[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with openldap 2.0.6 and SASL [follow-up]

Went to CVS and got most recent, cutting-edge, sasl.c and recompiled slapd. This DID NOT resolve the problem. Also, though I've tried a number of variations of arguments with ldapadd without success, the variation that seems the most correct to me is:

ldapadd -f cheshire-init.ldif -D "uid=rtanner@cheshire.onlinemac.com"

It still fails, as below, with the error "Insufficient Access" which means I successfully authenticated but the server doesn't think I'm authorized. Also, one other thing I forgot to mention. Immediately after ldapadd prompts me and I enter my password, it prints out "SASL SSF: 0". Where is the ssf of 0 coming from? I've tried seeting "security ssf=56" in slapd.conf, and that doesn't make any difference.

-- Rob

--On 10/28/00 06:01:18 PM -0700 Rob Tanner <rtanner@cheshire.onlinemac.com> wrote:


I installed openldap-2.0.6 with SASL support of redhat 6.2. It build
and test without a hitch.  In running configure, I included the
"--with-cyrus-sasl" and the "--enable-spasswd" parameters.  In
slapd.conf, I've included the following lines:

sasl-host cheshire.onlinemac.com
sasl-realm CHESHIRE
sasl-secprops noanonymous  minssf=56
rootdn "uid=rtanner@cheshire.onlinemac.com"

But when I try to use ldapadd, no combination of options that I tried
would work.  After I entered my password (mech=CRAM-MD5), ldapadd
would return with the error "Insufficient Access".

I know SASL is ok.  I installed and configured it on the same machine
several months ago and it gets used continuously for Cyrus IMAP and
AUTH SMTP.  The docs are all pretty sparse, so I wouldn't be
surprised if I'm just doing something wrong.

All suggestions appreciated.  Thanks.

_ _ _ _ _ _ _ _ _ _ /\_\_\_\_\ /\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_/ /\/_/ /\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound)

 Rob Tanner
 McMinnville, Oregon