[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP authenticate the username/password with MS-AD?



On 20/07/10 12:44 +0600, OSHIM wrote:
ldapsearch  -Y PLAIN -U swimonowar -W -b dc=myproject,dc=net -v -d 1
ldap_initialize( <DEFAULT> )
ldap_create
Enter LDAP Password: ldap_sasl_interactive_bind_s: user selected: PLAIN
ldap_int_sasl_bind: PLAIN
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_int_sasl_open: host=myproject.net
ldap_err2string
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)

getting this error

Use:

ldapsearch -LLL -x -H ldap://ldap.example.org -s "base" -b ""
supportedSASLMechanisms

to see which mechanisms are offered by the server.

It appears that you will need to add the following line to your OpenLDAP
config file (not your SASL config file), to have slapd offer the PLAIN
mechanism:

sasl-secprops none

See the manpage for slapd.conf for additional details. Doing so
is a security risk, and you should consider using SSL/TLS in a
production environment.

--
Dan White