[Date Prev][Date Next]
RE: How to confirm --enable-local
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Robert
> I'm running 2.1.27 and already tried setting permissions to 777:
> esmtp# ls -la /var/run/openldap
> total 8
> drwxr-xr-x 2 ldap ldap 512 Mar 24 16:28 .
> drwxr-xr-x 6 root wheel 512 Mar 23 18:44 ..
> srwxrwxrwx 1 root ldap 0 Mar 24 16:28 ldapi
> -rw-r--r-- 1 root ldap 111 Mar 24 16:28 slapd.args
> -rw-r--r-- 1 root ldap 6 Mar 24 16:28 slapd.pid
> esmtp# ldapadd -f test.ldif -H
> adding new entry "ou=Test,dc=webtent,dc=net"
> ldapadd: update failed: ou=Test,dc=webtent,dc=net
> ldap_add: Strong(er) authentication required (8)
> additional info: modifications require authentication
> esmtp# kadmin -l
> kadmin> init WEBTENT.NET
> Realm max ticket life [unlimited]:
> Realm max renewable ticket life [unlimited]:
> kadmin: kadm5_create_principal: ldap_add_s: Can't contact LDAP server
> As I was saying in my last message I just posted. Even though I have
> access permissions on the for the socket setup in slapd.conf, still
> cannot write to it.
Since you're able to send LDAP requests on the socket, it's clear that your
filesystem permissions are not the problem.
It's quite possible that ldapi on FreeBSD doesn't work for transmitting Unix
credentials, although I would be surprised if that were the case.
Since you've established that ldapsearch works from the command line, the
intelligent thing to do would be to turn up debugging on slapd and look at
the traffic generated by an ldapsearch request and compare it to that
generated by Heimdal.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support