LDAP: Authenticate when requesting the namingContexts in the root DSE
I go to New Addressbook → Type On LDAP Servers, Connecting to LDAP: server ldap.aegee,org
, port: 389, Encrypton: “STARTTLS”.
Authentication method “Using e-mail address (requires anonymous access to your LDAP server)”. As email address I enter aaa@aegee.org
.
In the “Using LDAP” tab, I select “Find possible search bases”. Evolution does not ask for password and shows one discovered search base.
$ ldapsearch -xLLLZZH ldap://ldap.aegee.org -b "" -s base namingContexts
dn:
namingContexts: dc=aegee,dc=org
$ ldapsearch -YLOGIN -U aaa@aegee.org -w abc -LLLZZH ldap://ldap.aegee.org -b "" -s base namingContexts
SASL/LOGIN authentication started
SASL username: aaa@aegee.org
SASL SSF: 0
dn:
namingContexts: dc=aegee,dc=org
namingContexts: cn=krbcontainer
I do not understand what means “(requires anonymous access to your LDAP serve)” or rather the rationale behind it.
- When requesting the search base, Evolution shall authenticate over ldap.
The same happens in Evolution, when I select “Method: Using distinguished name”, Username: uid=aaa,cn=users,dc=aegee,dc=org
. Then the “requires anonymous access to your LDAP server” hint does not apply (is not displayed). Evolution does not find a second namingContexts.
$ ldapsearch -xD uid=aaa,cn=users,dc=aegee,dc=org -w abc -LLLZZH ldap://ldap.aegee.org -b "" -s base namingContexts
dn:
namingContexts: dc=aegee,dc=org
namingContexts: cn=krbcontainer
See also #1605 (comment 1271033).