[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL error

On Sat, Nov 29, 2008 at 10:56 AM, Mansour Al Akeel <mansour.alakeel@gmail.com> wrote:
I am not able to modify a user from CLI.
[root@neptune ~]# ldapsearch -D "cn=Manager,dc=test,dc=com" -W -b "dc=test,dc=com" -x -h localhost

I get the all the enteries. However, When I do:

[root@neptune ~]# ldapmodify -D "cn=Manager,dc=test,dc=com" -W   -h localhost
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
  additional info: SASL(-13): user not found: no secret in database

If I use -x option, it hangs there for ever after I enter the password.

Any idea ?

Without -x ldapmodify and ldapsearch attempt to use SASL authentication.  If you haven't set your server up to support SASL authentication it will fail with the above message.

With -x it is using password authentication, and by the sound of it it is succeeding.  After you authenticate it is waiting for changes in ldif format, you just need to type them in.  You might prefer to use the -f command line option and provide the ldif as a file.  The man page for ldapmodify has an example.

I often use ldapmodify -n -v to do a dry run first.  This verifies that the changes that I'm asking for are the changes that I want.

So all together that would be (if file.ldif contains the changes):
Dry run: ldapmodify -W -D "cn=Manager,dc=test,dc=com" -h localhost -n -v -f file.ldif
Actual change: ldapmodify -W -D "cn=Manager,dc=test,dc=com" -h localhost -v -f file.ldif

Sean Burford