[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap queries to w2k3 active directory fails

On Wednesday 17 January 2007 20:04, javier rojas wrote:
> Hello list,
> i have searched and read a lot for the pass days about ldap and active
> directory, i'm trying to  get them to work, but they dont seem to be
> very polite to each other....
> ldapsearch -v d 1 -h w2k3server -p 389 -X "admin"
> i get a list of stuff and the bottom of it i get:
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>                  additional info: SASL (-4): no mechanism avvailable
> what does the -6 and the -4 stands for?, what am i missing?

AD is quite broken in some regards ... the easiest way to use OpenLDAP's 
ldapsearch to search AD is something like:

ldapsearch -x -D username@realm -W

So, if your AD domain is mydomain.com, and your username is fred, then you can 
simply do:

ldapsearch -x -h w2k3server -D fred@mydomain.com -W

(depending on the security policy, you may also need to use SSL)


Buchan Milne
ISP Systems Specialist - Monitoring/Authentication Team Leader

Attachment: pgp4i2LmIFkju.pgp
Description: PGP signature