On Jul 14, 2011, at 12:32 PM, Rob McBroom wrote:
> On Jul 14, 2011, at 2:41 PM, Craig White wrote:
>
>> doesn't appear to actually do anything other than bind - I don't see the
>> results of any search operation when I run slapd trace level (-d 1)
>
> It’s reporting error 53 when you bind, which is “unwilling to perform”. I
> think the only time I’ve seen that is using proxy authorization for chained
> updates (which are already proxied). But that wouldn’t explain this. It could
> be something with the access rules. For instance, my server won’t accept
> simple authentication unless TLS or SSL are used (but I had to explicitly
> configure that). Are you able to bind with that user from the command line?
>
> Or another approach: It looks like you were able to get the details for that
> host anonymously on the command-line. Is there any reason you want Puppet to
> authenticate when searching?
----
Yes, I allow an anonymous bind to read from there but my ultimate plan is to
try to get foreman to write configurations there which is why I need to bind as
a user - which does work from CLI (obviously I can't use %s as in the filter)
# ldapsearch -x '(&(objectclass=puppetClient)(cn=ubuntu5.ttinet))' -D
'cn=admin,dc=ttinet,dc=local' -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=ttinet,dc=local> (default) with scope subtree
# filter: (&(objectclass=puppetClient)(cn=ubuntu5.ttinet))
# requesting: ALL
#
# ubuntu5.ttinet, Hosts, ttinet.local
dn: cn=ubuntu5.ttinet,ou=Hosts,dc=ttinet,dc=local
objectClass: device
objectClass: top
objectClass: puppetClient
objectClass: ipHost
ipHostNumber: 10.1.1.13
environment: production
cn: ubuntu.ttinet
cn: ubuntu5.ttinet
puppetClass: baseclass
puppetClass: nginx::configure: {$fqdn}
puppetClass: nginx::vhost: {$fqdn: port => 80, ssl => false, priority => 10, p
assenger_enable => 'Yes', serveraliases => ['alias1', 'alias2']}
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
same user/password as I have configured in puppet.conf
It does happen to work if I comment out the username & password
It doesn't work even if I use rootbinddn and rootbinddn password
;-(
Craig
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
