[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with ACLs..

Yes, you are of course right. Fixing the ACLs fixed most of it...

It turns out that the SASL UID was "UID=pjm3" rather than
"UID=pjm3+realm=NET.IC.AC.UK". I suspect that were I coming from another
realm, the realm would actually be there, i.e. pjm3@IC.AC.UK would be
"UID=pjm3+realm=IC.AC.UK", but a principal in the same realm doesn't have a
realm. Is that right?


| Phil Mayers, Network Support     |
| Centre for Computing Services    |
| Imperial College                 |

-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: 16 September 2000 20:11
To: Mayers, Philip J
Cc: 'openldap-software@openldap.org'
Subject: Re: Problems with ACLs..

>With SASL and the ACL (GSSAPI or CRAM-MD5, both of which work fine without
>the ACL), I get no output, and "ldap_sasl_interactive_bind_s: DSA is
>unavailable". If I supply a "-Y mech" argument, I simply get no results,
>no errors either.

Yes, because of the access controls don't allow any return of