[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Kerberos/GSSAPI issues
- To: Howard Chu <hyc@symas.com>
- Subject: Re: Kerberos/GSSAPI issues
- From: Brian Candler <B.Candler@pobox.com>
- Date: Wed, 29 Dec 2010 17:01:08 +0000
- Cc: openldap-technical@openldap.org
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :cc:subject:message-id:references:mime-version:content-type :in-reply-to; s=sasl; bh=fCDFhhmB79SVZChcpEsNdJA/YHc=; b=DS2p54y RRmaQZNX5lhh4O42x8Ku3QLEprYfJuQxmV7nURER0HFTalD/p7gwVhbvsxPDed+M oAfThTQX/1vIcxwi396j6IOAYnkn9PDQrdU48zhzQCi11dl7CHb22zUzI8b/4SWU tw3Wd2jHAAPsm0szsLK6V/Cnc30WWPPcYPDg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=pobox.com; h=date:from:to:cc :subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=sasl; b=tRCiMSzKXroSoOG5Iarr2Ih6LF7DsfikK cNeFcrXmsPCSb+S9hMJSPp9bt6bqUqFPYF7hEv2dyARMZUugdIVlrGtgZAWNBDB1 dBJGkWWOt91Zib1tgyazce+RivY0/lLbDe0RYxI3ExhlyJi0pqRaID73Ttow/p7J y2uNicDitc=
- In-reply-to: <4D1A6550.40905@symas.com>
- References: <20101228092656.GA4437@talktalkplc.com> <20101228094133.GA6687@talktalkplc.com> <4D1A6550.40905@symas.com>
- User-agent: Mutt/1.5.20 (2009-06-14)
On Tue, Dec 28, 2010 at 02:31:44PM -0800, Howard Chu wrote:
> ># ldapsearch -s base -b "cn=config" -Y EXTERNAL -H ldapi:///
> >SASL/EXTERNAL authentication started
> >ldap_sasl_interactive_bind_s: Inappropriate authentication (48)
> > additional info: SASL(-15): mechanism too weak for this user: mech EXTERNAL is too weak
> >
> >So:
> >(a) it would be nice to know how to recover from this. If I stop slapd and
> >edit /etc/ldap/slapd.d/cn\=config.ldif directly, that seems to be OK, but
> >are there any risks in directly manipulating the config in this way?
>
> The main risk is that if you enter any typos or syntax errors, slapd
> will refuse to start. You should probably use slapmodify instead, so
> at least you'll get some syntax checking.
That's not in Debian/Ubuntu:
root@noc:~# man slapmodify
No manual entry for slapmodify
root@noc:~# dpkg-query -L slapd | grep modify
root@noc:~# apt-cache search slapmodify
root@noc:~#
I can't even find it in the latest release (openldap-2.4.23) source tarball.
$ grep -R slapmodify .
$ find . -name 'slapmod*'
$
I see there is slapadd though. Is slapmodify a recent addition?
Regards,
Brian.