[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authentication



On Tue, 3 Oct 2000, Mark Whitehouse wrote:

> Just ran into a wierd authentication problem in OpenLDAP 2.0.x.  To test, I
> cleanly installed OpenLDAP and changed the suffix line in the default
> slapd.conf file:
> 
>   from:
>     suffix  "dc=my-domain, dc=com"
>   to:
>     suffix  "ou=devices, dc=my-domain, dc=com"
> 
> After starting slapd I attempt the following searches:
> 
>   this works as expected:
>     > ldapsearch -b '' -s base namingContexts
> 
>   however, this gets an 'invalid credentials' error:
>     > ldapsearch -D 'cn=Manager, dc=my-domain, dc=com'
>                -W -b '' -s base namingContexts
> 
> In fact any attempt to authenticate with the root dn is rejected.  Does
> anyone have any idea as to what's happening here?

What is supposed to happen. You can't use Distinguished Names outside the
scope of your suffix.

But I guess slapd shouldn't have accepted the rootdn entry in the first
place.

Hugo.

-- 
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij@caiw.nl	http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
Quoting this tagline is illegal! (http://www.dtcc.edu/cs/rfc1855.html)