[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP and authentication

To: openldap-software@OpenLDAP.org
Subject: LDAP and authentication
From: Matthijs <matthijs@cacholong.nl>
Date: Sun, 08 Feb 2004 21:14:46 +0100

I'm using LDAP for account information. The passwords are stored in an
Kerberos database (Heimdal)

This is working pretty good but i want now samba also into my ldap tree
and windows machines in my network.

But now when i try to add something to my LDAP tree i get insufficient
access:
 ldapsearch -x -D "uid=ldapadm,dc=cacholong,dc=nl" -W -b
"dc=cacholong,dc=nl"
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

When i try to search something wit SASL it works (my ticket
authenticates me right)

But when i try to add something with my ticket (SASL) then the server
says ldap_bind: Invalid credentials (49)

Then i try to add something with my ticket (SASL) and my user/pass and
that works:
server:~/cacholong# ldapadd -f ldap.ldif -D
"uid=ldapadm,dc=cacholong,dc=nl" -W Enter LDAP Password:
SASL/GSSAPI authentication started
SASL username: ldapadm@CACHOLONG.NL
SASL SSF: 56
SASL installing layers

I want to add or with my ticket or with a user/pass combination and not
both of them.

So what can be wrong ?

These are my ACL's:
access to attribute=userPassword
        by dn="dc=cacholong,dc=nl" write
        by dn="uid=ldapadm" write
        by anonymous auth
        by self write
        by * none
access to *
        by dn="dc=cacholong,dc=nl" write
        by dn="uid=ldapadm" write
        by * read

Some relevant information:
I'm recently switched from Mit to Heimdal.

Follow-Ups:
- Re: LDAP and authentication
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: Openlap and BDB updates: update question
Next by Date: Re: Can openldap do fan-out authentication?
Index(es):
- Chronological
- Thread