Fedora Linux Support Community & Resources Center
  #1  
Old 9th September 2004, 11:47 PM
jimbo Offline
Registered User
 
Join Date: May 2004
Location: Seattle
Posts: 77
openldap config

Hi All,

I'm trying to implement an ldap contact list and am having a heck of a time.

I've got the ldap server running and can get a good response with the following command:
Code:
[root@grower:/etc/openldap] ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: namingContexts
#

#
dn:
namingContexts: dc=fullcirclefarm,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
but when I go to add entries into the database I get the following error:
Code:
[root@grower:/etc/openldap] ldapadd -D "cn=root"

SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (82)
        additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No credentials cache found)
I'm assuming this is an authentication problem with SASL but how do I sort this out. I haven't been able to find any decent documentation on this issue except for setting up ldap as a server authentication method... which is what I don't want. I just want a simple address book!

Any suggestions?
Reply With Quote
  #2  
Old 9th September 2004, 11:55 PM
Rolled_Gold Offline
Registered User
 
Join Date: Aug 2004
Posts: 18
If your running FC2 please post the contents of your /etc/sysconfig/saslauthd file.
Reply With Quote
  #3  
Old 9th September 2004, 11:59 PM
jimbo Offline
Registered User
 
Join Date: May 2004
Location: Seattle
Posts: 77
This one happens to be on FC1 and there isn't an /etc/sysconfig/saslauthd file.
Although there is the corresponding saslauthd init script in /etc/init.d... which is running

What might the contents of the file look like?

Last edited by jimbo; 10th September 2004 at 12:02 AM.
Reply With Quote
  #4  
Old 10th September 2004, 12:21 AM
Rolled_Gold Offline
Registered User
 
Join Date: Aug 2004
Posts: 18
I think the init script will source /etc/sysconfig/saslauthd if it's there in FC1 (going from memory on this). If so you can modify what auth method sasl will do with this line MECH=METHOD (Choose one: getpwent kerberos5 pam rimap shadow ldap).

It looks like is your auth method isn't setup properly. How did you want to do it? PAM is easy but you'll have to start creating shell accounts for all users or get something like pam_mysql. You could point it back towards ldap (if your schema supports auth, but you'll need to bootstrap with another method first). The default behavior for saslauth on FC1 (going from memory again) is inside sasldb.

Trouble shoot the problem with /usr/sbin/testsaslauthd. Once you can authenticate with that command you should be able to update your ldap schema (maybe 8).
Reply With Quote
  #5  
Old 10th September 2004, 01:15 AM
jimbo Offline
Registered User
 
Join Date: May 2004
Location: Seattle
Posts: 77
OK, I've set METHOD=pam in /etc/sysconfig/saslauthd and restarted the service.

I tested with /usr/sbin/testsaslauthd and passed the username and password and recieved:

Code:
0: OK "Success."
So saslauth seems to be working.

I restarted ldap for good measure and tried to add a new entry with the following results:
Code:
[root@grower:/etc/openldap] ldapadd -f ./myldif.ldif -xv -D "cn=root,dc=fullcirclefarm,dc=com" -W
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
Any ideas?

PS Thanks for the help!
Reply With Quote
  #6  
Old 10th September 2004, 01:42 AM
jimbo Offline
Registered User
 
Join Date: May 2004
Location: Seattle
Posts: 77
OK, I might be on to something... I removed the package cyrus-sasl-gssapi.

Now when I try the following:

Code:
ldapadd -D "cn=root" -h localhost
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
        additional info: SASL(-13): user not found: no secret in database
So it looks like I need to tell ldap which sasl mech to use. How do I do that? I don't see anything in /etc/openldap/slapd.conf that looks remotely like such a setting.

Thanks again for your help so far Rolled_Gold!
Reply With Quote
  #7  
Old 10th September 2004, 08:01 PM
Rolled_Gold Offline
Registered User
 
Join Date: Aug 2004
Posts: 18
Unfortunately that is where my knowledge ends...

Perhaps some one else can step in.
Reply With Quote
  #8  
Old 23rd September 2005, 07:15 PM
beta2 Offline
Registered User
 
Join Date: Sep 2004
Posts: 8
I guess you use the non-crypted password. If you specify -x command option for 'ldapadd', it should be ok
Reply With Quote
Reply

Tags
config, openldap

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenLDAP ACL mesh2005 Servers & Networking 0 22nd December 2005 11:47 AM
openldap Galadan Using Fedora 5 29th August 2005 12:21 PM
OpenLDAP dmode Servers & Networking 4 9th August 2005 04:35 AM
system-config-openldap? parkerc Programming & Packaging 4 12th April 2005 11:20 AM
OpenLDAP dabopot Servers & Networking 4 3rd July 2004 01:39 AM


Current GMT-time: 14:36 (Sunday, 23-11-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Balugaon Travel Photos on Instagram - Jining Photos - Roodepoort Travel Photos