[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: newbie question. SASL auth.

tir, 2002-08-27 kl. 15:57 skrev Ilya Bassine:

> > rootdn          "uid=root,cn=myorg.ru,cn=auth.cn-digest-md5"
> replaced by:
> rootdn          "uid=root,cn=myorg.ru,cn=auth,cn=digest-md5"    

I just *cannot* believe that this discussion is going on. You just
cannot form a DN anything like that.

A DN is like a tree. It begins below, with the root, which can be a
country (c) or a domain component (dc). It then ascends as a tree would,
trunk, branch, twig, leaf. Each component is entirely separate. A leaf
can not be a root. You cannot form a leaf into a root by telling it it's
a root. I.e., you can't have cn=myorg.ru.

'Course, it doesn't *have* to be like that, but then as the poster
discovers by choosing his own hierarchy: Neither is it duty bound to

Ilya's basic logic is faultless. It's just that he's either never
studied a plant or a tree. There are enough basic DN components
available as examples on this list; anyway, what's wrong in trying with
the examples in the basic slapd.conf that comes with the package and
reading the admin guide at www.openldap.org?

Take one thing at a time. Begin with rootdn "cn=root,o=myorg,c=ru" . Get
that to work. Add to it as necessary. Leave the auth and digest-mdf
stuff until last - you can't stuff them into your DN anyway, they belong
somewhere else.




Tony Earnshaw

The usefulness of RTFM is vastly overrated.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl
gpg public key:	http://www.billy.demon.nl/tonni.armor

Telefoon:	(+31) (0)172 530428
Mobiel:		(+31) (0)6 51153356

GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981

Attachment: signature.asc
Description: Dette er en digitalt signert meldingsdel