[Date Prev][Date Next]
Re: ldapsearch and sasl
Dieter Kluenter wrote:
Actually it's irrelevant. Without "-x" it will perform a SASL Bind and
then the DN specified by -D is ignored.
"James Wilde" <firstname.lastname@example.org> writes:
With option -D you define a distinguished name, thus you have to initiate a
and get a full listing from the ldap directory.
However, I cannot run:
ldapsearch -b dc=glocalnet,dc=net -D cn=Manager,dc=glocalnet,dc=net
When I try, I get the following error message:
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
additional info: SASL(-13): user not found: no secret in
simple bind with option -x and a password option -W or -w, see man
ldapsearch(1) for more information.
this is not a configuration parameter in /etc/openldap/slapd.conf.
I have the following lines in slapd.conf:
Perhaps he meant /usr/lib/sasl2/slapd.conf.
If that's the case, this is a problem because saslauthd only supports
cleartext authentication mechanisms, not DIGEST-MD5. DIGEST-MD5 will
only work with an auxprop (which is the default) mech. You're better off
not creating /usr/lib/sasl2/slapd.conf and just running with the default
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support