I am working on setting up a provider/consumer setup for openLDAP version 2.4.28. Everything seems to be working other than referrals. I can query the consumers, I can write directly to the provider. But I get the following when I try to sent a ldapmadify to a consumer and it refers it to the provider.
ldapmodify -W -D "uid=ldapadmin,ou=system,dc=example,dc=com" -H ldap://tntest-ldap.example.com -c -f /tmp/epseake.ldif Enter LDAP Password: modifying entry "uid=ESPEAKE,ou=Users,dc=example,dc=com" ldap_modify: Strong(er) authentication required (8)
If I run the modify against the provider with the same credentials it will modify the record. I have added authzTo dn.regex:^uid= [^,]*,ou=system,dc=example,dc=com$. I also added authzTo ldap:///dc=example,dc=com???(objectClass=top) This got rid of my error 10 on the referral but now it is asking for strong(er) authentication. I do have certificates on my servers in the correct locations and olcTLSCertificate statements with the directories for the certs and keys. THis is the final step I hope in getting the test environment completed and ready for testing. All help is appreciated.
Thank you, Eric Speake Web Systems Administrator O'Reilly Auto Parts
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
espeake@oreillyauto.com wrote:
I am working on setting up a provider/consumer setup for openLDAP version 2.4.28. Everything seems to be working other than referrals. I can query the consumers, I can write directly to the provider. But I get the following when I try to sent a ldapmadify to a consumer and it refers it to the provider.
ldapmodify -W -D "uid=ldapadmin,ou=system,dc=example,dc=com" -H ldap://tntest-ldap.example.com -c -f /tmp/epseake.ldif Enter LDAP Password: modifying entry "uid=ESPEAKE,ou=Users,dc=example,dc=com" ldap_modify: Strong(er) authentication required (8)
I think you're running into the issue described in ITS#7381: With cn=config, the first olcChainDatabase entry seems to be ignored after a server restart.
Maybe you could try the workaround from a previous thread about this issue: http://www.openldap.org/lists/openldap-technical/201305/msg00039.html
Best regards, Manuel
openldap-technical@openldap.org