[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Still I am uanble to execute ldapsearch
Try adding the -x option to disable sasl authentication, it worked for me in
most of the ldap tools.
----- Original Message -----
From: "Tim Coote" <tim@tideway.com>
To: <openldap-software@OpenLDAP.org>
Sent: Friday, May 30, 2003 10:11 AM
Subject: RE: Still I am uanble to execute ldapsearch
> Not to the point I know, but shouldn't that be c=gb ? I thought that c
> was the iso code, not the internet tld.
>
> -----Original Message-----
> From: Christian Pohl
> [mailto:list-openldap-software@mail2news-gw.secaron.de]
> Sent: 30 May 2003 12.41
> To: openldap-software@OpenLDAP.org
> Subject: Re: Still I am uanble to execute ldapsearch
>
>
> shreedhar wrote:
> > * If I try to Search
> > [root@devserv /]# /usr/local/bin/ldapsearch -n -h localhost -p 389 -D
> "cn=stix
> > en.co.uk, c=uk" -b "o=stixen.co.uk, o=uk" 'ojectclass=*'
> > SASL/DIGEST-MD5 authentication started
> > Please enter your password:secret (given by me)
> > ldap_sasl_interactive_bind_s: Internal (implementation specific) error
> (80)
> > additional info: SASL(-13): user not found: no secret in
> database
> >
> > May I know where I am going wrong. . I went through www.openldap.org
> documentation file, there is no proper explanation that how to add data
> and search.
> > The following is slapd.conf file and error information which I got.
> >
> > My slapd.conf file is following.
> >
> > # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.7 2003/03/24
> 03:54:12 kurt Exp $
> > #
> > # See slapd.conf(5) for details on configuration options.
> > # This file should NOT be world readable.
> > #
> > include /usr/local/etc/openldap/schema/core.schema
> > include /usr/local/etc/openldap/schema/openldap.schema
> >
> > #include /usr/local/etc/openldap/slapd.at.conf
> > #include /usr/local/etc/openldap/slapd.oc.conf
> >
> > # Define global ACLs to disable default read access.
> >
> > # Do not enable referrals until AFTER you have a working directory
> > # service AND an understanding of referrals.
> > # referral ldap://root.openldap.org
> >
> > pidfile /usr/local/var/slapd.pid
> > argsfile /usr/local/var/slapd.args
> >
> > # Load dynamic backend modules:
> > modulepath /usr/local/libexec/openldap
> > moduleload back_bdb.la
> > moduleload back_ldap.la
> > moduleload back_ldbm.la
> > moduleload back_passwd.la
> > moduleload back_shell.la
> >
> > # Sample security restrictions
> > #
> > # Disallow clear text exchange of passwords
> > disallow bind_simple_unprotected
> > #
> > # Require integrity protection (prevent hijacking)
> > # Require 112-bit (3DES or better) encryption for updates
> > # Require 63-bit encryption for simple bind
> > security ssf=1 update_ssf=112 simple_bind=64
> >
> > # Sample access control policy:
> > # Root DSE: allow anyone to read it
> > # Subschema (sub)entry DSE: allow anyone to read it
> > # Other DSEs:
> > # Allow self write access
> > # Allow authenticated users read access
> > # Allow anonymous users to authenticate
> > # Directives needed to implement policy:
> > # access to dn.base="" by * read
> > # access to dn.base="cn=Subschema" by * read
> > # access to *
> > # by self write
> > # by users read
> > # by anonymous auth
> > #
> > # if no access controls are present, the default policy is:
> > # Allow read by all
> > #
> > # rootdn can always write!
> >
> >
> #######################################################################
> > # ldbm database definitions
> >
> #######################################################################
> >
> > database bdb
> > suffix "dc=my-domain,dc=com"
> > rootdn "cn=Manager,dc=my-domain,dc=com"
> > # Cleartext passwords, especially for the rootdn, should
> > # be avoid. See slappasswd(8) and slapd.conf(5) for details.
> > # Use of strong authentication encouraged.
> >
> > rootpw secret
> > # The database directory MUST exist prior to running slapd AND
> > # should only be accessible by the slapd and slap tools.
> > # Mode 700 recommended.
> > directory /var/local/stixen
> > # Indices to maintain
> >
> >
> > * If I try to add
> > [root@devserv openldap]# /usr/local/bin/ldapadd -n -h localhost -p
> 389 -D "cn=root, o=stixen.co.uk, c=uk" -w secret -f test.ldif
> > !adding new entry "o=stixen.co.uk, c=uk"
> >
> > Where my test.ldif is
> >
> > dn: o=stixen.co.uk, c=uk
> >
> > o: stixen.co.uk
> >
> > objectclass: top
> >
> > objectclass: organization
> > * If I try to Search
> > [root@devserv /]# /usr/local/bin/ldapsearch -n -h localhost -p 389 -D
> "cn=stix
> > en.co.uk, c=uk" -b "o=stixen.co.uk, o=uk" 'ojectclass=*'
> > SASL/DIGEST-MD5 authentication started
> > Please enter your password:secret
> > ldap_sasl_interactive_bind_s: Internal (implementation specific) error
> (80)
> > additional info: SASL(-13): user not found: no secret in
> database
> >
> >
> > Thanks & Regards,
> > Sreedhar
> >
> >
> >
> >
> >
> > Our greatest happiness in life does not depend on the condition of
> life in which chance has placed us, but is always the result of good
> conscience, good health, occupation, and freedom in all just pursuits
> >
> Hi Sreedhar,
>
> in your slapd.conf you gave the user 'cn=Manager,dc=my-domain,dc=com'
> the password 'secret'
>
> 1. your suffix is "dc=my-domain,dc=com" as from slapd.conf. so slapd is
> only "listening" to enties ending with dc=my-domain,dc=com. If you want
> to add your entries you must change the suffix to "o=stixen.co.uk,c=uk"
> (or only c="uk")
>
> 2. your rootdn is "cn=Manager,dc=my-domain,dc=com" so you must connect
> with this one to add entries. ldapadd -D
> "cn=Manager,dc=my-domain,dc=com" -w secret .....
> If you change your suffix you also have to change your root dn:
> cn=Manager,o=stixen.co.uk,c=uk
>
> 3. you have to add the "tree" before you can add the "leaves"
> So 1st add o=stixen.co.uk,c=uk (objectclass organization)
> and 2nd add your user under o=stixen.co.uk,c=uk
>
> 4. be careful with spaces leading or trailing your DNs
>
> Kind regards,
>
> Chris
>
> --
> Christian Pohl
> >|secaron
>
> --
> The From: and Reply-To: addresses are internal news2mail gateway
> addresses.
> Reply to the list or to Christian Pohl <pohl@secaron.de>
>
>