Question about LDAP backend

Javier Palacios javiplx at gmail.com
Wed Jul 25 05:26:56 EDT 2012 

On Tue, Jul 24, 2012 at 6:09 PM, Oliver Loch <o.loch at gmx.net> wrote:

> you have to map the local UID to the corresponding ldap-user.
>
>
ldapi was working right (I've done a similar job using heimdal instead of
MIT).

But looks like ldapi is just ignored by kdb5_ldap_util. Does anyone else
have some idea or should I file a bug report?


slapd running as
# /usr/sbin/slapd -h ldap:/// -h ldapi:/// -u ldap -4 -d 32 -d 64 -d 128 -d
256
# ldapwhoami -H ldapi:/// -Y EXTERNAL
conn=0 fd=11 ACCEPT from PATH=/var/run/ldapi (PATH=/var/run/ldapi)
conn=0 op=0 BIND dn="" method=163
SASL [conn=0] Error: unable to open Berkeley db /etc/sasldb2: No such file
or directory
conn=0 op=0 BIND
authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
conn=0 op=0 BIND dn="cn=administrator,dc=javiplx,dc=local" mech=EXTERNAL
sasl_ssf=0 ssf=71
conn=0 op=0 RESULT tag=97 err=0 text=
conn=0 op=1 WHOAMI
conn=0 op=1 RESULT oid= err=0 text=
conn=0 op=2 UNBIND
conn=0 fd=11 closed
connection_read(11): no connection!
# kdb5_ldap_util -H ldapi:/// create -r JAVIPLX.LOCAL -s
kdb5_ldap_util: LDAP bind dn value missing  while initializing database
Does not even attemtp to use ldap


kdb5_ldap_util -D "cn=administrator,dc=javiplx,dc=local" -H ldapi:///
create -r JAVIPLX.LOCAL -s
conn=3 fd=11 ACCEPT from PATH=/var/run/ldapi (PATH=/var/run/ldapi)
conn=3 op=0 BIND dn="cn=administrator,dc=javiplx,dc=local" method=128
conn=3 op=0 RESULT tag=97 err=49 text=
conn=3 fd=11 closed (connection lost)
asks password for the supplied binddn, which is by far not the desired
ldapi behaviour (same using -D "")


kdb5_ldap_util -D "cn=administrator,dc=javiplx,dc=local" -H ldapi:///
create -r JAVIPLX.LOCAL -s
conn=0 fd=11 ACCEPT from PATH=/var/run/ldapi (PATH=/var/run/ldapi)
conn=0 op=0 BIND dn="cn=administrator,dc=javiplx,dc=local" method=128
conn=0 op=0 BIND dn="cn=administrator,dc=javiplx,dc=local" mech=SIMPLE ssf=0
conn=0 op=0 RESULT tag=97 err=0 text=
This is the result if I enable rootpw on slapd.conf, and looks like it is
using simple authentication.

More information about the Kerberos mailing list