[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: BINDDN in ~/.ldaprc ignored(?)

To: Frank Thommen <f.thommen@dkfz-heidelberg.de>
Subject: Re: BINDDN in ~/.ldaprc ignored(?)
From: Dan White <dwhite@cafedemocracy.org>
Date: Tue, 9 Feb 2016 08:41:09 -0600
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <56B9B14A.3070207@dkfz-heidelberg.de>
References: <56B9B14A.3070207@dkfz-heidelberg.de>
User-agent: Mutt/1.5.24 (2015-08-30)

On 02/09/16 10:28 +0100, Frank Thommen wrote:

BINDDN in ~/.ldaprc seems to be ignored or I'm doing something wrong.

/etc/openldap/ldap.conf is empty.

~/.ldaprc is:

$ cat ~/.ldaprc
BINDDN      <myBindDN>
BASE        <myBaseDN>
URI         ldaps://<myLDAPServer>
TLS_REQCERT never
$
ldapsearch returns an error if I don't declare the bindDN on thecommandline:
$ ldapsearch -W -v cn=xyz
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: UnspecifiedGSS failure. Minor code may provide more information (No Kerberoscredentials available)
$


For SASL binds, specify SASL_AUTHCID instead; however this option will be
ignored by the sasl library for GSSAPI binds, in which case SASL_AUTHZID
may be used if you need to specify an authz identity.

For non-sasl binds, specify '-x' on your command line, which does make use
of BINDDN.

--
Dan White

Follow-Ups:
- Re: BINDDN in ~/.ldaprc ignored(?)
  - From: Frank Thommen <f.thommen@dkfz-heidelberg.de>

References:
- BINDDN in ~/.ldaprc ignored(?)
  - From: Frank Thommen <f.thommen@dkfz-heidelberg.de>

Prev by Date: Re: BINDDN in ~/.ldaprc ignored(?)
Next by Date: Re: BINDDN in ~/.ldaprc ignored(?)
Index(es):
- Chronological
- Thread