Re: Help - can't bind

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 03:08 PM 11/2/00 -0800, Steve Collins wrote:
>Hi, I'm still having trouble binding.  Here's the sitch:
>Just upgraded to 2.0.6.   I can't bind as "rootdn".  Need help.  See the
>following (relevant) slapd.conf lines (complete file at end)

Looks like you're using SASL.  First, make sure Cyrus SASL
sample client/servers work using "-s ldap" and your authentication
identities.

>====================================================
>rootdn  uid=root

I assume you're authenticating as "root".  Note that your
actual authorization DN will depend on a number of factors
including the SASL mechanism used, the realm, and your
configuration.  I generally suggestion you first get SASL
authentication working (which doesn't depend upon rootdn
or ACLs), then checking the logs for what the authorization
DN is, then setting your rootdn and/or ACLs appropriately.

>=====================================================
>ldapsearch -Hldap://127.0.0.1:9009 -b "" -s base supportedSASLMechanisms  -x
>returns:
>supportedSASLMechanisms: DIGEST-MD5
>supportedSASLMechanisms: CRAM-MD5

That's good.  slapd seems to have access to secrets for both
DIGEST-MD5 and CRAM-MD5.  The client choose DIGEST-MD5 over
CRAM-MD5 unless you tell it otherwise.

>==========================================================
>I added "root" to the sasldb with saslpasswd
>===========================================================
>But I can't bind :
>ldapsearch -b "" -s base supportedSASLMechanisms  -Xu:root

Since you want to authenticate as "root", say so. 
  ldapsearch -b "" -s base supportedSASLMechanisms -U root

Do NOT specify an authorization identity (-X).  2.0 doesn't
support proxying.

Kurt