[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL (again)
Hi,
Please, someone MUST know what is going wrong here:
I try:
[root@linux3 tools]# ./ldapsearch -h intranet.ivorytower.co.za
ldap_sasl_interactive_bind_s: No such object
The FAQ says this means "that LDAP SASL authentication function could not
read the Root DSE. "
Can someone tell me how to allow SASL to read the Root DSE?
AND:
[root@linux3 tools]# ./ldapsearch -D "cn=<root>,dc=ivorytower,dc=co,dc=za" -
b "" -I -Y DIGEST-MD5 -h intranet.ivorytower.co.za
SASL/DIGEST-MD5 authentication started
SASL Interaction
Default: ....
Please enter your authentication name: <root>
Please enter your authorization name: <root>
Please enter your password:
ldap_sasl_interactive_bind_s: Unknown error
additional info: unable to get user's secret
If I do this:
[root@linux3 tools]# ./ldapsearch -D
"cn=<root>,dc=ivorytower,dc=co,dc=za"" -
b "" -Wxs base -LLL supportedSASLMechanisms -h intranet.ivorytower.co.za
Enter LDAP Password:
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
My slapd.conf:
#sasl-host intranet.ivorytower.co.za - uncommenting these did not resolve
the issues
#sasl-secprops none
#sasl-realm intranet.ivorytower.co.za
database ldbm
suffix "dc=ivorytower,dc=co,dc=za"
rootdn "cn=<myroot>,dc=ivorytower,dc=co,dc=za"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw <whatever>
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /usr/local/var/openldap-ldbm
# Indices to maintain
index objectClass eq
TLSCertificateFile /etc/ldap/server.pem
TLSCertificateKeyFile /etc/ldap/key.pem
TLSCACertificateFile /etc/ldap/server.pem
TLSCipherSuite DES-CBC3-SHA
Thanks
----------------------//...
Justin Schwartz
Senior Programmer
Ivory Tower Internet Solutions
+27 21 418-8230 (voice)
+27 21 425-4537 (fax)
+27 (0)82 487-3821 (cellular)
justin@ivorytower.co.za (mail)