[Date Prev][Date Next] [Chronological] [Thread] [Top]

Newbie: ldap_bind: Inappropriate authentication (48)

To: OpenLDAP-software@OpenLDAP.org
Subject: Newbie: ldap_bind: Inappropriate authentication (48)
From: Steve Revilak <srevilak@speakeasy.net>
Date: Sat, 11 Sep 2004 00:27:28 -0400 (EDT)

I've been attempting to set up a directory using openldap, and I've
run into a roadblock.

Working through the quick-start section of
http://www.openldap.org/doc/admin22/quickstart.html, I can't get by
step 2, "Add initial entries to your directory."

  $ ldapadd -w secret -x  -D "cn=Manager,dc=s,dc=com" -f record.ldif
  Enter LDAP Password: [type `secret' here]
  ldap_bind: Inappropriate authentication (48)

I can add the initial entries via slapadd, but not via the server.
After spending several hours trying to figure out why, I still haven't
been able to get around the problem.  Below are my slapd.conf and the
record.ldif (from above).

I started with no `access to' directives - the ones below were taken
from http://www.openldap.org/faq/data/cache/171.html, and mailing list
posts I've found via google.

Running slapd with `-d 192' I can see it reading the rootdn and rootpw
attributes from slapd.conf, but it still doesn't seem to accept the
`rootpw' value.

Help?

------------ uname ----------------------
# using openldap that comes with the `Client' version Mac OS 10.3
# (version 2.1.22)
$ uname -a Darwin spud.local 7.5.0 Darwin Kernel Version 7.5.0: Thu Aug  5 19:26:16 PDT 2004; root:xnu/xnu-517.7.21.obj~3/RELEASE_PPC  Power Macintosh powerpc
-----------------------------------------

------------ record.ldif ----------------
dn: dc=s,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: s

dn: cn=Manager,dc=s,dc=com
objectclass: organizationalRole
cn: Manager
------------------------------------------

------------- slapd.conf -----------------
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/etc/openldap/schema/core.schema

pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args

access to dn.base="" by * read
access to dn.base="dc=s,dc=com" by * read

access to attr=userpassword
  by self write
  by anonymous auth
  by * none

access to *
  by self write
  by users read
  by anonymous auth

allow bind_v2

#######################################################################
# BDB database definitions
#######################################################################

database	dbd
Suffix		"dc=s,dc=com"
rootdn		"cn=Manager,dc=s,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	/usr/local/lib/openldap-data
# Indices to maintain
index	objectClass	eq
--------------------------------------------

Follow-Ups:
- Re: Newbie: ldap_bind: Inappropriate authentication (48)
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: Newbie: ldap_bind: Inappropriate authentication (48)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: newbie's problem with replication of ldap
Next by Date: Re: choosing my schemas, attributes, ... to use email adresses
Index(es):
- Chronological
- Thread