[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Newbie: ldap_bind: Inappropriate authentication (48)

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: Newbie: ldap_bind: Inappropriate authentication (48)
From: Steve Revilak <srevilak@speakeasy.net>
Date: Sat, 11 Sep 2004 08:39:53 -0400 (EDT)
In-reply-to: <4142A7D6.10007@sys-net.it>
References: <Pine.OSX.4.58.0409102352210.11944@spud.local> <4142A7D6.10007@sys-net.it>

Steve Revilak wrote:

>>  $ ldapadd -w secret -x  -D "cn=Manager,dc=s,dc=com" -f record.ldif
>>  Enter LDAP Password: [type `secret' here]
>>  ldap_bind: Inappropriate authentication (48)


Pierangelo Masarati wrote:

> ldapadd is not supposed to ask for credentials when run with "-w";
> try changing the order of the args.  Usually "-x" comes first, to
> indicate simple bind, followed by simple bind parameters "-D
> <identity>" and "-w <cred>".  I'm positive this is the sequence that
> is indicated in the guide (except that "-W" is used to be prompted
> for the creds...) and I suggest you don't change things randomly
> when following directions nless you know what you're doing...

My apologies - that was a cut and paste error :(

The exact line from the guide

  ldapadd -x -D "cn=Manager,dc=s,dc=com" -W -f record.ldif

also produces "ldap_bind: Inappropriate authentication (48)".



> ------------ uname ----------------------
> # using openldap that comes with the `Client' version Mac OS 10.3
> # (version 2.1.22)
> $ uname -a Darwin spud.local 7.5.0 Darwin Kernel Version 7.5.0: Thu Aug  5 19:26:16 PDT 2004; root:xnu/xnu-517.7.21.obj~3/RELEASE_PPC  Power Macintosh powerpc
> -----------------------------------------
>
> ------------ record.ldif ----------------
> dn: dc=s,dc=com
> objectclass: dcObject
> objectclass: organization
> o: Example Company
> dc: s
>
> dn: cn=Manager,dc=s,dc=com
> objectclass: organizationalRole
> cn: Manager
> ------------------------------------------
>
> ------------- slapd.conf -----------------
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include		/etc/openldap/schema/core.schema
>
> pidfile		/var/run/openldap/slapd.pid
> argsfile	/var/run/openldap/slapd.args
>
> access to dn.base="" by * read
> access to dn.base="dc=s,dc=com" by * read
>
> access to attr=userpassword
>   by self write
>   by anonymous auth
>   by * none
>
> access to *
>   by self write
>   by users read
>   by anonymous auth
>
> allow bind_v2
>
> #######################################################################
> # BDB database definitions
> #######################################################################
>
> database	dbd
> Suffix		"dc=s,dc=com"
> rootdn		"cn=Manager,dc=s,dc=com"
> # Cleartext passwords, especially for the rootdn, should
> # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw secret
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory	/usr/local/lib/openldap-data
> # Indices to maintain
> index	objectClass	eq
> --------------------------------------------

References:
- Newbie: ldap_bind: Inappropriate authentication (48)
  - From: Steve Revilak <srevilak@speakeasy.net>
- Re: Newbie: ldap_bind: Inappropriate authentication (48)
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: Newbie: ldap_bind: Inappropriate authentication (48)
Next by Date: test - please ignore
Index(es):
- Chronological
- Thread