[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-users
Subject: [Fedora-directory-users] FDS ldapi autobind problem
From: Andrey Ivanov <andrey.ivanov () polytechnique ! fr>
Date: 2009-02-23 14:30:34
Message-ID: 1601b8650902230630j20e0115h466ebc7e4165eb61 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
When i'm trying to connect to FDS (built from today's cvs) by ldapi as a
root (on RHEL5.2) i have the following error message :
ldapsearch -Y EXTERNAL -H
ldapi://%2fLocal%2fdirsrv%2fvar%2frun%2fslapd-dmz.socket -b
"dc=id,dc=polytechnique,dc=edu" uid=toto
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Inappropriate authentication (48)
additional info: SASL EXTERNAL bind requires an SSL connection
the access log :
[23/Feb/2009:15:22:38 +0100] conn=1 fd=128 slot=128 connection from
localhost to localhost
[23/Feb/2009:15:22:38 +0100] conn=1 op=0 BIND dn="" method=sasl version=3
mech=EXTERNAL
[23/Feb/2009:15:22:38 +0100] conn=1 op=0 RESULT err=48 tag=97 nentries=0
etime=0.003000
[23/Feb/2009:15:22:38 +0100] conn=1 op=-1 fd=128 closed - B1
the dse.ldif lines:
nsslapd-ldapifilepath: /Local/dirsrv/var/run/slapd-dmz.socket
nsslapd-ldapilisten: on
nsslapd-ldapiautobind: on
nsslapd-ldapimaprootdn: cn=Directory Manager
Simple bind is ok (ldapsearch -x -H
ldapi://%2fLocal%2fdirsrv%2fvar%2frun%2fslapd-dmz.socket -b
"dc=id,dc=polytechnique,dc=edu" uid=toto)
access log :
[23/Feb/2009:15:26:11 +0100] conn=3 fd=128 slot=128 connection from
localhost to localhost
[23/Feb/2009:15:26:12 +0100] conn=3 op=0 BIND dn="" method=128 version=3
[23/Feb/2009:15:26:12 +0100] conn=3 op=0 RESULT err=0 tag=97 nentries=0
etime=0.001000 dn=""
[23/Feb/2009:15:26:12 +0100] conn=3 op=1 SRCH
base="dc=id,dc=polytechnique,dc=edu" scope=2 filter="(uid=toto)" attrs=ALL
[23/Feb/2009:15:26:12 +0100] conn=3 op=1 RESULT err=0 tag=101 nentries=1
etime=0.003000
[23/Feb/2009:15:26:12 +0100] conn=3 op=2 UNBIND
[23/Feb/2009:15:26:12 +0100] conn=3 op=2 fd=128 closed - U1
What am i doing wrong in the first case (with EXTERNAL mechanism)? :)
Thank you!
[Attachment #5 (text/html)]
Hi,<br><br><br>When i'm trying to connect to FDS (built from today's cvs) by \
ldapi as a root (on RHEL5.2) i have the following error message :<br><br>ldapsearch \
-Y EXTERNAL -H ldapi://%2fLocal%2fdirsrv%2fvar%2frun%2fslapd-dmz.socket -b \
"dc=id,dc=polytechnique,dc=edu" uid=toto<br> SASL/EXTERNAL authentication \
started<br>ldap_sasl_interactive_bind_s: Inappropriate authentication (48)<br> \
additional info: SASL EXTERNAL bind requires an SSL connection<br><br><br>the access \
log :<br>[23/Feb/2009:15:22:38 +0100] conn=1 fd=128 slot=128 connection from \
localhost to localhost<br> [23/Feb/2009:15:22:38 +0100] conn=1 op=0 BIND \
dn="" method=sasl version=3 mech=EXTERNAL<br>[23/Feb/2009:15:22:38 +0100] \
conn=1 op=0 RESULT err=48 tag=97 nentries=0 etime=0.003000<br>[23/Feb/2009:15:22:38 \
+0100] conn=1 op=-1 fd=128 closed - B1<br> <br><br>the dse.ldif \
lines:<br><br>nsslapd-ldapifilepath: \
/Local/dirsrv/var/run/slapd-dmz.socket<br>nsslapd-ldapilisten: \
on<br>nsslapd-ldapiautobind: on<br>nsslapd-ldapimaprootdn: cn=Directory \
Manager<br><br><br>Simple bind is ok (ldapsearch -x -H \
ldapi://%2fLocal%2fdirsrv%2fvar%2frun%2fslapd-dmz.socket -b \
"dc=id,dc=polytechnique,dc=edu" uid=toto)<br> access log : \
<br>[23/Feb/2009:15:26:11 +0100] conn=3 fd=128 slot=128 connection from localhost to \
localhost<br>[23/Feb/2009:15:26:12 +0100] conn=3 op=0 BIND dn="" method=128 \
version=3<br>[23/Feb/2009:15:26:12 +0100] conn=3 op=0 RESULT err=0 tag=97 nentries=0 \
etime=0.001000 dn=""<br> [23/Feb/2009:15:26:12 +0100] conn=3 op=1 SRCH \
base="dc=id,dc=polytechnique,dc=edu" scope=2 filter="(uid=toto)" \
attrs=ALL<br>[23/Feb/2009:15:26:12 +0100] conn=3 op=1 RESULT err=0 tag=101 nentries=1 \
etime=0.003000<br> [23/Feb/2009:15:26:12 +0100] conn=3 op=2 \
UNBIND<br>[23/Feb/2009:15:26:12 +0100] conn=3 op=2 fd=128 closed - U1<br><br><br>What \
am i doing wrong in the first case (with EXTERNAL mechanism)? :)<br><br>Thank \
you!<br>
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic