[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL (again)

To: "OpenLDAP Mailing List" <openldap-software@OpenLDAP.org>
Subject: SASL (again)
From: "Justin Schwartz" <justin@ivorytower.co.za>
Date: Fri, 7 Dec 2001 15:55:13 +0200
Importance: Normal

Hi,
  Please, someone MUST know what is going wrong here:
I try:
[root@linux3 tools]# ./ldapsearch -h intranet.ivorytower.co.za
ldap_sasl_interactive_bind_s: No such object

The FAQ says this means "that LDAP SASL authentication function could not
read the Root DSE. "

Can someone tell me how to allow SASL to read the Root DSE?

AND:

[root@linux3 tools]# ./ldapsearch -D "cn=<root>,dc=ivorytower,dc=co,dc=za" -
b "" -I -Y DIGEST-MD5 -h intranet.ivorytower.co.za
SASL/DIGEST-MD5 authentication started
SASL Interaction
Default: ....
Please enter your authentication name: <root>
Please enter your authorization name: <root>
Please enter your password:
ldap_sasl_interactive_bind_s: Unknown error
        additional info: unable to get user's secret


If I do this:

[root@linux3 tools]# ./ldapsearch -D
"cn=<root>,dc=ivorytower,dc=co,dc=za"" -
b "" -Wxs base -LLL supportedSASLMechanisms -h intranet.ivorytower.co.za
Enter LDAP Password:
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5


My slapd.conf:

#sasl-host intranet.ivorytower.co.za  - uncommenting these did not resolve
the issues
#sasl-secprops none
#sasl-realm intranet.ivorytower.co.za
database        ldbm
suffix          "dc=ivorytower,dc=co,dc=za"
rootdn          "cn=<myroot>,dc=ivorytower,dc=co,dc=za"

# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          <whatever>
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory       /usr/local/var/openldap-ldbm
# Indices to maintain
index   objectClass     eq

TLSCertificateFile      /etc/ldap/server.pem
TLSCertificateKeyFile   /etc/ldap/key.pem
TLSCACertificateFile    /etc/ldap/server.pem
TLSCipherSuite DES-CBC3-SHA

Thanks
----------------------//...
Justin Schwartz
Senior Programmer
Ivory Tower Internet Solutions
+27 21 418-8230 (voice)
+27 21 425-4537 (fax)
+27 (0)82 487-3821 (cellular)
justin@ivorytower.co.za (mail)

Follow-Ups:
- Re: SASL (again)
  - From: Todd Lyons <todd@mrball.net>

Prev by Date: Re: one slapd to multiple backends LDAP
Next by Date: RE: SASL (again)
Index(es):
- Chronological
- Thread