[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: config backend with SASL



> Hi,
>
> I've posted the following question, but no one seemed to answer it. I
> guess that I'm missing something trivial. I would appreciate if someone
> could help.
>
> Thanks,
>   Eran
>
> // Original message
> ///////////////////
>
> Hi,
>
> I've added SASL configuration to the test slapd that I'm using. I've
> added the following to the slapd.conf:
>
> disallow bind_simple
> disallow bind_anon
> sasl-secprops noanonymous
> sasl-host localhost
>
> #######################################################################
> # BDB database definitions
> #######################################################################
>
> I've added a test user using the saslpasswd2 utility. When I'm trying to
> access the bdb database, everything seems to be OK. But, when I try to
> search the "cn=config" sub tree, I get the following:
>
> ldapsearch -a always -O noanonymous -U erantest@eranl -Y login -w
> password -b "cn=schema,cn=config"
> SASL/LOGIN authentication started
> SASL username: erantest@eranl
> SASL SSF: 0
> # extended LDIF
> #
> # LDAPv3
> # base <cn=schema,cn=config> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 4
> result: 50 Insufficient access
>
> # numResponses: 1
>
> Can someone please explain what I'm missing here.

Did you set that user (actually, the DN it's expanded as; see authz-regexp
in slapd.conf(5)) as the rootdn of the config database?  For example,

database config
rootdn "uid=erantest,cn=eranl,cn=login,cn=auth"

p.




Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------