[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
question about authentication
hello to everyone!
i'm trying to set up openldap (newbie) with sasl (plain, gssapi) now for
about one week, but now i have ran into a simple problem, i think, but i
couldn't find an answer. so i have two questions for you, which i hope you
can answer for me.
1. i created a rootdn "uid=manfred,dc=domain,dc=com". i also set up sasl to
check user and password in /etc/shadow (later i will move to kerberos),
which works. now, when i try to add something to the database with:
ldapadd -f /etc/openldap/ldif/companystructure.ldif -D
"uid=manfred,dc=domain,dc=com" -Y PLAIN
i get prompted to insert my password, so i enter the password for the user
manfred, who has an account on my linuxbox.
the resulting error is:
ldap_sasl_interactive_bind_s: Invalid credentials
so i also tried the following:
ldapadd -f /etc/openldap/ldif/companystructure.ldif -D
"uid=manfred,dc=domain,dc=com" -Y PLAIN -U manfred
after typing in my password, i get following error:
ldap_add: Insufficent access
can you please tell me, if there are any options to get this to work?? i
tried to answer my question like the other ones on the maling list archive,
but i wasn't successful.
2. this problem should be a little bit simplier.
is it possible to tell SASL, which authentication method to use for default.
i always need to specify "-Y PLAIN", to use the plain mechanism, otherwise
SASL always wants to use GSSAPI.
is there an option in any configuration file to get this to work.
i can restrict the mechanisms to GSSAPI only, with the "sasl-secoprops" in
"slapd.conf".
i hope anyone can help me with my problems/questions and would be very
thankful.
thanks for any affords in advance and sorry for my english (i come from
austria).
the greetings from vorarlberg (west austria).
manfred