in OpenLDAP 2.0.x.  To test, I
> cleanly installed OpenLDAP and changed the suffix line in the default
> slapd.conf file:
> 
>   from:
>     suffix  "dc=my-domain, dc=com"
>   to:
>     suffix  "ou=devices, dc=my-domain, dc=com"
> 
> After starting slapd I attempt the following searches:
> 
>   this works as expected:
>     > ldapsearch -b '' -s base namingContexts
> 
>   however, this gets an 'invalid credentials' error:
>     > ldapsearch -D 'cn=Manager, dc=my-domain, dc=com'
>                -W -b '' -s base namingContexts
> 
> In fact any attempt to authenticate with the root dn is rejected.  Does
> anyone have any idea as to what's happening here?

What is supposed to happen. You can't use Distinguished Names outside the
scope of your suffix.

But I guess slapd shouldn't have accepted the rootdn entry in the first
place.

Hugo.

-- 
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij@caiw.nl	http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
Quoting this tagline is illegal! (http://www.dtcc.edu/cs/rfc1855.html)

References:
- authentication
  - From: "Mark Whitehouse" <markwhitehouse@home.com>

Prev by Date: Re: Schema Tutorial?
Next by Date: Re: ldapadd - no such object/Invalid Credentials
Index(es):
- Chronological
- Thread