[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Help - can't bind
At 03:08 PM 11/2/00 -0800, Steve Collins wrote:
>Hi, I'm still having trouble binding. Here's the sitch:
>Just upgraded to 2.0.6. I can't bind as "rootdn". Need help. See the
>following (relevant) slapd.conf lines (complete file at end)
Looks like you're using SASL. First, make sure Cyrus SASL
sample client/servers work using "-s ldap" and your authentication
identities.
>====================================================
>rootdn uid=root
I assume you're authenticating as "root". Note that your
actual authorization DN will depend on a number of factors
including the SASL mechanism used, the realm, and your
configuration. I generally suggestion you first get SASL
authentication working (which doesn't depend upon rootdn
or ACLs), then checking the logs for what the authorization
DN is, then setting your rootdn and/or ACLs appropriately.
>=====================================================
>ldapsearch -Hldap://127.0.0.1:9009 -b "" -s base supportedSASLMechanisms -x
>returns:
>supportedSASLMechanisms: DIGEST-MD5
>supportedSASLMechanisms: CRAM-MD5
That's good. slapd seems to have access to secrets for both
DIGEST-MD5 and CRAM-MD5. The client choose DIGEST-MD5 over
CRAM-MD5 unless you tell it otherwise.
>==========================================================
>I added "root" to the sasldb with saslpasswd
>===========================================================
>But I can't bind :
>ldapsearch -b "" -s base supportedSASLMechanisms -Xu:root
Since you want to authenticate as "root", say so.
ldapsearch -b "" -s base supportedSASLMechanisms -U root
Do NOT specify an authorization identity (-X). 2.0 doesn't
support proxying.
Kurt