On Tue, Dec 28, 2010 at 02:31:44PM -0800, Howard Chu wrote:
# ldapsearch -s base -b "cn=config" -Y EXTERNAL -H ldapi:/// SASL/EXTERNAL authentication started ldap_sasl_interactive_bind_s: Inappropriate authentication (48) additional info: SASL(-15): mechanism too weak for this user: mech EXTERNAL is too weak
So: (a) it would be nice to know how to recover from this. If I stop slapd and edit /etc/ldap/slapd.d/cn=config.ldif directly, that seems to be OK, but are there any risks in directly manipulating the config in this way?
The main risk is that if you enter any typos or syntax errors, slapd will refuse to start. You should probably use slapmodify instead, so at least you'll get some syntax checking.
That's not in Debian/Ubuntu:
root@noc:~# man slapmodify No manual entry for slapmodify root@noc:~# dpkg-query -L slapd | grep modify root@noc:~# apt-cache search slapmodify root@noc:~#
I can't even find it in the latest release (openldap-2.4.23) source tarball.
$ grep -R slapmodify . $ find . -name 'slapmod*' $
I see there is slapadd though. Is slapmodify a recent addition?
Regards,
Brian.