I am trying to setup OpenLDAP client with user/password authenticated
bind to authenticate against an OpenLDAP server.
This is how my /etc/ldap.conf look like
nss_map_attribute uniqueMember member
binddn cn=Administrator,dc=my_comp,dc=com <============ I am giving
the root DN
If I give the root DN, it works, But, if I give a non-root DN in
binddn, I get "invalid credentials (49)" error.
Does OpenLDAP server always require root DN for binding ?.
Is there a way to provide non-root DN for binddn ?
I'm using both libldap and libsasl2 in my application on Mac OS X. libldap itself uses libsasl2 internally on that platform, and it changes some of the libsasl2 globals (namely the mutex functions) during its initialization. My app uses libldap only in response to user actions, so libldap initialization happens at a fairly random time. This means the libsasl2 globals end up changing on me after I've been using libsasl2 for awhile in my app's lifecycle, and I end up getting random crashes because the mutex functions are all different from when I initially created the sasl client connection.
So, my solution to this was to initialize libldap myself on app launch so that it can set up the libsasl2 environment as it wants to. I looked at the manual page for ldap(3) and ldap_initialize(3), and they seemed to suggest that I should use ldap_get_option to initialize OpenLDAP. Which option should I ask for though? I tried LDAP_OPT_API_INFO, but that ends up doing a DNS query which can really balloon my launch time depending on my network configuration. Is there a better option I could do that basically does nothing but initialize a few innocuous OpenLDAP globals without doing a significant amount of work?
-----BEGIN PGP SIGNED MESSAGE-----
is there a way to disable uniqueness checking for replicated content?
Our problem is that we have a database with no uniqueness checking and
when trying to replicate to an enforcing one, it rejects the first
offending entry and makes both nodes trying to restart the replication
again and again, eating both traffic and cpu capacity.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.