[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Newbie: ldap_bind: Inappropriate authentication (48)

To: Steve Revilak <srevilak@speakeasy.net>
Subject: Re: Newbie: ldap_bind: Inappropriate authentication (48)
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 11 Sep 2004 12:11:20 -0700
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <Pine.OSX.4.58.0409102352210.11944@spud.local>
References: <Pine.OSX.4.58.0409102352210.11944@spud.local>

I suggest you examine the server's logs to see why
the authentication is inappropriate.  Also note
that 2.1 is now viewed as historic.

Kurt

At 09:27 PM 9/10/2004, Steve  Revilak wrote:
>I've been attempting to set up a directory using openldap, and I've
>run into a roadblock.
>
>Working through the quick-start section of
>http://www.openldap.org/doc/admin22/quickstart.html, I can't get by
>step 2, "Add initial entries to your directory."
>
>  $ ldapadd -w secret -x  -D "cn=Manager,dc=s,dc=com" -f record.ldif
>  Enter LDAP Password: [type `secret' here]
>  ldap_bind: Inappropriate authentication (48)
>
>I can add the initial entries via slapadd, but not via the server.
>After spending several hours trying to figure out why, I still haven't
>been able to get around the problem.  Below are my slapd.conf and the
>record.ldif (from above).
>
>I started with no `access to' directives - the ones below were taken
>from http://www.openldap.org/faq/data/cache/171.html, and mailing list
>posts I've found via google.
>
>Running slapd with `-d 192' I can see it reading the rootdn and rootpw
>attributes from slapd.conf, but it still doesn't seem to accept the
>`rootpw' value.
>
>Help?
>
>------------ uname ----------------------
># using openldap that comes with the `Client' version Mac OS 10.3
># (version 2.1.22)
>$ uname -a Darwin spud.local 7.5.0 Darwin Kernel Version 7.5.0: Thu Aug  5 19:26:16 PDT 2004; root:xnu/xnu-517.7.21.obj~3/RELEASE_PPC  Power Macintosh powerpc
>-----------------------------------------
>
>------------ record.ldif ----------------
>dn: dc=s,dc=com
>objectclass: dcObject
>objectclass: organization
>o: Example Company
>dc: s
>
>dn: cn=Manager,dc=s,dc=com
>objectclass: organizationalRole
>cn: Manager
>------------------------------------------
>
>------------- slapd.conf -----------------
>#
># See slapd.conf(5) for details on configuration options.
># This file should NOT be world readable.
>#
>include         /etc/openldap/schema/core.schema
>
>pidfile         /var/run/openldap/slapd.pid
>argsfile        /var/run/openldap/slapd.args
>
>access to dn.base="" by * read
>access to dn.base="dc=s,dc=com" by * read
>
>access to attr=userpassword
>  by self write
>  by anonymous auth
>  by * none
>
>access to *
>  by self write
>  by users read
>  by anonymous auth
>
>allow bind_v2
>
>#######################################################################
># BDB database definitions
>#######################################################################
>
>database        dbd
>Suffix          "dc=s,dc=com"
>rootdn          "cn=Manager,dc=s,dc=com"
># Cleartext passwords, especially for the rootdn, should
># be avoid.  See slappasswd(8) and slapd.conf(5) for details.
># Use of strong authentication encouraged.
>rootpw secret
># The database directory MUST exist prior to running slapd AND
># should only be accessible by the slapd and slap tools.
># Mode 700 recommended.
>directory       /usr/local/lib/openldap-data
># Indices to maintain
>index   objectClass     eq
>--------------------------------------------

Follow-Ups:
- Fixed: Newbie: ldap_bind: Inappropriate authentication (48)
  - From: Steve Revilak <srevilak@speakeasy.net>

References:
- Newbie: ldap_bind: Inappropriate authentication (48)
  - From: Steve Revilak <srevilak@speakeasy.net>

Prev by Date: Re: Question about fancy replication
Next by Date: mo timeout on ldap_result call in ldap_sasl_bind_s
Index(es):
- Chronological
- Thread