--On Tuesday, September 10, 2019 3:56 PM +0000 Paul Pathiakis <pathia...@yahoo.com> wrote:




Good point.  (I sent these in a follow on post that hasn't shown up yet
I'm also having an issue with reloading a slapd .ldif file from the
previous server to this one.  It's giving me an 'insufficient privileges'
access area and telling me I don't have permissions to the parent.
So.... I really need to figure this out.... I've done this quite a few
times and now I'm having an issue.)

I have to assume that I don't have access to example.com or it's
children.  I just don't understand what I'm missing.

You're making a lot of assumptions about configuration that may or may not be valid.

a) You're assuming there's a DN and a password required. This may or may not be the case depending on how the system is configured. In fact, in the very configuration you presented, the rootDN for the binary db does not take a password at all, but requires a connection as root over ldapi:/// using the SASL/EXTERNAL mechanism:

authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=root,dc=hq,dc=example,dc=com"

In this case, there is neither a DN or a password necessary

b) Configurations may or may not re-use identities. So it's entirely possible there is no DN or password ever required in the case of SASL enabled systems, etc.

Really, the question is, how did you configure your system to behave? If you don't know the answer to that, we can't really help much.

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Reply via email to