[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: How to confirm --enable-local



>> -----Original Message-----
>> From: owner-openldap-software@OpenLDAP.org
>> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Pierangelo
> Masarati
>
>> > esmtp# /etc/rc.d/slapd stop
>> > Stopping slapd.
>> > Waiting for PIDS: 83391.
>> > esmtp# /usr/local/libexec/slapd -h
>> > 'ldapi://%2fvar%2frun%2fopenldap%2fldapi/' esmtp# chmod 777
>> > /var/run/openldap/ldapi
>> > esmtp# ldapadd -f test.ldif -H
>> > 'ldapi://%2fvar%2frun%2fopenldap%2fldapi/' adding new entry
>> > "ou=Test,dc=webtent,dc=net"
>> > ldapadd: update failed: ou=Test,dc=webtent,dc=net
>> > ldap_add: Strong(er) authentication required (8)
>> >         additional info: modifications require authentication
>>
>> Sorry, I overlooked your message.  Writes do require authentication,
>> regardless of what ACLs say.  You need to disable this check by using
>> "allow update_anon", see slapd.conf(5).
>
> This step should not be necessary; a functional ldapi session should be
> fully authenticated using SASL/EXTERNAL. Of course, if this particular
> OpenLDAP was built without SASL support, that may explain why none of
> this is getting authenticated...

I think I over-overlooked his message.  My understanding was that he was
trying to use local listener and filesystem permissions to get around the
need to authenticate for very efficient local operations on the directory.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it