[Date Prev][Date Next] [Chronological] [Thread] [Top]

question about authentication

hello to everyone!

i'm trying to set up openldap (newbie) with sasl (plain, gssapi) now for
about one week, but now i have ran into a simple problem, i think, but i
couldn't find an answer. so i have two questions for you, which i hope you
can answer for me.

1. i created a rootdn "uid=manfred,dc=domain,dc=com". i also set up sasl to
check user and password in /etc/shadow (later i will move to kerberos),
which works. now, when i try to add something to the database with:

ldapadd -f /etc/openldap/ldif/companystructure.ldif -D
"uid=manfred,dc=domain,dc=com" -Y PLAIN

i get prompted to insert my password, so i enter the password for the user
manfred, who has an account on my linuxbox.
the resulting error is:
ldap_sasl_interactive_bind_s: Invalid credentials

so i also tried the following:
ldapadd -f /etc/openldap/ldif/companystructure.ldif -D
"uid=manfred,dc=domain,dc=com" -Y PLAIN -U manfred
after typing in my password, i get following error:
ldap_add: Insufficent access

can you please tell me, if there are any options to get this to work?? i
tried to answer my question like the other ones on the maling list archive,
but i wasn't successful.

2. this problem should be a little bit simplier.
is it possible to tell SASL, which authentication method to use for default.
i always need to specify "-Y PLAIN", to use the plain mechanism, otherwise
SASL always wants to use GSSAPI.
is there an option in any configuration file to get this to work.
i can restrict the mechanisms to GSSAPI only, with the "sasl-secoprops" in

i hope anyone can help me with my problems/questions and would be very
thanks for any affords in advance and sorry for my english (i come from

the greetings from vorarlberg (west austria).