Bug#977123: ldapadd: simple authentication works without setting of -x
Quanah Gibson-Mount
quanah at symas.com
Fri Dec 11 17:02:13 GMT 2020
--On Friday, December 11, 2020 8:20 AM +0100 David Damago
<david.damago at gmx.de> wrote:
> Package: ldap-utils
> Version: 2.4.47+dfsg-3+deb10u4
> Severity: minor
> Tags: upstream
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello,
>
> ldapadd used without -x and without SASL of course performs
> a simple bind and add entries to the OpenLDAP server. Other
> LDAP clients, e.g. ldapsearch, ldapwhoami, .. still
> require -x for simple authentication.
>
> Thank you,
Hi Werner,
I do not see such behavior when using ldapadd against a publicly available
ldap server:
root at d10build:/var/log# ldapadd -H ldap://ldap.stanford.edu
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available: No worthy mechs
found
Instead, without -x, ldapadd immediately moves on to trying a SASL bind.
Are you sure there isn't something providing defaults to the ldap client,
such as an ~/.ldaprc file or modified /etc/ldap/ldap.conf?
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
More information about the Pkg-openldap-devel
mailing list