[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL (again)

To: "'Justin Schwartz'" <justin@ivorytower.co.za>, OpenLDAP Mailing List <openldap-software@OpenLDAP.org>
Subject: RE: SASL (again)
From: "Peiry, Stéphane" <stephane.peiry@colt.ch>
Date: Fri, 7 Dec 2001 15:21:43 +0100

concerning "could not read Root DSE" try:  access to dn.base="" by * read
(this for v2.0.12 or later, or 'access to dn="^$" by * read' for "any")
Stéphane

-----Original Message-----
From: Justin Schwartz [mailto:justin@ivorytower.co.za]
Sent: Freitag, 7. Dezember 2001 14:55
To: OpenLDAP Mailing List
Subject: SASL (again)


Hi,
  Please, someone MUST know what is going wrong here:
I try:
[root@linux3 tools]# ./ldapsearch -h intranet.ivorytower.co.za
ldap_sasl_interactive_bind_s: No such object

The FAQ says this means "that LDAP SASL authentication function could not
read the Root DSE. "

Can someone tell me how to allow SASL to read the Root DSE?

AND:

[root@linux3 tools]# ./ldapsearch -D "cn=<root>,dc=ivorytower,dc=co,dc=za" -
b "" -I -Y DIGEST-MD5 -h intranet.ivorytower.co.za
SASL/DIGEST-MD5 authentication started
SASL Interaction
Default: ....
Please enter your authentication name: <root>
Please enter your authorization name: <root>
Please enter your password:
ldap_sasl_interactive_bind_s: Unknown error
        additional info: unable to get user's secret


If I do this:

[root@linux3 tools]# ./ldapsearch -D
"cn=<root>,dc=ivorytower,dc=co,dc=za"" -
b "" -Wxs base -LLL supportedSASLMechanisms -h intranet.ivorytower.co.za
Enter LDAP Password:
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5


My slapd.conf:

#sasl-host intranet.ivorytower.co.za  - uncommenting these did not resolve
the issues
#sasl-secprops none
#sasl-realm intranet.ivorytower.co.za
database        ldbm
suffix          "dc=ivorytower,dc=co,dc=za"
rootdn          "cn=<myroot>,dc=ivorytower,dc=co,dc=za"

# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          <whatever>
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory       /usr/local/var/openldap-ldbm
# Indices to maintain
index   objectClass     eq

TLSCertificateFile      /etc/ldap/server.pem
TLSCertificateKeyFile   /etc/ldap/key.pem
TLSCACertificateFile    /etc/ldap/server.pem
TLSCipherSuite DES-CBC3-SHA

Thanks
----------------------//...
Justin Schwartz
Senior Programmer
Ivory Tower Internet Solutions
+27 21 418-8230 (voice)
+27 21 425-4537 (fax)
+27 (0)82 487-3821 (cellular)
justin@ivorytower.co.za (mail)

Prev by Date: SASL (again)
Next by Date: Re: one slapd to multiple backends LDAP
Index(es):
- Chronological
- Thread