Fixed: Newbie: ldap_bind: Inappropriate authentication (48)

[Steve Revilak <srevilak@speakeasy.net>]

Steve Revilak wrote:

>> Working through the quick-start section of
>> http://www.openldap.org/doc/admin22/quickstart.html, I can't get by
>> step 2, "Add initial entries to your directory."

>>  $ ldapadd -w secret -x  -D "cn=Manager,dc=s,dc=com" -f record.ldif
>>  Enter LDAP Password: [type `secret' here]
>>  ldap_bind: Inappropriate authentication (48)

>> Running slapd with `-d 192' I can see it reading the rootdn and rootpw
>> attributes from slapd.conf, but it still doesn't seem to accept the
>> `rootpw' value.

I found out what the problem was.

The OpenLDAP that comes with Mac OS X doesn't permit the use of clear
text passwords.

After changing this:

  rootpw secret

to this

  rootpw {SSHA}YvMamu2PMIqF4bEfGnT9USzdUbvVsqKm

The `inappropriate authentication' errors went away.

The _truly_ embarrassing thing about this is that the change was made
as a result of a bug I reported in one of their account manipulation
utilities.  I knew their change applied to `userPassword' attributes,
but didn't realize it also applied to the `rootpw' configuration
directive.

<slap!/>

Anyway, works great now - thanks for the suggestions.

Steve