[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap auth does not works after openldap upgrade



Andrew Findlay wrote:
On Wed, Feb 16, 2011 at 02:51:19AM -0800, Howard Chu wrote:

I also suspect that there may not be a valid password set on the
cn=config suffix, so you will not be able to manage the server through
LDAP either.

Since it's starting on ldapi:/// he should just do a SASL EXTERNAL
bind on ldapi:// using Unix root. Pretty sure Debian packages it
with the appropriate authz-regexp already configured.

I don't have a Debian Squeeze server at present so I cannot
check that.

Where is this documented? I am having great trouble finding
any clear description of how to actually access cn=config in
the bootstrap case.

I don't know where Debian documents their bootstrap config, you'll have to ask them.

Similarly I cannot find anything that
clearly describes the use of SASL EXTERNAL with ldapi.

http://tools.ietf.org/html/draft-chu-ldap-ldapi-00

If you can point me at some authoritative statements I will
propose a patch for the Admin Guide.

Andrew

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/