[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Newbie LDIF question

To: Buchan Milne <bgmilne@staff.telkomsa.net>
Subject: Re: Newbie LDIF question
From: Steve Parker <steve@itops.com>
Date: Fri, 16 Sep 2005 10:07:02 +0100
Cc: Openldap-Software <openldap-software@OpenLDAP.org>
In-reply-to: <200509161028.18228.bgmilne@staff.telkomsa.net>
References: <4329F4B5.3000003@itops.com> <200509161028.18228.bgmilne@staff.telkomsa.net>
User-agent: Debian Thunderbird 1.0.2 (X11/20050602)

Buchan Milne wrote:

Problems I see here are:
1)No authz-regexp
You probably need something like: authz-regexp UID=([^,]*),CN=DIGEST-MD5,CN=auth cn=$1,dc=itops,dc=com

I've added this to slapd.conf and restarted slapd; no change though. The ldapwhoami works just as well with or without this line; ldapadd still errs exactly as before.

2)Your comment on the rootpw from the 2nd snippet implies you were using an encrypted rootpw, this won't work with digest-md5.

Fair enough, I can see that now you mention it.

Before you debug your LDIF further, make sure you can authenticate your rootdn:
# ldapwhoami -U Manager -W -Y DIGEST-MD5

root@ldap1 # ldapwhoami -U Manager -W -Y DIGEST-MD5
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
SASL username: Manager
SASL SSF: 128
SASL installing layers
dn:uid=manager,cn=digest-md5,cn=auth
root@ldap1 #

That works; I do seem to be communicating with the server, which is what makes me think it's a problem with my LDIFs, though as I'm new here, I'm trying to avoid assumptions!

Steve.

Follow-Ups:
- Re: Newbie LDIF question
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

References:
- Re: Newbie LDIF question
  - From: Steve Parker <steve@itops.com>
- Re: Newbie LDIF question
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: Newbie LDIF question
Next by Date: Re: ldap schema
Index(es):
- Chronological
- Thread