[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cmusaslsecretPLAIN attribute

> >> The same command without '-x -W', or ldapwhoami with no args, does not
> >> work:
> >>
> >> $ ldapwhoami -D 'uid=burianj,ou=people,dc=cqcb'
> >> SASL/PLAIN authentication started
> >> Please enter your password:
> >> ldap_sasl_interactive_bind_s: Invalid credentials (49)
> >>         additional info: SASL(-13): user not found: Password
> >>         verification failed
> >
> > if you want a SASL bind with PLAIN mechanism and TLS, the ldapwhoami
> > should look something like
> >
> > $ ldapwhoami -Y PLAIN -U burianj -ZZ -H ldap://localhost
> I'm not having a problem getting TLS to work. ldapwhoami is connecting
> over port 636, I see correct TLS messages in the log file, and
> ldapwhoami reports that it is authenticating with SASL/PLAIN. For the
> record, if I try the above command, forcing the connection over port 389
> and using StartTLS, I get the same results as just using "ldapwhoami" or
> "ldapwhoami -D 'uid=burianj,ou=people,dc=cqcb'". The problem is simple
> authentication works, SASL/PLAIN authentication with the same DN and
> password fails.

But, SASL authentication does not use a DN, but a username (as provided in the 
example Dieter gave you above). And you would need to have configured slapd 
to map a SASL identity to a DN for the bind to succeed.

So, please provide the commandline you are using with the SASL bind that is 


Buchan Milne
ISP Systems Specialist - Monitoring/Authentication Team Leader

Attachment: pgpaY2FueoS1R.pgp
Description: PGP signature