[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cmusaslsecretPLAIN attribute

John Burian <john@burian.org> writes:

> Dieter Kluenter wrote:
>> From your remarks on CA and certificate a assume that you want to use
>> TLS, while your ldapwhoami seems to indicate that you want to make use
>> of PLAIN mechanism, which is disabled by default, unless you
>> provide a secure transport method, that is either TLS or local socket.
>> Unless you provide more information on the parameters used, no advice
>> can be given.

> Correct, I want to be using SASL/PLAIN over TLS. The following works:
> $ ldapwhoami -x -W -D 'uid=burianj,ou=people,dc=cqcb'
> Enter LDAP Password:
> dn:uid=burianj,ou=People,dc=cqcb
> Result: Success (0)

This is *not* a SASL bind
> The same command without '-x -W', or ldapwhoami with no args, does not work:
> $ ldapwhoami -D 'uid=burianj,ou=people,dc=cqcb'
> SASL/PLAIN authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>         additional info: SASL(-13): user not found: Password
>         verification failed

if you want a SASL bind with PLAIN mechanism and TLS, the ldapwhoami
should look something like

$ ldapwhoami -Y PLAIN -U burianj -ZZ -H ldap://localhost


Dieter Klünter | Systemberatung