[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL error



Sean, thank you for your help. I didn't expect to hear from someone on the weekend. I appreciate this.

I tried it and it worked. Basically I was authenticated and I didn't know I am. I was expecting some sort of message to tell me that it succeeded.

Thank you again.


Sean Burford wrote:
On Sat, Nov 29, 2008 at 10:56 AM, Mansour Al Akeel <mansour.alakeel@gmail.com <mailto:mansour.alakeel@gmail.com>> wrote:

    I am not able to modify a user from CLI.
    [root@neptune ~]# ldapsearch -D "cn=Manager,dc=test,dc=com" -W -b
    "dc=test,dc=com" -x -h localhost

    I get the all the enteries. However, When I do:

[root@neptune ~]# ldapmodify -D "cn=Manager,dc=test,dc=com" -W -h localhost
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database


    If I use -x option, it hangs there for ever after I enter the
    password.

    Any idea ?


Without -x ldapmodify and ldapsearch attempt to use SASL authentication. If you haven't set your server up to support SASL authentication it will fail with the above message.


With -x it is using password authentication, and by the sound of it it is succeeding. After you authenticate it is waiting for changes in ldif format, you just need to type them in. You might prefer to use the -f command line option and provide the ldif as a file. The man page for ldapmodify has an example.

I often use ldapmodify -n -v to do a dry run first. This verifies that the changes that I'm asking for are the changes that I want.

So all together that would be (if file.ldif contains the changes):
Dry run: ldapmodify -W -D "cn=Manager,dc=test,dc=com" -h localhost -n -v -f file.ldif
Actual change: ldapmodify -W -D "cn=Manager,dc=test,dc=com" -h localhost -v -f file.ldif


--
Sean Burford