I am trying to connect the root user through the ldapi:// socket as the admin dn, and I can't make it work.
My cn=config.ldif: dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcLogLevel: none olcPidFile: /var/run/slapd/slapd.pid olcToolThreads: 1 olcTLSCertificateFile: /etc/ldap/certs/pdc.scottgrizzard.com.pem.crt olcTLSCertificateKeyFile: /etc/ldap/certs/pdc.scottgrizzard.com.pem.key olcTLSCACertificateFile: /etc/ldap/certs/scottgrizzard.com-cacert.pem olcTLSVerifyClient: never olcAuthzRegexp: "gidNumber=0\\ +uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=admin,dc=scottgrizzard,dc=com" olcSaslSecProps: minssf=0
When I do ldapwhoami -H ldapi:/// as root, I get SASL/DIGEST-MD5 authentication started Please enter your password:
When I do ldapwhoami -H ldapi:/// -x as root, I get anonymous
Thank you for your help,
Scott Grizzard
On Thu, 8 Jan 2009, Scott Grizzard wrote:
I am trying to connect the root user through the ldapi:// socket as the admin dn, and I can't make it work.
...
olcAuthzRegexp: "gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=admin,dc=scottgrizzard,dc=com"
...
When I do ldapwhoami -H ldapi:/// as root, I get SASL/DIGEST-MD5 authentication started Please enter your password:
When I do ldapwhoami -H ldapi:/// -x as root, I get anonymous
You want it to use SASL EXTERNAL authentication, so try passing ldapwhomai the option -Y EXTERNAL. ldapwhoami -H ldapi:/// -Y EXTERNAL
Philip Guenther
That made it work. I also had to take out two of the back-slashes in olcAuthzRegexp.
Thanks,
Scott Grizzard
On Jan 8, 2009, at 10:48 PM, Philip Guenther wrote:
On Thu, 8 Jan 2009, Scott Grizzard wrote:
I am trying to connect the root user through the ldapi:// socket as the admin dn, and I can't make it work.
...
olcAuthzRegexp: "gidNumber=0\\ +uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=admin,dc=scottgrizzard,dc=com"
...
When I do ldapwhoami -H ldapi:/// as root, I get SASL/DIGEST-MD5 authentication started Please enter your password:
When I do ldapwhoami -H ldapi:/// -x as root, I get anonymous
You want it to use SASL EXTERNAL authentication, so try passing ldapwhomai the option -Y EXTERNAL. ldapwhoami -H ldapi:/// -Y EXTERNAL
Philip Guenther
openldap-software@openldap.org