[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Strange problem with binding authentication

At 01:17 PM 11/5/99 +0100, Marco Ferrante wrote:
>   I've a standard OpenLDAP SLAPD running well.
>I tried to use Netscape Directory Server 3 schema definition files instead of 
>SLAPD one's,

OpenLDAP configuration format != Netscape configuration format

>but any authenticated binding (except as root) is refused as 
>the password is incorrect.

You probably changed the syntax of userpassword from ces to bin.
Currently, OpenLDAP hashed password support requires (incorrectly)
that userpassword to be ces.

>  In debug mode, SLAPD return error 49.
>Only changes in slapd.conf is substitution of slapd.*.conf with 
>netscape.*.conf; difference I've seen between them are that if a class (ex. 
>organizationalPerson) is an extention of another one (ex. person), attributes 
>of parent class aren't redeclared.

OpenLDAP requires you expand each objectclass such that it contains
all attributes of its class and its superiors.  The 'sup' clause
is not understood.

>Note that in my tree, every entry with 
>objectclass organizationalPerson value have objectclass person too.
>  Any idea?

Don't use Netscape specific configuration directives in an OpenLDAP
configuration file.

Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>