Re: OpenLDAP authenticate the username/password with MS-AD?

[OSHIM <mhoshim@gmail.com>]

ldapsearch -LLL -x -H ldap://localhost -s "base" -b "" supportedSASLMechanisms
dn:
supportedSASLMechanisms: ANONYMOUS
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5

also i have this line "sasl-secprops none" in to my /etc/ldap/slapd.conf
 
On Jul 20, 2010, at 7:31 PM, Dan White wrote:

> On 20/07/10 12:44 +0600, OSHIM wrote:
>> ldapsearch  -Y PLAIN -U swimonowar -W -b dc=myproject,dc=net -v -d 1
>> ldap_initialize( <DEFAULT> )
>> ldap_create
>> Enter LDAP Password: ldap_sasl_interactive_bind_s: user selected: PLAIN
>> ldap_int_sasl_bind: PLAIN
>> ldap_new_connection 1 1 0
>> ldap_int_open_connection
>> ldap_connect_to_host: TCP localhost:389
>> ldap_new_socket: 3
>> ldap_prepare_socket: 3
>> ldap_connect_to_host: Trying 127.0.0.1:389
>> ldap_pvt_connect: fd: 3 tm: -1 async: 0
>> ldap_int_sasl_open: host=myproject.net
>> ldap_err2string
>> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>> 
>> getting this error
> 
> Use:
> 
> ldapsearch -LLL -x -H ldap://ldap.example.org -s "base" -b ""
> supportedSASLMechanisms
> 
> to see which mechanisms are offered by the server.
> 
> It appears that you will need to add the following line to your OpenLDAP
> config file (not your SASL config file), to have slapd offer the PLAIN
> mechanism:
> 
> sasl-secprops none
> 
> See the manpage for slapd.conf for additional details. Doing so
> is a security risk, and you should consider using SSL/TLS in a
> production environment.
> 
> -- 
> Dan White