Bug#977123: Aw: Re: Bug#977123: ldapadd: simple authentication works without setting of -x

Werner.Heuser at web.de Werner.Heuser at web.de
Sat Dec 12 14:38:38 GMT 2020 

Hi Quanah,

thank you for your support. I have double checked again:
- I use a static configuration with slapd.conf
- slapd was startet from the command line
- with no ACLs
- no $HOME/.ldaprc
- default Debian /etc/ldap/ldap.conf
- no aliases for ldap-clients

ldapwhoami, ldapsearch _require_ -x for simple binds without SASL
ldapadd, and also ldapdelete work _without_ -x (and of course with -x)
when I try to connect to a slapd running on the same machine.

Best regards,

Werner

> Gesendet: Freitag, 11. Dezember 2020 um 18:02 Uhr
> Von: "Quanah Gibson-Mount" <quanah at symas.com>
> An: werner.heuser at web.de, 977123 at bugs.debian.org
> Betreff: Re: Bug#977123: ldapadd: simple authentication works without setting of -x
>
>
>
> --On Friday, December 11, 2020 8:20 AM +0100 David Damago
> <david.damago at gmx.de> wrote:
>
> > Package: ldap-utils
> > Version: 2.4.47+dfsg-3+deb10u4
> > Severity: minor
> > Tags: upstream
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > Hello,
> >
> > ldapadd used without -x and without SASL of course performs
> > a simple bind and add entries to the OpenLDAP server. Other
> > LDAP clients, e.g. ldapsearch, ldapwhoami, .. still
> > require -x for simple authentication.
> >
> > Thank you,
>
> Hi Werner,
>
> I do not see such behavior when using ldapadd against a publicly available
> ldap server:
>
> root at d10build:/var/log# ldapadd -H ldap://ldap.stanford.edu
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>         additional info: SASL(-4): no mechanism available: No worthy mechs
> found
>
>
> Instead, without -x, ldapadd immediately moves on to trying a SASL bind.
>
> Are you sure there isn't something providing defaults to the ldap client,
> such as an ~/.ldaprc file or modified /etc/ldap/ldap.conf?
>
> Regards,
> Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>

More information about the Pkg-openldap-devel mailing list