openldap - force simple auth?
Rick Stevens
rstevens at vitalstream.com
Thu Jun 3 01:34:38 UTC 2004
Jason Costomiris wrote:
> On Jun 2, 2004, at 6:09 PM, Rick Stevens wrote:
>
>> Jason Costomiris wrote:
>>
>>> When using ldapadd from the command line, I can force it to use the
>>> rootpw entry in the slapd.conf by using the -x switch.
>>
>>
>> No, the "-x" tells the system to use "simple" authentication. By
>> default, the system attempts to connect via SASL.
>
>
> Interesting notion, unfortunately, it's not the "system". In fact, the
> -x tells ldapadd to use simple authentication, which does not appear to
> be slapd's default. That's what I want. I want slapd to use simple
> auth by default. Surely something this basic must be configurable.
Sorry, I misstated. I shouldn't have said "system". I meant to say
that the "-x" tells the LDAP client (in this case, "ldapadd") to use
simple authentication. If you look at the source of the program, you'll
see that the "-x" tells the program to use ldap_simple_bind() rather
than its default of ldap_sasl_bind().
>> It's not slapd that's the cause, it's the LDAP client. You have to
>> change the PHP code to use "ldap_simple_bind()" rather than
>> "ldap_sasl_bind()". Or convince the authors to make it a configuration
>> option.
>
>
> There's no such function in PHP.
>
> There's only ldap_bind().
>
> http://www.php.net/manual/en/ref.ldap.php
Yes, and PHP wants the server to accept LDAP V2. Make sure you have the
"allow bind_v2" in your slapd.conf file. Restart slapd if you have to
alter that file.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- You know the old saying--any technology sufficiently advanced is -
- indistinguishable from a Perl script -
- --Programming Perl, 2nd Edition -
----------------------------------------------------------------------
More information about the fedora-list
mailing list