[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: rootdn DN is invalid.

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Dieter Kluenter

> Hi,
> Jeremy Hallum <jhallum@umich.edu> writes:

> > Sadly, I tried it with those lines, and it doesn't seem to
> > be happy with it.
> >
> > Here's a look at my entire slapd.conf file:
> >
> > database        bdb
> > suffix          "dc=astro-lsa-umich,dc=edu"
> > sasl-regexp
> >      uid=(.*),cn=LSA.UMICH.EDU,cn=gssapi,cn=auth
> >      uid=$1,ou=admin,dc=astro-lsa-umich,dc=edu
> > rootdn
> "uid=astrldapadmin,realm=LSA.UMICH.EDU,cn=gssapi,cn=auth"
>                                     ^^^^^^^^^^
> [...]
> realm is an invalid attribute

Of course, the whole point of using a sasl-regexp is to turn the
"xxx,cn=auth" form of DN into one that you can actually use. So keeping that
"xxx,cn=auth" DN in your rootdn directive is completely missing the point.
Given the regexp you used, your rootdn ought to be something like
  rootdn uid=astrldapadmin,ou=admin,dc=astro-lsa-umich,dc=edu

Of course, to use domainComponent as it was intended, your suffix ought to be
instead of

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support