[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: authentication
On Tue, 3 Oct 2000, Mark Whitehouse wrote:
> Just ran into a wierd authentication problem in OpenLDAP 2.0.x. To test, I
> cleanly installed OpenLDAP and changed the suffix line in the default
> slapd.conf file:
>
> from:
> suffix "dc=my-domain, dc=com"
> to:
> suffix "ou=devices, dc=my-domain, dc=com"
>
> After starting slapd I attempt the following searches:
>
> this works as expected:
> > ldapsearch -b '' -s base namingContexts
>
> however, this gets an 'invalid credentials' error:
> > ldapsearch -D 'cn=Manager, dc=my-domain, dc=com'
> -W -b '' -s base namingContexts
>
> In fact any attempt to authenticate with the root dn is rejected. Does
> anyone have any idea as to what's happening here?
What is supposed to happen. You can't use Distinguished Names outside the
scope of your suffix.
But I guess slapd shouldn't have accepted the rootdn entry in the first
place.
Hugo.
--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
hvdkooij@caiw.nl http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
Quoting this tagline is illegal! (http://www.dtcc.edu/cs/rfc1855.html)