[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP: error code 8 - LDAP: error code 8 - modifications require authentication

Aside from the usual suggestions of using at least the most
recent "stable" release of OpenLDAP Software, and prerequisite
software (Cyrus SASL, etc.), I suggest you dig through the
server logs to determine precisely what requests were made
by your client, their result (to authorization state as well
as to the DIT), and the result returned and then see is inline
with your expectations of your code.  If that leads to questions
specific to JNDI, I suggest you take them to a list about JNDI
(note that such questions are off topic here).

I do note that the error text returned by slapd(8) is, I believe,
only returned when the client attempts to update the directory
without first establishing its identity as required by server
(default) policy.  That error text is not returned for search
operations as 1) search operations don't update the directory
and 2) search operations are (by default) allowed even though
the client has not yet established its identity.  This implies
that the client has not yet established its identity, or
possibly that the identity it established is regarded as
synonymous being anonymous.  You might want to check the
slapd(8) identity mapping configuration (not only by eye,
but by confirming that LDAP Whoami? returns expected authorization
identity information).


At 12:47 PM 3/23/2005, gauravsharma0@gmail.com wrote:
>hi all
>I'm having trouble adding an entry to a LDAP directory using J2SE
>1.4.2 and JNDI with GSSAPI mechanism. Once I obtain the Kerberos
>ticket from the Kerberos server, everything works fine for search
>operations from my code, but I get the following error while adding an
>entry to LDAP:
>javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 -
>modifications require authentication]
>I'm running openldap-2.2.17 software on both the client and the server
>machine running Fedore Core 3 linux and RedHat Enterprise Linux 3. I'm
>using Kerberos v5 server (1.2.7-38) on the running on the same server.
>Note that the command line tools "ldapsearch" and "ldapadd" work fine
>with GSSAPI authentication.
>Please help.