[Date Prev][Date Next] [Chronological] [Thread] [Top]

still "more results to return"

Hi all,

I am running RHEL 3ES (2.4.21-9.EL), openldap-2.1.25, cyrus-sasl-2.1.17.

I have searched everywhere, broken and fixed sasl, read the howto's,
followed the directions.  I still get "ldap_sasl_interactive_bind_s:
More results to return" every time I try a DIGEST-MD5 connection to my
ldap server.  If I use -x everything is fine.

When I do this from the http://www.tldp.org/HOWTO/LDAP-HOWTO/sasl.html
doco, ldapsearch -U admin@rdnt03 -b 'o=Ever' '(objectclass=*)' (changing
attributes to match my ldap server) I get this result:
"ldap_sasl_interactive_bind_s: No such object"

When I do this: ldapsearch -U admin@doc1.cpc.net.au -b "dc=cpc"
'(objectclass=*)' -Y DIGEST-MD5

I get this result:
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: More results to return

Does anyone know what this means?  Is this the expected result of
properly configured ldap and sasl server?

password-hash   {CLEARTEXT}
sasl-host doc1.cpc.net.au
sasl-secprops noplain noanonymous maxssf=128
#sasl-regexp uid=(.*)cn=doc1.cpc.net.au,cn=digest-md5,cn=auth
sasl-regexp uid=(.*),cn=digest-md5,cn=auth

supported mechs:
supportedLDAPVersion: 3
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: ANONYMOUS

It is my understanding that I don't have to saslpasswd2 every user into
the sasldb and that I can authenticate against cleartext passwords
stored only in my ldap server. Am I wrong in this assumption?  Where can
I find the definitive howto for openldap and sasl digest-md5.  I already
have the O'Reilly book.


dennis <dennis@utiba.com>