[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Kerberos/GSSAPI issues

On Tue, Dec 28, 2010 at 02:31:44PM -0800, Howard Chu wrote:
> ># ldapsearch -s base -b "cn=config" -Y EXTERNAL -H ldapi:///
> >SASL/EXTERNAL authentication started
> >ldap_sasl_interactive_bind_s: Inappropriate authentication (48)
> >	additional info: SASL(-15): mechanism too weak for this user: mech EXTERNAL is too weak
> >
> >So:
> >(a) it would be nice to know how to recover from this. If I stop slapd and
> >edit /etc/ldap/slapd.d/cn\=config.ldif directly, that seems to be OK, but
> >are there any risks in directly manipulating the config in this way?
> The main risk is that if you enter any typos or syntax errors, slapd
> will refuse to start. You should probably use slapmodify instead, so
> at least you'll get some syntax checking.

That's not in Debian/Ubuntu:

root@noc:~# man slapmodify
No manual entry for slapmodify
root@noc:~# dpkg-query -L slapd | grep modify
root@noc:~# apt-cache search slapmodify

I can't even find it in the latest release (openldap-2.4.23) source tarball.

$ grep -R slapmodify .
$ find . -name 'slapmod*'

I see there is slapadd though. Is slapmodify a recent addition?