The other possible problem Gordon thought of was that maybe our kerberos
severs didn't know about these two principals. Doing a klist after doing
a ldapsearch or ldapmodify did not show me the necessary tickets; for
ldapserver and x500dsa. I was told by the people maintaining our kerberos
servers that it does recognize the principals by using
/usr/bin/ksrvtgt/name instance [ [realm] srvtab]
However if I do this I only get one
ticket at a time, i.e. if I ask for ldapserver I will get it, but when I
ask for x500dsa I will get x500dsa and lose ldapserver. Even when I have
a ldapserver ticket I can not authenticate to do any modifications or
searches binded. The only way I can modify is by binding as rootdn
also. Does anyone have any input? I really need the ability to
authenticate. Any help would be greatly appreciated. Thanks!
Chris
On Wed, 7 Aug 1996, Chris Irwin wrote:
> I am having all kinds of trouble with user authentication ( I keep
> getting "ldap_modify: Insufficient access" when trying to modify
> entries using ldapmodify. What is the best way to find out why this
> message is being sent back when I know that I am sending in the correct
> userPassword for the binding DN. The only way that I can modify is by
> binding as the rootdn.
>
> Any help is greatly appreciateed.
>
> Chris
> --
> Christopher S. Irwin
> Concept Five Technologies, Inc. Phone: 703-610-1920
> 7525 Colshire Drive Fax: 703-610-1853
> McLean Virginia 22102-7400 Email: cirwin@concept5.com
>