[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch error with sasl

At 09:21 AM 8/18/2006, chechu chechu wrote:
>i have gssapi correctly installed...

It is unclear to me what you mean by this statement.  I hope
you mean that you have successfully tested, using Cyrus
SASL client/server test programs, authentication using any
and all of the authentication mechanisms you intend to make
use of.  Regardless of what you meant, if you haven't yet
done this, you should go do that before coming here.

>but i get thius error with
>ldapsearch :
>root@shogun:~# ldapsearch -D "cn=admin,dc=ironman,dc=es" -w secret 

It's not clear to me why you specify a bind dn here, however,
I do note that slapd(8), in accordance with the LDAP technical
specification, ignores it of SASL authentication.

It's not clear to me why you specify a password when attempting
SASL/GSSAPI authentication.  Just as when using Cyrus test
programs, you should have acquired any necessary Kerberos
tickets before executing the program.

Lastly, you didn't specify which SASL mechanism to use, so...

>SASL/LOGIN authentication started

you got what ldapsearch(1) determined was the best available

>ldap_sasl_interactive_bind_s: Invalid credentials (49)
>        additional info: SASL(-13): user not found: checkpass failed

Apparently the SASL/LOGIN user you are trying to authenticating
as is not known to SASL (for authenticating via SASL/LOGIN).

>if i do with -x, it works, but I need sasl.
>any help is welcomed