Hi Quanah, thank you for your support. I have double checked again: - I use a static configuration with slapd.conf - slapd was startet from the command line - with no ACLs - no $HOME/.ldaprc - default Debian /etc/ldap/ldap.conf - no aliases for ldap-clients
ldapwhoami, ldapsearch _require_ -x for simple binds without SASL ldapadd, and also ldapdelete work _without_ -x (and of course with -x) when I try to connect to a slapd running on the same machine. Best regards, Werner > Gesendet: Freitag, 11. Dezember 2020 um 18:02 Uhr > Von: "Quanah Gibson-Mount" <qua...@symas.com> > An: werner.heu...@web.de, 977...@bugs.debian.org > Betreff: Re: Bug#977123: ldapadd: simple authentication works without setting > of -x > > > > --On Friday, December 11, 2020 8:20 AM +0100 David Damago > <david.dam...@gmx.de> wrote: > > > Package: ldap-utils > > Version: 2.4.47+dfsg-3+deb10u4 > > Severity: minor > > Tags: upstream > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > Hello, > > > > ldapadd used without -x and without SASL of course performs > > a simple bind and add entries to the OpenLDAP server. Other > > LDAP clients, e.g. ldapsearch, ldapwhoami, .. still > > require -x for simple authentication. > > > > Thank you, > > Hi Werner, > > I do not see such behavior when using ldapadd against a publicly available > ldap server: > > root@d10build:/var/log# ldapadd -H ldap://ldap.stanford.edu > ldap_sasl_interactive_bind_s: Unknown authentication method (-6) > additional info: SASL(-4): no mechanism available: No worthy mechs > found > > > Instead, without -x, ldapadd immediately moves on to trying a SASL bind. > > Are you sure there isn't something providing defaults to the ldap client, > such as an ~/.ldaprc file or modified /etc/ldap/ldap.conf? > > Regards, > Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >
