Hi,
I am trying to setup a chaining configuration, all seems to work except that is i try to add/modify/del i get the message Strong auth required. Can someone help met out?
Part of Chain server config:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
overlay chain chain-uri "ldap://10.253.2.7" chain-idassert-bind bindmethod="simple" binddn="xxxx" credentials="xxxxx" mode="self" chain-tls start chain-return-error TRUE
access to * by * read
pidfile /var/run/slapd-test-chain.pid argsfile /var/run/slapd-test-chain.args
allow bind_v2
####################################################################### # BDB database definitions #######################################################################
database bdb
overlay syncprov #sessionlog 666 10000 syncprov-checkpoint 100 10 syncprov-sessionlog 100
suffix "dc=test,c=test"
# Access database admin rootdn "xxxx" rootpw xxxxx
syncrepl rid=444 provider=ldap://10.253.2.9:389 bindmethod=simple binddn="xxxxx" credentials=xxxx searchbase="dc=test,c=test" schemachecking=off type=refreshAndPersist retry="60 +" updateref "ldap://10.253.2.9"
Hi,
I finally fixed the authentication error but if i try to update a record i get :
conn=1 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037" conn=1 op=0 RESULT tag=120 err=2 text=unsupported extended operation
Can someone please give me a suggestion for this? I use openldap 2.4.17 The strange thing is that i use config files which work under 2.4.11
Thanx in advance, robin
Van: openldap-technical-bounces+robin.steinmetz=microbais.nl@OpenLDAP.org [mailto:openldap-technical-bounces+robin.steinmetz=microbais.nl@OpenLDAP.org] Namens Steinmetz, Robin Verzonden: vrijdag 7 augustus 2009 12:03 Aan: 'openldap-technical@openldap.org' Onderwerp: Strong authentication required error
Hi,
I am trying to setup a chaining configuration, all seems to work except that is i try to add/modify/del i get the message Strong auth required. Can someone help met out?
Part of Chain server config:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
overlay chain chain-uri "ldap://10.253.2.7" chain-idassert-bind bindmethod="simple" binddn="xxxx" credentials="xxxxx" mode="self" chain-tls start chain-return-error TRUE
access to * by * read
pidfile /var/run/slapd-test-chain.pid argsfile /var/run/slapd-test-chain.args
allow bind_v2
####################################################################### # BDB database definitions #######################################################################
database bdb
overlay syncprov #sessionlog 666 10000 syncprov-checkpoint 100 10 syncprov-sessionlog 100
suffix "dc=test,c=test"
# Access database admin rootdn "xxxx" rootpw xxxxx
syncrepl rid=444 provider=ldap://10.253.2.9:389 bindmethod=simple binddn="xxxxx" credentials=xxxx searchbase="dc=test,c=test" schemachecking=off type=refreshAndPersist retry="60 +" updateref "ldap://10.253.2.9"
Steinmetz, Robin wrote:
conn=1 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037" conn=1 op=0 RESULT tag=120 err=2 text=unsupported extended operation
This is the StartTLS extended operation for enabling an encrypted channel in an existing LDAP connection.
It seems your OpenLDAP server installation is not build with SSL/TLS support or it's not enabled in your server's configuration.
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Steinmetz, Robin