beatmachine@xxxxxxxxx:
> Hello Andreas, hello Björn,
>
> I have the same problem you seemed to solve with Matthias some days ago, here
> is
> mine:
>
>
> ----- Weitergeleitete Nachricht von beatmachine@xxxxxxxxx -----
> Datum: Tue, 26 Apr 2005 12:04:26 +0200
> Von: beatmachine@xxxxxxxxx
> Betreff: stronger authentication required part II
> An: luma-users@xxxxxxxxxxxxxxxxxxxxx
>
> Hello,
>
> I have the same problem that Matthias posted some days ago:
>
> {"info": "modifications require authentication", "desc": "Strong(er)
> authentication required"}
>
> I tried to disable all ACLs, but I still get the same message.
The specific ACLs requireing stronger authenctication (as described
below) would look something like this:
access to attr=userPassword
by dn="cn=admin,dc=localdomain" write
by ssf=128 anonymous auth
by ssf=128 self write
by * none
What this ACL says, is that rootdn can write/reset/delete
userPassword-attribute, but users can only authenticate and write a new
userPassword if the channel is encrypted (tls/ssl) and then no-one else
get access to userPassword. So look for ssf=128. I don't say that this
is an ACL I recommend (I usually recommend encforcing encrypted writes
for any object/attribute as well as encrypted authentication).
As this really is a general problem with your server setup, try using
your commandline utils (ldapsearch,ldapadd etc) or go ask on IRC channel
#ldap or #luma - so you can get the benifits of collaborative irc
debugging.
> Could one reason be the fact that my "rootpw" in the slapd.conf is SSHA
> encrypted?
> And if so, how do I set the correct encryption in the server preferences of
> Luma
> when there is only SASL-methods to be selected?
Use "Simple" authentication and put your password in the serverdialog in
cleartext.
try this in a python-shell:
>>> import ldap
>>> l = ldap.initialize("ldaps://yourhost:636/")
>>> l.simple_bind_s(<yourbinddn>,<some cleartext password>)
This should work, or alternatively using ldap.open("yourhost") and
turning on tls-encryption instead. Stronger authentication means that
your server wants encrypted authentication.. meaning that the
authentication process must be done using either ssl or tls before doing
write-operations (add,modify,delete).
--
Regards
Bjørn Ove Grøtan
-------------------------------------------------------
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start! http://www.idcswdc.com/cgi-bin/survey?id=105hix
|
