On Tue, Dec 28, 2010 at 02:31:44PM -0800, Howard Chu wrote: > ># ldapsearch -s base -b "cn=config" -Y EXTERNAL -H ldapi:/// > >SASL/EXTERNAL authentication started > >ldap_sasl_interactive_bind_s: Inappropriate authentication (48) > > additional info: SASL(-15): mechanism too weak for this user: mech > > EXTERNAL is too weak > > > >So: > >(a) it would be nice to know how to recover from this. If I stop slapd and > >edit /etc/ldap/slapd.d/cn\=config.ldif directly, that seems to be OK, but > >are there any risks in directly manipulating the config in this way? > > The main risk is that if you enter any typos or syntax errors, slapd > will refuse to start. You should probably use slapmodify instead, so > at least you'll get some syntax checking.
That's not in Debian/Ubuntu: r...@noc:~# man slapmodify No manual entry for slapmodify r...@noc:~# dpkg-query -L slapd | grep modify r...@noc:~# apt-cache search slapmodify r...@noc:~# I can't even find it in the latest release (openldap-2.4.23) source tarball. $ grep -R slapmodify . $ find . -name 'slapmod*' $ I see there is slapadd though. Is slapmodify a recent addition? Regards, Brian.
