[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: No ProxyAuthz with SASL-GSSAPI?

To: openldap-technical@openldap.org
Subject: Re: No ProxyAuthz with SASL-GSSAPI?
From: Jaap Winius <jwinius@umrk.nl>
Date: Mon, 27 Dec 2010 04:49:38 +0100
Content-disposition: inline
In-reply-to: <20101227031344.19073u7h3aiub8mc@bitis.umrk.nl>
References: <20101224032551.90275cxrbw9xmdwc@bitis.umrk.nl> <20101227031344.19073u7h3aiub8mc@bitis.umrk.nl>
User-agent: Internet Messaging Program (IMP) H3 (4.3.8)

Quoting Jaap Winius <jwinius@umrk.nl>:

  adding new entry "cn=ccolumbus,ou=groups,dc=example,dc=com"
  ldap_add: Strong(er) authentication required (8)


There must be something else going on...

Following my own instructions for the simple bind configuration, Ireinstalled both the provider and the consumer, after which proxyauthorization worked as though there had never been a problem. Here'swhat I did:


   http://www.rjsystems.nl/en/2100-d6-openldap-provider.php
   http://www.rjsystems.nl/en/2100-d6-openldap-consumer.php

One important thing that I noticed in the syslog previously, when thetest modification was made from the consumer server, the consumer wasnot binding properly to the provider. IIRC I was seeing this in thesyslog on the provider:


  slapd[1635]: conn=1018 op=0 BIND dn="" method=128

Now it works and I'm seeing:

  slapd[1635]: conn=1018 op=0 BIND dn="cn=ldaps2,dc=example,dc=com" method=128

This is now followed by a PROXYAUTHZ log entry, which did not appearbefore. I would not be at all surprised that if next I reinstall mySASL-GSSAPI test system, it will simply work.

Any idea what might cause a consumer, in a previously functioningsystem, to suddenly stop binding properly to its provider?


Thanks,

Jaap

References:
- No ProxyAuthz with SASL-GSSAPI?
  - From: Jaap Winius <jwinius@umrk.nl>
- Re: No ProxyAuthz with SASL-GSSAPI?
  - From: Jaap Winius <jwinius@umrk.nl>

Prev by Date: Re: No ProxyAuthz with SASL-GSSAPI?
Next by Date: Problem starting ldap 2.4
Index(es):
- Chronological
- Thread