Asimananda Mohanty wrote:
Hi Matt,
I just changed the permission level of /etc/sasldb2 from 640 to 644 and
the command "ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com
uid=asimananda" started working fine.
Generally that's a bad idea, since it exposes all of your SASL passwords to
anyone who can access that machine or filesystem. Instead you should just make
sure that slapd is running as a user that belongs to the same group as the
sasldb file, or is the owner of the file.
And of course, the better approach when using SASL is not to use a sasldb file
at all, and just store the SASL secrets in the LDAP directory.
I have one more doubt. The above command works fine and accepts
password
too but when I changed the option "-b" to "-D", it stopped working.
I
read somewhere that -D should not be used with SASL. I am bit confused
about the same.
Thanks for being so helpful.
Thanks all.
Regards
Asimananda
On Mon, Aug 31, 2009 at 6:59 PM, Matt Kassawara <battery(a)writeme.com
<mailto:battery@writeme.com>> wrote:
I recommend reading section 15.2.3 through 15.2.6 of the OpenLDAP
2.4 administrator's guide.
--
-- Howard Chu
CTO, Symas Corp.
http://www.symas.com
Director, Highland Sun
http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
http://www.openldap.org/project/