[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with unusual tree structure ...

To: openldap-technical@openldap.org
Subject: Problem with unusual tree structure ...
From: Garry Glendown <garry@glendown.de>
Date: Sat, 11 Jul 2009 07:01:07 +0200
User-agent: Thunderbird 2.0.0.22 (Windows/20090605)

Hi,

I'm trying to authenticate users against an LDAP database ... now, I
already have that running on several servers that use the "normal" tree
setup, something like "cn=username,ou=somebranch,ou=domain,ou=tld", with
a search_base of ou=domain,ou=tld. The place I'm trying to configure it
for now is using a - AFAICT - rather unusal schema, as they have a tree
that uses multiple top level o=, and start underneath there, so there
may by user entries like

	cn=user1,ou=USERS,o=branch1
and	cn=user2,ou=USERS,o=branch2

(historically, ldap trees from several locations were just merged
together, which led to this)

How can I get SASL to search in such a configuration? I already tried a
"ou=USERS,o=*" syntax, which I didn't expect to work (and it didn't)

Also, I know that saslauthd or other apps will need to check the
resulting username/pw, so I tried binding with the DN and PW of an
account, resulting in a "Confidentiality required" ... using ldaps://
notation didn't work, as the remote server (Novell eDirectory) probably
isn't configured for that, and -Z for TLS also fails with

ldap_start_tls: Server is unavailable (52)
        additional info: TLS services are not available

>From what I can find, the message should come up if the server is
configured for requiring secure queries, but then I would expect it to
also be configured to SUPPORT either one of the methods ...

Help appreciated,

-garry

Prev by Date: Multi master topology.
Next by Date: Re: syncrepl randomly failing to sync
Index(es):
- Chronological
- Thread