792 – SASL support undocumented

Issue 792 - SASL support undocumented

Summary: SASL support undocumented

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	unspecified
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2000-09-29 15:49 UTC by graham.leggett@bcn.ericsson.se
Modified:	2014-08-01 21:06 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description graham.leggett@bcn.ericsson.se 2000-09-29 15:49:41 UTC

Full_Name: Graham Leggett
Version: 2.0.4
OS: LinuxPPC v2.2.18
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.78.100.2)


Compiling OpenLDAP with SASL support breaks the OpenLDAP setup instructions.

There is no reference that seems to be available to describe how an SASL
enabled OpenLDAP is to be set up. Following the quickstart instructions gets
you as far as starting up the server, but binding as anything other than
anonymous is impossible. As a result, it is impossible to populate the
directory.

I configured slapd.conf like this:

database        ldbm
suffix          "o=test.com"
#suffix         "o=My Organization Name, c=US"
rootdn          "cn=Directory Manager"
#rootdn         "cn=Manager, o=My Organization Name, c=US"
rootpw          secret

I then try to bind to the directory so that I can populate it with some
data, this fails:

[root@jessica openldap]# ldapmodify -x -D "cn=Directory Manager" -w
"secret" 
ldap_bind: Invalid credentials

The log file looks like this:

Sep 29 16:58:41 jessica slapd[16750]: conn=2 op=0 BIND dn="CN=DIRECTORY
MANAGER" method=128 
Sep 29 16:58:41 jessica slapd[16750]: conn=2 op=0 RESULT tag=97 err=49
text= 

The SASL libraries are installed but not configured. No documentation is
included on how to configure SASL for OpenLDAP.

Comment 1 Kurt Zeilenga 2000-09-29 16:08:37 UTC

At 03:49 PM 9/29/00 +0000, graham.leggett@bcn.ericsson.se wrote:
>Full_Name: Graham Leggett
>Version: 2.0.4
>OS: LinuxPPC v2.2.18
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (193.78.100.2)
>
>
>Compiling OpenLDAP with SASL support breaks the OpenLDAP setup instructions.

It shouldn't.  The quick start guide and the other chapters always
specify use of simple authentication (-x).

>There is no reference that seems to be available to describe how an SASL
>enabled OpenLDAP is to be set up. Following the quickstart instructions gets
>you as far as starting up the server, but binding as anything other than
>anonymous is impossible. As a result, it is impossible to populate the
>directory.
>
>I configured slapd.conf like this:
>
>database        ldbm
>suffix          "o=test.com"
>#suffix         "o=My Organization Name, c=US"
>rootdn          "cn=Directory Manager"
>#rootdn         "cn=Manager, o=My Organization Name, c=US"

Try commenting out the first rootdn line and using the second
(as shown in the documentation).  When simple bind is used,
the target DN (rootdn) must be within the naming context (suffix)
of the database.

>rootpw          secret
>
>I then try to bind to the directory so that I can populate it with some
>data, this fails:
>
>[root@jessica openldap]# ldapmodify -x -D "cn=Directory Manager" -w
>"secret" 
>ldap_bind: Invalid credentials

Yes.  "cn=Directory Manager" does exist in any of the naming contexts,
hence the credentials are invalid.

>The SASL libraries are installed but not configured. No documentation is
>included on how to configure SASL for OpenLDAP.

SASL has nothing to do with this error.

Comment 2 Kurt Zeilenga 2000-09-30 09:50:38 UTC

changed notes
changed state Open to Closed

Comment 3 OpenLDAP project 2014-08-01 21:06:12 UTC

user error