[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL support undocumented (ITS#792)

At 03:49 PM 9/29/00 +0000, graham.leggett@bcn.ericsson.se wrote:
>Full_Name: Graham Leggett
>Version: 2.0.4
>OS: LinuxPPC v2.2.18
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (
>Compiling OpenLDAP with SASL support breaks the OpenLDAP setup instructions.

It shouldn't.  The quick start guide and the other chapters always
specify use of simple authentication (-x).

>There is no reference that seems to be available to describe how an SASL
>enabled OpenLDAP is to be set up. Following the quickstart instructions gets
>you as far as starting up the server, but binding as anything other than
>anonymous is impossible. As a result, it is impossible to populate the
>I configured slapd.conf like this:
>database        ldbm
>suffix          "o=test.com"
>#suffix         "o=My Organization Name, c=US"
>rootdn          "cn=Directory Manager"
>#rootdn         "cn=Manager, o=My Organization Name, c=US"

Try commenting out the first rootdn line and using the second
(as shown in the documentation).  When simple bind is used,
the target DN (rootdn) must be within the naming context (suffix)
of the database.

>rootpw          secret
>I then try to bind to the directory so that I can populate it with some
>data, this fails:
>[root@jessica openldap]# ldapmodify -x -D "cn=Directory Manager" -w
>ldap_bind: Invalid credentials

Yes.  "cn=Directory Manager" does exist in any of the naming contexts,
hence the credentials are invalid.

>The SASL libraries are installed but not configured. No documentation is
>included on how to configure SASL for OpenLDAP.

SASL has nothing to do with this error.