Quoting Jaap Winius jwinius@umrk.nl:
adding new entry "cn=ccolumbus,ou=groups,dc=example,dc=com" ldap_add: Strong(er) authentication required (8)
There must be something else going on...
Following my own instructions for the simple bind configuration, I reinstalled both the provider and the consumer, after which proxy authorization worked as though there had never been a problem. Here's what I did:
http://www.rjsystems.nl/en/2100-d6-openldap-provider.php http://www.rjsystems.nl/en/2100-d6-openldap-consumer.php
One important thing that I noticed in the syslog previously, when the test modification was made from the consumer server, the consumer was not binding properly to the provider. IIRC I was seeing this in the syslog on the provider:
slapd[1635]: conn=1018 op=0 BIND dn="" method=128
Now it works and I'm seeing:
slapd[1635]: conn=1018 op=0 BIND dn="cn=ldaps2,dc=example,dc=com" method=128
This is now followed by a PROXYAUTHZ log entry, which did not appear before. I would not be at all surprised that if next I reinstall my SASL-GSSAPI test system, it will simply work.
Any idea what might cause a consumer, in a previously functioning system, to suddenly stop binding properly to its provider?
Thanks,
Jaap