[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Newbie: ldap_bind: Inappropriate authentication (48)



Steve Revilak wrote:

I've been attempting to set up a directory using openldap, and I've
run into a roadblock.

Working through the quick-start section of
http://www.openldap.org/doc/admin22/quickstart.html, I can't get by
step 2, "Add initial entries to your directory."

$ ldapadd -w secret -x -D "cn=Manager,dc=s,dc=com" -f record.ldif
Enter LDAP Password: [type `secret' here]
ldap_bind: Inappropriate authentication (48)


ldapadd is not supposed to ask for credentials when run with "-w"; try changing
the order of the args. Usually "-x" comes first, to indicate simple bind, followed
by simple bind parameters "-D <identity>" and "-w <cred>". I'm positive this
is the sequence that is indicated in the guide (except that "-W" is used to be
prompted for the creds...) and I suggest you don't change things randomly when
following directions nless you know what you're doing...


p.

I can add the initial entries via slapadd, but not via the server.
After spending several hours trying to figure out why, I still haven't
been able to get around the problem.  Below are my slapd.conf and the
record.ldif (from above).

I started with no `access to' directives - the ones below were taken
from http://www.openldap.org/faq/data/cache/171.html, and mailing list
posts I've found via google.

Running slapd with `-d 192' I can see it reading the rootdn and rootpw
attributes from slapd.conf, but it still doesn't seem to accept the
`rootpw' value.

Help?

------------ uname ----------------------
# using openldap that comes with the `Client' version Mac OS 10.3
# (version 2.1.22)
$ uname -a Darwin spud.local 7.5.0 Darwin Kernel Version 7.5.0: Thu Aug  5 19:26:16 PDT 2004; root:xnu/xnu-517.7.21.obj~3/RELEASE_PPC  Power Macintosh powerpc
-----------------------------------------

------------ record.ldif ----------------
dn: dc=s,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: s

dn: cn=Manager,dc=s,dc=com
objectclass: organizationalRole
cn: Manager
------------------------------------------

------------- slapd.conf -----------------
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/etc/openldap/schema/core.schema

pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args

access to dn.base="" by * read
access to dn.base="dc=s,dc=com" by * read

access to attr=userpassword
 by self write
 by anonymous auth
 by * none

access to *
 by self write
 by users read
 by anonymous auth

allow bind_v2

#######################################################################
# BDB database definitions
#######################################################################

database dbd
Suffix "dc=s,dc=com"
rootdn "cn=Manager,dc=s,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/lib/openldap-data
# Indices to maintain
index objectClass eq
--------------------------------------------







SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497