[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP sasl authentication from non localhost?

You can try using -h devel.yourdoamin.com
and generate a ssl certificate using the exactly hostname by doing:
# cd /usr/share/ssl/certs/
# make slapd.pem
# chown ldap.ldap slapd.pem


Edward Rudd wrote:

I finally have openldap 2.1.19 up and running and doing sasl
authentication. but only from the local machine.. If I try to run
ldapsearch on another system and use the -h parameter it fails.. ie..
ldapsearch -h devel -U user@dom.tld -b o=MyOrg,c=US
I get back this error

ldap_sasl_interactive_bind_s: Invalid credentials
       additional info: SASL(-13): authentication failure: client
response doesn't match what we generated

Any clue why??

the client machine is running openldap 2.0.27 and cyrus-sasl-1.5.24
(stock RH 7.3)

-- Oliver Schulze L. <oliver@samera.com.py>