[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: rootdn DN is invalid.

To: "'Jeremy Hallum'" <jhallum@umich.edu>, <openldap-software@OpenLDAP.org>
Subject: RE: rootdn DN is invalid.
From: "Howard Chu" <hyc@highlandsun.com>
Date: Fri, 23 Jan 2004 00:03:04 -0800
Importance: Normal
In-reply-to: <m3r7xrp1ln.fsf@marin.l4b.de>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Dieter Kluenter

> Hi,
>
> Jeremy Hallum <jhallum@umich.edu> writes:

> > Sadly, I tried it with those lines, and it doesn't seem to
> > be happy with it.
> >
> > Here's a look at my entire slapd.conf file:
> >
>
> > database        bdb
> > suffix          "dc=astro-lsa-umich,dc=edu"
> > sasl-regexp
> >      uid=(.*),cn=LSA.UMICH.EDU,cn=gssapi,cn=auth
> >      uid=$1,ou=admin,dc=astro-lsa-umich,dc=edu
> > rootdn
> "uid=astrldapadmin,realm=LSA.UMICH.EDU,cn=gssapi,cn=auth"
>                                     ^^^^^^^^^^
> [...]
> realm is an invalid attribute

Of course, the whole point of using a sasl-regexp is to turn the
"xxx,cn=auth" form of DN into one that you can actually use. So keeping that
"xxx,cn=auth" DN in your rootdn directive is completely missing the point.
Given the regexp you used, your rootdn ought to be something like
  rootdn uid=astrldapadmin,ou=admin,dc=astro-lsa-umich,dc=edu

Of course, to use domainComponent as it was intended, your suffix ought to be
   dc=astro,dc=lsa,dc=umich,dc=edu
instead of
   dc=astro-lsa-umich,dc=edu

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- Re: rootdn DN is invalid.
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: rootdn DN is invalid.
Next by Date: Re: rootdn DN is invalid.
Index(es):
- Chronological
- Thread