[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: No ProxyAuthz with SASL-GSSAPI?



Quoting Jaap Winius <jwinius@umrk.nl>:

  adding new entry "cn=ccolumbus,ou=groups,dc=example,dc=com"
  ldap_add: Strong(er) authentication required (8)

There must be something else going on...

Following my own instructions for the simple bind configuration, I reinstalled both the provider and the consumer, after which proxy authorization worked as though there had never been a problem. Here's what I did:

   http://www.rjsystems.nl/en/2100-d6-openldap-provider.php
   http://www.rjsystems.nl/en/2100-d6-openldap-consumer.php

One important thing that I noticed in the syslog previously, when the test modification was made from the consumer server, the consumer was not binding properly to the provider. IIRC I was seeing this in the syslog on the provider:

  slapd[1635]: conn=1018 op=0 BIND dn="" method=128

Now it works and I'm seeing:

  slapd[1635]: conn=1018 op=0 BIND dn="cn=ldaps2,dc=example,dc=com" method=128

This is now followed by a PROXYAUTHZ log entry, which did not appear before. I would not be at all surprised that if next I reinstall my SASL-GSSAPI test system, it will simply work.

Any idea what might cause a consumer, in a previously functioning system, to suddenly stop binding properly to its provider?

Thanks,

Jaap