Re: invalid credential

[Andrew Findlay <andrew.findlay@skills-1st.co.uk>]

On Fri, Apr 24, 2009 at 08:41:02PM +0800, owen nirvana wrote:

> I try to search in Apache Directory Studio, perl , java,  but in term
> , I input "ldapsearch -D "cn=admin.dc=xxx,dc=org"  -b "dc=xxx,dc=org"
> "(objectClass=*)" -W
> 
> echo:
> >>  Digest/SASL MD5 start
> invalid credential

The ldap command-line tools will try to use SASL by default (this is
required by the LDAP standard). If you have not configured SASL then
you need to specify the -x flag to turn it off.

> I don't know how to configure slapd.conf to solve the problem

If you want to use SASL, read the SASL section of the Admin Guide:

http://www.openldap.org/doc/admin24/sasl.html

As a minimum you will need to store plain-text passwords and set up
some ID mapping if you plan to use the DIGEST-MD5 mechanism.

SASL is not essential, and in many environments it is sufficient to use
plain password authentication along with TLS encryption of sessions.
SASL is more likely to be useful if you have a Kerberos environment
already.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------