[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch for digest-md5

To: Alex Samad <alex@samad.com.au>, openldap-software@openldap.org
Subject: Re: ldapsearch for digest-md5
From: Radhakrishnan Balasubramanian <bkrishna79@yahoo.com>
Date: Wed, 31 Jan 2007 22:16:31 -0800 (PST)
In-reply-to: <20070129214233.GK25822@samad.com.au>

Hi ,

I am not looking for -x option. My question was how to
do ldapsearch for digest-md5 without using -U option.

Problem is when I do ldapsearch with only DN (-D
option in the ldapsearch), ldapsearch fails.

ldapsearch -Y digest-md5 -D
> > >"uid=pokemon,ou=People,dc=cisco,dc=com" -w
> pokemon123
> > >SASL/DIGEST-MD5 authentication started
> > >ldap_sasl_interactive_bind_s: Invalid credentials
> (49)
> > >        additional info: SASL(-13):
> authentication
> > >failure: client response doesn't match what we
> > >generated
------------------------------------------
When I give -U option in the ldapsearch, it is
successful. But I dont want -U option to be included,I
want to do sasl bind only with DN option in the
ldapsearch. Hope this is clear.

[root@bldrldap ~]# ldapsearch -Y digest-md5 -U pokemon
-w pokemon123 -b "" -s base uid=pokemon
SASL/DIGEST-MD5 authentication started
SASL username: pokemon
SASL SSF: 128
SASL installing layers
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: uid=pokemon
# requesting: ALL
#

# search result
search: 3
result: 0 Success

# numResponses: 1

Thanks,
Radhakrishnan
-------------------------------------------------
--- Alex Samad <alex@samad.com.au> wrote:

> On Mon, Jan 29, 2007 at 07:40:02AM -0800, Kurt
> Zeilenga wrote:
> > 
> > On Jan 29, 2007, at 3:06 AM, Radhakrishnan
> Balasubramanian wrote:
> > 
> > >Hi All,
> > >
> > >I have Openldap Server -2.2.13 with Cyrus SASL
> > >configured.
> > >
> > >I am trying to do ldapsearch for digest-md5 .I am
> > >getting the following error :
> > >
> > > ldapsearch -Y digest-md5 -D
> > >"uid=pokemon,ou=People,dc=cisco,dc=com" -w
> pokemon123
> > >SASL/DIGEST-MD5 authentication started
> > >ldap_sasl_interactive_bind_s: Invalid credentials
> (49)
> > >        additional info: SASL(-13):
> authentication
> > >failure: client response doesn't match what we
> > >generated
> > >
> > >
> > >But ldapsearch with -U option is successful.
> Please
> > >let me know what need to be done on my LDAP
> server for
> > >making ldapsearch sucessful without using -U
> (SASL
> > >authentication identiy) and using only -D option
> .
> > 
> > Per the LDAP technical specifications, slapd(8)
> ignores
> > any bind DN providing in a SASL bind request.
> > 
> > Without a -U, Cyrus SASL is left to select the
> authentication
> > identity.  If you don't like that selection, the
> best option
> > is to use -U (that's what its for).
> 
> maybe he is looking for -x ?
> > 
> > Kurt
> > 
> > >
> > >Thanks,
> > >RK
> > >
> > >
> > >
> >
>
>______________________________________________________________________
> 
> > >______________
> > >Don't get soaked.  Take a quick peak at the
> forecast
> > >with the Yahoo! Search weather shortcut.
> >
>
>http://tools.search.yahoo.com/shortcuts/#loc_weather
> > >
> > 
> > 
> 



 
____________________________________________________________________________________
Want to start your own business?
Learn how on Yahoo! Small Business.
http://smallbusiness.yahoo.com/r-index

Follow-Ups:
- Re: ldapsearch for digest-md5
  - From: Matthew Backes <mbackes@symas.com>

Prev by Date: Re: SASL GSSAPI authentication with Sun Java Directory Server 5.2P4
Next by Date: Multi Master Enviornment for Openldap 2.3
Index(es):
- Chronological
- Thread