[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: config backend with SASL



Hi,

I thought that the rootdn of the config backend is hardcoded to
"cn=config". Since this is not the case, can you please give more
details regarding your example ?

Please notice, that in the test database, I'm only using the
"core.schema" schema. 

So, what exactly should I add to the config file, and how should I call
ldapsearch (as I already stated, I'm new to LDAP).

Thanks in advance,
  Eran

On Mon, 2006-09-04 at 18:40 +0200, Pierangelo Masarati wrote:
> > Hi,
> >
> > I've posted the following question, but no one seemed to answer it. I
> > guess that I'm missing something trivial. I would appreciate if someone
> > could help.
> >
> > Thanks,
> >   Eran
> >
> > // Original message
> > ///////////////////
> >
> > Hi,
> >
> > I've added SASL configuration to the test slapd that I'm using. I've
> > added the following to the slapd.conf:
> >
> > disallow bind_simple
> > disallow bind_anon
> > sasl-secprops noanonymous
> > sasl-host localhost
> >
> > #######################################################################
> > # BDB database definitions
> > #######################################################################
> >
> > I've added a test user using the saslpasswd2 utility. When I'm trying to
> > access the bdb database, everything seems to be OK. But, when I try to
> > search the "cn=config" sub tree, I get the following:
> >
> > ldapsearch -a always -O noanonymous -U erantest@eranl -Y login -w
> > password -b "cn=schema,cn=config"
> > SASL/LOGIN authentication started
> > SASL username: erantest@eranl
> > SASL SSF: 0
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <cn=schema,cn=config> with scope subtree
> > # filter: (objectclass=*)
> > # requesting: ALL
> > #
> >
> > # search result
> > search: 4
> > result: 50 Insufficient access
> >
> > # numResponses: 1
> >
> > Can someone please explain what I'm missing here.
> 
> Did you set that user (actually, the DN it's expanded as; see authz-regexp
> in slapd.conf(5)) as the rootdn of the config database?  For example,
> 
> database config
> rootdn "uid=erantest,cn=eranl,cn=login,cn=auth"
> 
> p.
> 
> 
> 
> 
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
> 
> SysNet s.n.c.
> Via Dossi, 8 - 27100 Pavia - ITALIA
> http://www.sys-net.it
> ------------------------------------------
> Office:   +39.02.23998309
> Mobile:   +39.333.4963172
> Email:    pierangelo.masarati@sys-net.it
> ------------------------------------------
>